WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
The ability to recover from an incident that could potentially devastate your data is sometimes known as "disaster recovery," and it received a lot of attention in the wake of the terrorist attacks of Sept. 11, 2001. But some fear the term disaster recovery highlights major incidents like the destruction of the World Trade Center that would directly affect few organizations. Rather than disaster recovery, which could provide a false sense of security to organizations that remain at risk from everyday problems, others prefer to use the term "business continuity."
A number of relatively everyday occurences, such as utility workers hitting a line or a basic office relocation or server migration, can put businesses at just as much risk as a national disaster. According to experts, organizations are still woefully unprepared for incidents like those when the mundane becomes a disaster.
CYA's products focus not only on saving data, but on preserving business processes and the relationships between data. According to Price, it's saving the processes during a disaster that allows your business to continue. For large software installations of the content manager Documentum, for example, every client's system is different and it's not easy to go back to the drawing board when something goes wrong.
Where to Start
Figuring out where to start when developing a business continuity plan can be a daunting task. "Information that is the lifeblood of your organization should be at the top," Price said.
Developing a plan takes more than one person. Organizations developing a strong business continuty plan will go department-by-department and find someone who understands the processes used by each department and discern what is mission-critical. The highest-priority information must be kept in a back-up location with the proper hardware and software.
After taking an inventory of your assets, processes and components; prioritizing; and identifying the key people involved in maintaining continuity, more work has to be done outside of your organization. Who are your external service providers? What type of recovery and continuity plans do they have in place?
According to Price, people often confuse high availability with business continuity. Making sure a Web site can handle a surge in traffic, for example, is a different matter entirely than making sure the site still operates when a building is destroyed by an earthquake or fire.
"People get overwhelmed," Price said. "At what point do you feel like you have enough insurance?"
Budgets vs. Safety Nets
With IT budgets still tight, many organizations are forced to choose between implementing a business continuity plan and running the risk they won't need one. Price said CYA has spoken to customers who have been waiting to buy for six months but haven't gotten the funding.
"Companies know they need [business continuity]," she said. "But they are being put through gruesome processes to cut a check."
In some cases, it may fall to the IT staff to convince senior management that a business continuity plan in necessary. The basic selling points should be liability and potential loss of revenue. One old standby is to examine what the competition is doing. You can also come up with realistic scenarios that could effect your company and estimate what impact they would have on your organization.
It's not a problem of technology. New storage systems give users tighter control over what to keep and for how long. Archiving software can take users back to a certain point in time.
"Today, the technology is there, the problem is with the people," Price said.