Subscribe
About

Balancing prevention, continuity and recovery

Let's broaden the data security conversation to highlight the importance of business continuity and disaster recovery plans.

Byron Horn-Botha
By Byron Horn-Botha, Business unit head, Arcserve Southern Africa.
Johannesburg, 17 Apr 2019
Byron Horn-Botha.
Byron Horn-Botha.

The exponential growth in cyber crime, and the level of threat it poses to business, is unquestionably the media flavour of the year, but what is not highlighted is the mission-critical need for a business continuity (BC) and disaster recovery (DR) plan.

Why is this mission-critical?

Let's first unpack a few chilling statistics. Year-on-year, comparative research findings on cyber crime, such as the Cyber Security Breaches Survey 2018, indicate 43% of businesses in the UK fell victim to cyber crime in the previous 12 months. In the US, California is reputed to have lost more than $214 million through cyber crime.

So, of course, it is understandable that any discussion around data security would be dominated by crime statistics but it is important not to limit your perspective to one aspect of the issue.

What many companies fail to comprehend is that cyber security breaches are not a possibility, they are a certainty and increasingly so as the fourth industrial revolution brings greater opportunities through cloud, artificial intelligence, machine learning and more.

It is very important to take all steps necessary to prevent an attack but possibly even more critical - in light of the knowledge that breach attempts will occur and often succeed - is to have carefully developed plans in place that ensure BC and DR.

BC is the name of the game but is inextricably linked to DR and the two must be equally factored into plans.

South African businesses have the further delight of a precarious power supply to add to their considerations. Organisations need to be aware of the impact of faulty power supply on infrastructure, making it even more important to ensure backups are taking place and that they are restorable.

Buying a generator is only one cog in the wheel of the problem. In times like this, a solution that provides good reporting is one thing but the next thing is to test and re-test. Being proactive and not reactive will make all the difference to eventual outcomes.

So, by now I think the message is clear: it is imperative that businesses are not exclusively focused on cyber security and their efforts to keep the fox out of the data henhouse. There are other crucial factors to consider.

What constitutes a good DR/BC plan?

DR involves a set of policies, tools and procedures aimed at enabling the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

It focuses on the IT or technology systems supporting critical business functions, which involves keeping all essential aspects of a business operational despite significant disruptive events.

Businesses today want to leverage the flexibility of the cloud as part of their DR strategy and are looking to move away from storage solutions such as magnetic tape and disc, but this comes with challenges, specifically downtime.

BC is the name of the game but is inextricably linked to DR and the two must be equally factored into plans.

Some of the biggest inhibitors to cloud adoption at application level surround the challenge of transitioning from old premises to the cloud.

Globally, many businesses are increasingly looking to adopt a hybrid approach with their systems and data running on a combination of on-premises and cloud. The focus is on uptime, which in turn guarantees productivity.

A good BC/DR plan also contributes to achieving greater accountability within organisations. Moreover, should disaster strike, it ensures there is a plan in place that's documented and can be deployed while guaranteeing all stakeholders are aware of their role. It also guarantees protection of the right material.

Moreover, implementing BC/DR plans can help to highlight flaws. If you want to quickly identify where weakness and risk lies, create a well-thought-out plan; you will very quickly identify what works and what doesn't. As such, it naturally also highlights inefficiencies.

Organisations sometimes have the same policies applied to all servers. A thorough categorisation from least to most critical identifies where you could be more efficient in your backup process and possibly even save time and money.

Remember, no plan is assured until it's been tested. Businesses need insight into how their plans are performing versus what they could be accomplishing. This is where reporting comes into its own and helps to fine-tune a plan and make it perform optimally.

The final trick is to see if the plan has holes in it and where they are located. Testing is again the key and communicating across the organisation to ensure IT and the business are aligned on expectations.

There is no point in IT thinking a system is protected adequately when business has a different viewpoint, and vice versa.

It would be a misunderstanding to interpret all of the foregoing as a denial of the importance of cyber security. Quite the contrary: it should be part-and-parcel of any good BC/DR plan.

Breaches are more and more prevalent so it is prudent for any organisation to cover all the bases: prevention, continuity and recovery.

Implementing a strategy that factors in all three of these elements is an absolute necessity to mitigating the long-term effects of disaster striking, in whatever form.

Share