Richard Moulds

Cryptographic Key Generation – It’s Time To Pay Attention

By Richard Moulds | May 15, 2017

Cryptographic Key Generation When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only

Wired Logo

This Company Hires Gig Workers—as Employees

By Wired | January 13, 2020

A California law requires many contractors to be treated as employees. One temp agency startup might stand to benefit, by

Safeguarding Data Before Disaster Strikes

Safeguarding Data 

Online data backup is one of the best methods for businesses of all sizes to replicate their data and protect against data loss in the event of an IT outage or security incident. While online backup services offer many benefits, they are just one step in protecting your business from having to declare a disaster. You can’t neglect to also have a broader disaster recovery plan in place to ensure that policies and protocols are followed when interruptions occur.

A foolproof disaster recovery plan documents ahead of time an organization’s RPO/RTO threshold, prioritizes business-critical applications, outlines recovery processes and establishes policies to ensure that solutions and processes are tested on a regular basis. Careful planning in these areas is key to successful recovery.

Recovery Point Objective

Defined as the maximum period of time in which data can be lost from an IT service due to a major incident, the Recovery Point Objective answers the question of how much data a business can afford to lose during a major disaster and how much data loss costs. Determining the RPO is essential in deciding the frequency of backups in the disaster recovery solution, weighing costs of replication against those of data loss.

Recovery Time Objective

The duration of time and service level within which a business process must be restored after a disaster, the Recovery Time Objective measures the cost of downtime. How long can an organization afford to be off-line? Calculating this measurement enables companies to take a hard look at their applications and assess what would happen to the business without them for the maximal period of time.

Size of Recovery Site

What is the minimum capacity that the business needs to be operational? What can the organization live with until full restoration is complete? Minimum capacity is dictated by the interconnections of the business applications. Applications that depend on a feed from elsewhere will be crippled if the feeder goes offline. When designing a disaster recovery solution, it is essential to understand which data absolutely needs to be restored immediately, including all the data that is needed to power front-facing applications. 

Frequent Testing

Annual tests are a bare minimum for disaster recovery solutions. Ideally, a test would be carried out whenever a sensitive update is made. The disaster recovery site should be tested after any significant changes, and should include all team members that would be involved in the recovery process.

Create a Full Business Continuity Plan

Disaster recovery and business continuity plans should create a seamless relationship between technology and employees. A communication plan around a data disaster is paramount. Who declares a disaster? Who communicates to customers and end users? Who directs the action plan internally?

Determine a Location for the Recovery Site

Existing organizational practices and relationships with external partners can help formulate options for a recovery site location. Options include: on-premises, colocation, existing host site, cloud vendor and multiple cloud vendors.

A thorough understanding of the organization’s data is paramount, including the interdependence of the data and the recurring costs that the business can afford to pay to mitigate the risks. Like anything else, it’s about managing what the business can afford against what the business can afford to lose, and then working against those objectives. Those are decisions you want to make ahead of time, not in the middle of a disaster situation.

By Larry Novak

THOUGHT LEADERS

Anurag Kahol Bitglass

Four Trends Driving Demand For Data Security

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a

Kris Lahiri

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS)

Brad Thies

SOC Reporting Requirements You Need to Know in a Cloud Environment

SOC Reporting Requirements Security lapses in some of the world’s biggest companies continue to appear in news headlines, and information