Information Security is the practice of protecting information from unauthorized access, use/misuse, and disruption. Industry insiders refer to this as the "CIA" triad. In layman's terms, that is Confidentiality, Integrity and Availability. This post addresses the often overlooked practice of availability.
Until 9/11/2001; an insurance policy was the only thing companies and individuals thought of when it came to disaster recovery planning. Insurance continues to be the disaster recovery plan for many individuals today. In the event of a disaster; material items could be easily repaired or replaced. But as more and more information becomes electronic; is an insurance policy enough to recover from a disaster?
Since 9/11, many companies have implemented Business Continuity and Disaster Recovery programs. These programs involve a department or departments of people whose sole responsibility is to analyze the business processes and document manual workarounds, as well as, manage information technology (IT) systems and/or contracts to mitigate the risk of data center loss or outages. Companies like Sungard and IBM have practices around data center recovery which are affordable only to large corporations. But what can small to mid size companies do to protect themselves from a major outage? Surprisingly, the answer is relatively simple and can and should also be practiced in our personal lives.
Back it up! Remember when you made copies of all your important documents and kept those at home while keeping the originals in a safety deposit box? All of those important documents (and many more) would probably fit on a memory stick the size of your pinky finger. The King James Bible is approximately 15MB in size. With USB flash drives available in storage capacities of up to 64GB, you literally could fit 66,000+ Bibles in your pocket! External hard drives are available with capacities well over 1 terabyte (1000GB) are available if you have lots of information to back up. Your insurance policy will help you replace that laptop, desktop or server in the event of a loss; however, you won’t be able to recover the data that is invaluable to your business.
There are numerous back-up strategies depending on whether your focus is on speed, completeness or long/short-term storage requirements. They can be very specific to your business process so I can’t make any recommendations. If your company does not have a backup solution, I do recommend that you begin researching one immediately. Fortunately, there is a lot of information available to you on the Internet. There are many companies willing to sell you a solution. I also recommend you reach out to local organizations such as Contingency Planners of OHIO (CPO), Association of Contingency Planners (ACP) and Business Emergency Planners Association (BEPA) which meet regularly to discuss and share ideas around Disaster Recovery and Business Continuity planning.
In conclusion, there are many things that go into a successful Business Continuity and Disaster Recovery program. Understanding your company’s Recovery Time Objective (RTO), Recovery Point Objective (RPO) and risk tolerance will help you in right-sizing an appropriate strategy and solution. However, if you do nothing else but back-up files and applications that are most important to your business and store them in a place that they can be recovered, you may very well save your business from the unthinkable.
Comments