How to create business continuity & disaster recovery plans

How to create business continuity & disaster recovery plans

Cyber crimes: the threat, the Government, GDPR and how it affects you

By Furqan Hashmi, Head of IT Security and Operations, Emirates Investment Authority

My discussion at R3: Resilience, Response & Recovery 2017 is mainly about how we can successfully execute and manage enterprise wide (including extended enterprise) business continuity and disaster recovery (DR) plans. We can have different business continuity and DR models. Decision on the criteria i.e. which model should be deployed depend mainly on business requirements, CAPEX and OPEX.

Disaster recovery invocation should be the enterprise’s last resort. Enterprise technology environment should be resilient and secure enough that DR invocation is required only for testing purposes or a limited period of time. The successful management of business continuity and disaster recovery can be achieved through a strong integration of people, process and technology.

Cyber threats: it’s not if, it’s when

On the people front, a proper communication plan should be in place. Responsibilities of each individual participating in the plan should be defined and communicated. Individual should have necessary skills and qualifications required for their role. Necessary training (by using 3rd party or as part of drill testing) should be provided to the users involved.

On the process front, a governance framework should be in place that will provide assurance on enterprise business continuity and its associated controls. Furthermore, it also provides assurance that controls are operationally efficient and effective and aligned with business objectives. This could be achieved by performing audits, periodic testing of controls including DR invocation, backup integrity checks, periodic restoration testing, incident management tests, identify risks during and after test, and risk mitigation through controls. This is an ongoing process and works on a continuous improvement basis.

On the technology front, following are mainly the controls that can be used for successful disaster recovery planning and execution. We can have different disaster recovery models. Selection of model is dependent on business requirements and CAPEX and OPEX enterprise is willing to spend.

Secure SAN based replication: It provides continuous real time replication between the production and DR site at Storage level. This model is useful when enterprise wants to invoke the DR at storage group level. From costing point of view, this solution is more costly than others as it requires dedicated replication and storage devices at the DR site along with a tool to manage DR invocation.

Secure System/ Application based replication: This model works a level above than SAN based replication for DR invocation. One of the flexibility enterprise can have in this model is to invoke specific set of applications/systems for business continuity and disaster recovery purposes rather than all systems within the storage group. Additionally, this model is more economical than secure SAN based replication.

What if the breach goes undetected under GDPR?

DR as a Service (DRaaS): This model works in a cloud environment. Cloud providers setup enterprise DR virtual infrastructure in the cloud. This model works on continuous or period replication basis (depends on the RPO enterprise requires from business, legal and regulatory perspectives). DRaaS is the most economical option and provides us greater flexibility as cloud providers can accommodate enterprise current and future compute requirements easily.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]