Disaster recovery: How to bounce back from a security breach

The computer systems, applications and data that your company uses every day are pretty reliable. Usually. But things happen.

Perhaps a server melts down or a storage system crashes. Maybe Mother Nature steps in and a flood, snowstorm or fire takes down your systems. Or perhaps it’s an undetected software bug, a successful access breach, or Distributed Denial of Service attack.

Or maybe it’s as simple as too many customers banging on your servers at the same time.

And no matter how thoroughly IT and facilities have planned for availability and reliability, some random event may cause a disaster – resulting in service level decrease or outage, data loss and even total unavailability.

So when it comes to planning for disasters, you have to consider not just prevention plans, but also what to do if a disastrous event does happen.

You need a Disaster Recovery (DR) plan.

Having a DR plan doesn’t just mean having access to appropriate levels of processing power ready to crank up copies of your server applications. There’s more to it than that.

Most importantly, you need a good backup to ensure that no vital company or customer data is lost — contracts, proposals, sales records, email, etc. — and that you can point your DR’d applications at the data they need for resumption of business activity.

Thankfully, new technologies keep making DR backups easier and more cost-effective.

Disaster recovery and the cloud

Instead of having to keep an exact duplicate of your computer systems at the ready, server virtualization and Internet connectivity have dramatically reduced the buy-in for DR.

The reality is that for nearly all organizations, the vast majority of solutions will involve cloud services. The rare exceptions will be those where location (lack of Internet connectivity), regulations, or extreme secrecy make using cloud infeasible — and even there, private use of cloud technology may still be of value.

Get educated about disaster recovery and the cloud

Disaster recovery backup is increasingly affordable, but you still have to invest time upfront to understand the different types of available backup (do you require scheduled or continuous backups — partial or full?). And then you have to decide what your business requirements are for backup in terms of RPO (Recovery Point Objective) and RTO (Recovery Time Objective) — what data do you need available, and how quickly, to acceptably resume business operations?

Additional DR concerns you’ll need to address include:

• Compliance: What degree of recovery do government and industry regulations require for your company?

• Planning and procedures: When an “event” occurs, who has to do what? Do you have hardcopies of systems, wiring, configuration and key phone numbers? How often is this data updated? Does everybody know what their assigned roles are and who their backup is in case they’re unavailable?

As you can see, there’s a lot to think about, plan, purchase and practice.