[BreachExchange] Safeguarding Data Before Disaster Strikes

[Audrey McNeil]

https://cloudtweaks.com/2017/02/safeguarding-data-before-disaster-strikes/

Online data backup is one of the best methods for businesses of all sizes
to replicate their data and protect against data loss in the event of an IT
outage or security incident. While online backup services offer many
benefits, they are just one step in protecting your business from having to
declare a disaster. You can’t neglect to also have a broader disaster
recovery plan in place to ensure that policies and protocols are followed
when interruptions occur.

A foolproof disaster recovery plan documents ahead of time an
organization’s RPO/RTO threshold, prioritizes business-critical
applications, outlines recovery processes and establishes policies to
ensure that solutions and processes are tested on a regular basis. Careful
planning in these areas is key to successful recovery.

Recovery Point Objective

Defined as the maximum period of time in which data can be lost from an IT
service due to a major incident, the Recovery Point Objective answers the
question of how much data a business can afford to lose during a major
disaster and how much data loss costs. Determining the RPO is essential in
deciding the frequency of backups in the disaster recovery solution,
weighing costs of replication against those of data loss.

Recovery Time Objective

The duration of time and service level within which a business process must
be restored after a disaster, the Recovery Time Objective measures the cost
of downtime. How long can an organization afford to be off-line?
Calculating this measurement enables companies to take a hard look at their
applications and assess what would happen to the business without them for
the maximal period of time.

Size of Recovery Site

What is the minimum capacity that the business needs to be operational?
What can the organization live with until full restoration is complete?
Minimum capacity is dictated by the interconnections of the business
applications. Applications that depend on a feed from elsewhere will be
crippled if the feeder goes offline. When designing a disaster recovery
solution, it is essential to understand which data absolutely needs to be
restored immediately, including all the data that is needed to power
front-facing applications.

Frequent Testing

Annual tests are a bare minimum for disaster recovery solutions. Ideally, a
test would be carried out whenever a sensitive update is made. The disaster
recovery site should be tested after any significant changes, and should
include all team members that would be involved in the recovery process.

Create a Full Business Continuity Plan

Disaster recovery and business continuity plans should create a seamless
relationship between technology and employees. A communication plan around
a data disaster is paramount. Who declares a disaster? Who communicates to
customers and end users? Who directs the action plan internally?

Determine a Location for the Recovery Site

Existing organizational practices and relationships with external partners
can help formulate options for a recovery site location. Options include:
on-premises, colocation, existing host site, cloud vendor and multiple
cloud vendors.

A thorough understanding of the organization’s data is paramount, including
the interdependence of the data and the recurring costs that the business
can afford to pay to mitigate the risks. Like anything else, it’s about
managing what the business can afford against what the business can afford
to lose, and then working against those objectives. Those are decisions you
want to make ahead of time, not in the middle of a disaster situation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170228/a2147572/attachment.html>