Security Series: Building Preparation (Part 5 of 6)
- Chapter 1: Disaster Recovery Tactics that Ensure Business Continuity
- Chapter 2: Disaster Recovery Target
- Chapter 3: Formulation of the Business Continuity Plan
- Chapter 4: Disaster Recovery Objectives and Milestones
- Chapter 5: Building Preparation
- Chapter 6: Final countdown tips for Disaster Recovery and Business Continuity
A remote location to meet at and to perform the recovery process needs to be established. This is necessary because in the event of a disaster completely obliterating the building, there is a predefined meeting place typically a remote building that the staff members are familiar with. One of the DR (disaster recovery) team members should be responsible for checking on the reliability of the buildings power, security lighting communication equipment and connectivity. These locations need to be visited at least once a year to ensure availability of resources. Some larger organizations have systems that incorporate the remote building into a solution called a dark or shadow site. These remote sites are populated by staff and remain in operation to closely replicate the live environment. Backup generators, dark fiber, alternate internet access links and replicated hardware infrastructure closely mimicking the live environment, in some circumstances even mirrored. These environments exist to service large insurance companies and other high risk organizations like government military intelligence and high profile bank environments. These environments are very effective but are also the most expensive and resource intensive of all of the disaster recovery options.
It is becoming acceptable and necessary as modern applications demand to generate more and more data and therefore storage solutions increase. In fact, entire industries have mushroomed on this notion alone. Many organizations are using terabytes and even petabytes of storage space. The most important fact about disaster recovery is that restoring is the reason that you backup.
Companies and IT professionals know that it is necessary to have a plan for recovering from potential disasters and it also known that it is more of a luxury than a necessity. The common excuse is it's expensive, takes time and we do not have the resources to do DR. One thing is for sure when a disaster happens it all seems worth the effort and time. Many DR type implementations are split into small phased components and basic solutions like undelete software on a file server can potentially save lots of time and will assist in recovering from a small data deletion disaster. Most people associate disasters with tidal waves or tower crashing planes. However disasters come in smaller forms that may only affect one machine, however critical or trivial as it may seem.
For every type of disaster, there may be alternative solutions to consider when recovering. Different disasters, call for different strategies for recovery. Some organizations require offsite recovery options. The design of a server or computer room may seem trivial but if all is accounted for in the design phase, then fewer disasters will happen. Human life is priority. This is why an IT recovery plan should be separated from an emergency response plan. Something as trivial as the server room being in the basement may prove disastrous when there is flooding. Most organizations look at flooding as an impossibility however they overlook the fact that flooding may not be caused by natural causes but rather by a toilet overflowing on a weekend on the top floor or a small fire causing the fire suppression system to initiate. Where does all the water end up? In the basement with the multimillion dollar equipment!
The different type of sites and strategies for disaster recovery approaches are listed below, the strategies are listed from best to worst.
Security professionals will need to know how to prepare and what actions are required in order to preserve and ensure continuity of critical business processes and operational functions. A Business Continuity Plan (BCP) should be a living document that keeps being updated and modified with additional information as the dynamic system changes from day to day. Things like passwords, configuration and procedures should be updated as newer software applications and operating systems are installed and updated.
Security professionals have been attempting to implement DR solutions for many years and without a formalized directive from the top management, yet nothing materializes into a solid formation. This is because to establish any structure within an organization you need to implement and buy in from the top down and not attempt to implement it from the bottom up. Even if a budget is approved you will need to consistently educate the people responsible for authorizing such an event. Awareness is the key.
What needs to be communicated to the business is that without vital IT resources certain processes if not all will cease and communication and cooperation with other staff members will be difficult.
By doing a business impact analysis the IT professional will be able to establish the most critical systems in the organization. By doing this a report will be generated that will highlight the importance and dependence on the critical operational requirements that demand a resilient IT system. This in turn should flag concern in the executive's mind and approval should be imminent. If after today's terrorist activities and climatic conditions the executive still feels it unnecessary to operate without a DRP/BCP I wish them luck and hope that they are never in the position that millions of uneducated executives are in today especially if a disaster does occur as they will be solely responsible for neglecting this small insurance policy that is part and parcel of good corporate governance.
A communication needs to be issued from board level to all management that will filter down to the subordinate levels. This communication must include the Business Continuity Policy or statement. The people that are ultimately responsible for business continuity need to be addressed and in turn they need to engage the entire business with a continuity plan. This process may be delegated to a management level but needs to be owned and overseen by a director. This ensures availability of resources and politically addresses any business stumbling blocks that may be encountered.
Fully mirrored disaster recovery site
This approach entails the maintenance of a fully mirrored or duplicated site which would enable immediate switching linking the live site and the back up site. This is usually the more costly option. *****
Switchable hot site
This approach involves the establishment of a commercial agreement with a service provider that will assure the preservation of an identical site including communications that will facilitate a change over of all IT operations to the hot site within a predetermined time period, typically less than two hours. This plan's timelines and commitments need to be adhered to and predefined and understood by all staff. I have recently witnessed a disaster where the power was cut to an entire city and a particular switch time line was not in place. Luckily the CIO saved the day and discussed the situation with the security professional and defined a cutoff time to switch to the remote DR site. ****
This approach requires the organization of an agreement with a service provider who will assure maintenance of a similar site that will facilitate the organization to change the organization's IT operations to the service provider's location within a predetermined time period, usually less than eight hours or one working day. ***
This approach requires the configuration of a disaster site, once the disaster is initiated the service provider will allow the effected organization's staff to populate the standby site that will have equipment and software prepared for the delivery of the minimum configuration that is needed by the organization. The cold site scenario usually enables the organization to be operational within two days. **
Relocate and restore
This approach requires the identification of a appropriate relocation site, where hardware, peripherals, re-installing software and reconstruction of backed up applications and data can be restored once an disaster condition has been invoked. This strategy is not useful for big business or for business that has high IT/IS dependency. *
This most costly approach to disaster recovery and the approach with the most risk. No effort is made by the business for disaster recovery. No plan, no backups, no offsite backups, no documentation etc... all of this points to neglect. No * rating!
Develop Objectives for Scoping of Training
The objectives and extent of the BCP training activities are to be stated within the plan. The BCP must include an explanation of the objectives of the training. This will facilitate the training to be constant and prearranged in an approach where the outcome can be measured and in effect managed.
Disaster recovery training should be carried out in a comprehensive and exhaustive manner so that staff will grow familiar with all aspects of the disaster recovery practice. The training should encompass all aspects of the Business Continuity activities section of the BCP including IT systems disaster recovery.
In part five of the DR series the IT professional was taken through strategies for offsite recovery and potential solutions that could be recommended to business for recovery. The importance of pre-disaster preparation was also highlighted and just basic preparedness also displays a level of executive responsibility and good corporate governance.