With businesses becoming increasingly reliant on computer systems, Aura Information Security's Sai Honig looks at Disaster Recovery in the Cloud.
It is fair to say that most businesses today are heavily reliant on computer systems. Even if systems were to go down for a just short period of time, the impact on a business can range from financial loss to the worst possible scenario – loss of life.
So, what can be done to prevent such disasters? As a starting point, all businesses should ensure they have a programme in place to ensure systems are regularly updated (e.g. regular patching) and that all staff are trained on proper use of systems, active monitoring and response protocol.
But is there more that can be done? The answer is yes and it’s called Disaster Recovery (or DR for short).
It’s important to note Disaster Recovery is not the same as Business Continuity. When looking at information security, there are three areas that need to be considered: People, Processes and Technology. Business Continuity deals with the first two: People and Processes. Disaster Recovery deals with the last: Technology.
One hot topic of discussion has been the use of cloud services to support Disaster Recovery. This is referred to as “Disaster Recovery as a Service” or “DRaaS” for short. There are some advantages to using DRaaS – these include not having to pay for or equip a full secondary site as staff (including IT staff) would not have to relocate to execute recovery or continue business operations. In addition, there’s also the benefit of the fact some DR providers may also assist with recovery – something that could be very useful for businesses operating in an ‘always on’ 24/7 world.
Disaster Recovery is not simply just putting copies of data and applications within a cloud service. It needs to be managed – for example, how often would the data and applications be updated? After all, backups of data and secondary application setups are only as useful if they are current. This is where discussions about Business Continuity should begin. How much data loss can the business tolerate while still meeting commitments? What applications should be hosted in the cloud and how current should they be? The expectation most businesses have is DR should be about fast recovery and less data loss, however with the plethora of applications and data locations, managing DR can be somewhat difficult.
Once these choices are made, time should be taken to test recovery – from both a Disaster Recovery and Business Continuity perspective. Differing scenarios should be tested, for example a full site, server or application disaster. One such scenario that should be considered, but is often overlooked during scenario testing, is an operational or user error. Testing against a range scenarios provides business with an indication as to how long it would take to recover full operations; and this in turn means businesses can better plan and prepare.
In summary, using cloud services, such as DRaaS, should not be an ‘IT only’ decision. How you manage cloud services should be an ‘all of business’ decision. As is the case in many parts of the business, well thought out decisions and strategies can often make or break a business. Ensuring Disaster Recovery is top of mind will help ensure key stakeholders there is a solid plan in place.
