Disaster Recovery
What would you do if a storm flooded your business? Or how would you respond if a power outage blacked out your servers? How would you recover your data and keep the business running after an unforeseen disaster? When disasters strike unprepared companies the consequences range from prolonged system downtime and the resulting revenue loss to the companies going out of business completely, yet many IT shops are not prepared to deal with such scenarios.
The key to surviving such an event is a business continuity strategy, a set of policies and procedures for reacting to and recovering from an IT-disabling disaster and the main component of a business continuity strategy is a disaster recovery plan (DRP).
Why it’s important...
With the increasing importance of information technology for the
continuation of business critical functions, combined with a transition to
an around-the-clock economy, the importance of protecting an organization's data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.
It is estimated that most large companies spend between 2% and 8% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data.
Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.
DEVsource’s Disaster Recovery Practice consists of:
Classification of Disasters
Disaster can be classified in two broad categories. 1) Natural disasters- Preventing natural disaster is very difficult, but precaution to avoid losses can be taken. These disasters include flood, fire, earthquake, hurricane, smog and chemical gases, etc 2) Manmade disasters- These disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which can cause massive failure such as failure in communication and utility. These disasters include walkout, sabotage, burglary, virus, intrusion, etc.
Security Holes evaluation
Security holes are the vulnerabilities in computing hardware or software. It provides indirect invitation to malicious brains to work on it and exploit it. It is achieved through flaws in network software which allows unintended control within the network. Components of network such as PCs and router hold these holes through their operating systems. Technical details of any systems should not be made public abundantly unless required. Once such holes are discovered, information about it should be immediately passed to security professional responsible for it. On the other hand such information is also passed quickly to hacker who might want to intercept into the network. Security professional should always work to heal such holes to eliminate possible attack.
General Steps of Execution:
- Step 1: Risk Analysis/Business Impact Plan
- Step 2: Establish the Budget
- Step 3: Develop the Plan
- Step 4: Test, Test, Test
Control majors
Control majors are steps or mechanism that can reduce or eliminate computer security threats. Different types of majors can be included in BCP/DRP. Types of majors include:
- Preventive majors: These controls can avoid or prevent an event from occurring.
- Detective majors: These controls make us capable to detect or discover unwanted event.
- Corrective majors: These controls help to correct or recover the system after disaster or event.
Strategies
The following is a list of the most common strategies for data protection:
- Backups made to tape and sent off-site at regular intervals (preferably daily)
- Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
- Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of storage area network (SAN) technology
- High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data
- In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities.
- Local mirrors of systems and/or data and use of disk protection technology such as RAID
- Surge protectors — to minimize the effect of power surges on delicate electronic equipment
- Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster situation in the first place. These may include some of the following:
