THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
When it comes to backing up our servers and systems, a lot of IT Departments are not doing all they should to protect the business or the organization as a whole. Whether the business is dealing with the sheer volume of data that needs to be backed up, or whether they are dealing with a lack of resources (both human and material). All of these issues complicate the fact that protecting the company in case of a disaster means that you have a backup for all of your critical information. Basic Guidelines One of the most basic guidelines that help with business continuity preparation is that the business is backing up critical data on a periodic basis. What ends up happening is that there is a knowledge gap or a technology gap. This means that the IT Team does not have the skills to effectively backup critical systems and data. The second area is that the team is lacking the resources to do the backups effectively. Data should be backed up based on the following criteria:
Business Continuity Application Having a recent backup or restore point for systems will enable the business to recover to their previous state faster than without one. This is why it is always encouraged to test these backup and restore points on a periodic basis in order to make sure that they work as designed. If a process is not tested, it can be prone to failure or in the worst-case scenarios, not at all. It is for the reason of backups that some of those processes are automatically setup or configured within the various systems. The issues that happens is that these automated processes run into hiccups and may not function if at all. It is best to test them regularly and not be solely dependent on them in the case of an emergency, such as a disaster. When disaster strikes your business, you want to make sure that all of the processes that you have developed for dealing with the situation work as planned. Technical Gap As most IT Departments can attest to, having a technical gap is one of the hardest areas to overcome. This means that the team will have to take time and learn new skills or a group of skills. However, due to the importance of the team to the rest of the organization, this may not be as feasible as it needs to be. The additional issue is that technologies are always changing and it seems every year there are new applications that are better than what you purchased last year, so the team has to learn a completely new technology. Misconfiguration of Applications
The biggest issue that an organization will face is that there was a misconfiguration of the backup solution in the initial deployment across the enterprise. Unfortunately, this is not usually known for a length of time due to everything working as it should (for the time being) until there is someone appointed that may have better skills or a better understanding of the technology. Additionally, it may be found during a time where everything breaks (and it happens at the worst possible time too) and everything needs to be fixed. This is why it is important to test the process and the applications that will be used in the overall business continuity process. It is better to find out that there is an issue when the business is not stressed, as during the time of a disaster. Being in control will allow the company to address the issues that are found during the testing process and make the needed changes ahead of needing them. Risk Assessment Prioritization The use of a Risk Assessment (RA) in the process of prioritizing what services or data needs to be backed up is important to how the company will recover from a disaster. Understanding the potential risk will direct the resources that have been allocated for the recovery efforts. While doing an RA will provide a good overview, the understanding the impact of certain data backup requirements are going to provide a road-map on how that will be accomplished. Understanding the risk to the business will also help to identify certain data types or applications that may need to be addressed during the initial deployment and configuration process. Also identifying potential issues with how the applications were configured will be important at this step as well. Most companies will be able to configure their backup application or settings in a reasonable manner, but it is something that will need some technical expertise in order to accomplish. Backup & Recovery After the business has determined what type of data or what specific systems need to be backed up, it will be important for the testing of the processes and systems that have been put into place. This is the most important step that the company can take in their recovery efforts. Testing takes a leap of faith, both in the individuals that have configured it, and secondly in the systems that will be used to do it. Some companies will shy away from this step due to having a potential impact on their customers or the services they provide. The recovery process should be as smooth as the plan that has been developed for the process. If it is not, then the plan and process should be reworked so that it is. At this point, automation will be important to implement within the overall process. Having automated detection or switch-over in case if a failure is detected will allow the company to quickly respond to an outage or some other incident. Recovery Effort After the business, affecting incident has passed and the company starts to recover from the impact of the incident on the business. The most important thing will be to recover the business operations as soon as possible with minimal impact to the customers or clients of the business. This is where the RA that was done earlier in the development process for the business continuity planning efforts will pay off. The prioritization list will have which systems and applications should be recovered and in which order. Summary After all is said and done, recovery of business applications and data should be a smooth process (that is if it was tested) which will help recover the business to a point to prior to the incident impacting the business. Business Continuity Management comes down to planning and testing. Failure to effectively address either area will lead to a difficult if not impossible process for the company when it comes to disaster recovery. The backup and restore process for your business should be tested regularly and should provide a robust response to a potential disaster scenario. The practice and planning that should happen will give the management team the confidence in the overall solution as well as the customers and the clients. If the solution is an unknown, then there ends up being a lot of questions about the effectiveness. This is why the recovery and backup process is the cornerstone of your business continuity planning process.
0 Comments
|
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|