Paper disaster recovery and business continuity plans are difficult to keep up to date and be available for the recovery process. One solution that we have found that works is to the plan in the cloud. You can synchronize it (with tools like dropbox.com) via smartphones and tablets.
Disaster recovery and business continuity planning is now accepted as basics requirement for every business and organization. It is widely accepted that a detailed business continuity plan should not only exist, but should be up to date. It should reflect the actual on-going needs of the business activity or function.
Disaster Recovery Plans need to be readily available
The Disaster Recovery and Business Continuity Template that we have is very well suited for that type of implementation.
We found a video by one of my former employers (Deloitte Touche) whom I created thier published SDM with was the basis for their offering.
This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data Center managers should consider. Now only does it address the physical security issues, disaster recovery, it also addresses how Google implements and disposes of new server devices.
“Disaster Recovery and business continuity are all about being ready for everything. The question that every IT manager and CIO has to answer every day is what should they complete today If they knew a business interruption was going to happen in the next 12 hours.”
Cascading problems are not things that most companies want to talk about but are disaster recovery business continuity risks
We have one client, who wants to remain nameless, on a Friday evening he thought the had a hardware problem. The weekend staff proceeded to connect that device into the network to diagnose the issue and a virus was released. Then they transmitted that virus to one of their largest suppliers. When it was all said and done they spent well over $500,000 to isolate the virus, restore the files, and make their supplier whole. They were just lucky this happened over the week-end so it did not impact as many people. Interestingly if this problem had surfaced a few hours earlier their regular staff would have diagnosed the problem off-line and it would not have gotten away from them.
Disasters and events that impact business continuity vary widely in more than duration. As you design your plan, consider the probability of threats that are:
- Chronicled — events that have occurred (Power outages, earthquakes, hurricanes)
- Human — events likely from carelessness, malicious intent, fatigue, or lack of training
- Geographical — events likely as a result of the location of your business (floods, storms, lightning strikes, earthquakes, typhoons, tsunamis)
- Localized — events due to system malfunctions (assembly line failures, computer crashes, sprinkler activations, chemical spills)
- Planned — scheduled events (software upgrades, system tests, facility moves) that go awry
Janco’s own list of top 10 disasters that CIOs and business managers need to plan for are:
- Weather related events like floods, tornadoes, hurricanes, forest/brush fires, and sand storms
- Facility fires
- Water pipe breaks in facility
- Fiber or communications line are cut – loss of network
- Power failures – Outage or sporadic service
- Human error like a redundant systems failure that goes unnoticed and hinders the recovery operation
- Security breach hacking and or malicious code
- Data corruption and loss – not only from physical device or network failure but also from application and user error
- Cascading system failure
Janco believes that a prepared, and well-rehearsed team address the issues associates with a major and minor business interruption much quicker than companies who have no plan and no preparedness.
Information Management Magazine and Insurance Networking News both report that there was significant growth in the Health Care field in the number of IT jobs available. Much of this is due to the requirement that all medical records (EHR) are required to be mechanized and new compliance requirements for the Affordable Health Care Act (aka Obama-care).
It is estimated that the Health Care IT spending will increase by up to 25% in the next two years. Spending last year for Health Care software was was close to $7 billion and is expected to grow by over $1 Billion in the next year. Much of that spending will be in the “small practice” physician and “small hospitals”. The question is how protected will they be from business interruptions and security attacks.
Do have any comments on this?
Modular data centers have come a long way.
Modular data centers have been in use by the government since the 1960s. Now they are commercially available for companies of all sizes. Here is a video that provides a great description of some of the options available to CIOs and Data Center Operations managers.
This is a far cry from the first ones that I saw in the late 60’s. The US Army had them with an IBM 1401, a workstation, communications gear, a generator, air conditioning, and a satchel charge to blow it up if the position was over run. They unit was flow in by helicopter for artillery calculations.
Disaster Recovery plans that depend on outsourcers face significant additional risk
What if your were in Florida and the Hurricane season was in full swing and your provider decided to go out of business. Would you have the time to move to a new provider and test your solution before you need to execute your plan?
For example, earlier in the year Google decided to close its Message Continuity service. Google gave most clients a reasonable timescale to find an alternative supplier. This allowed existing Message Continuity contracts to run until their contacts expired. What if that was the communication solution you had selected for communicating with your staff? Would you be able to implement a new one on time.
Another example was the news that Doyenz, the US-based supplier of rCloud, a service which offers disaster recovery for physical and virtual servers, had decided to pull the plug on its UK operations. Clients were given not weeks or months but days to respond and to find a new supplier.
CIOs and IT managers all need to consider all of the possibilities and have alternative solutions in place and tested.
FEMA conference videos which discuss tools and services available in the disaster and business continuity processes.
We are looking for people who can help us find typo’s and poor grammar on our sites. We are offering incentives like major discounts on our products or free copies of selected products.
Outsourcing off-shore is no long on the rise. This is a trend that is being drive by two factors; first frustration with service and help desks that are manned by non-native English speakers; and second by a buy American trend to help improve job opportunities in the US.
More firms are looking to bring work in-house and on shore back to the US. There now is a trend for help desk functions to be based in the US in a number of industries. Janco Associates has now instituted a policy that for any service or equipment that it purchases, one of the primary considerations is where the service desk functions are located. As a result of that the firm will no longer purchase HP computers because the service desk is located in the Philippines and no longer will issue American Express Credit cards for the same reason.
To get more information go to https://www.e-janco.com/Cloud.htm
When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must be prepared and have a plan in place. Included in that plan is a being able to know that the event or incident has occurred. Then react to what has happened and get back to normal operations as quickly as possible.
After everything is back to the way it should be there should always be a post event analysis to find out what worked, what did not, and what could be done better.
The National Institute of Standards and Technology (NIST) of the US Department of Commerce has just released a 79 page guide on how security incidents should be handled. This publication (800-61) is Revision 2 of the guide and has a detail discussion of the composition, interrelationships with others (before – during – after) , and responsibilities of the Incident Response Team.
To download a full copy of the guide go to:
6 Ways to Utilize Social Media Before a Disaster Strikes
by Adam Crowe
When creating a disaster recovery plan include social media. Simple things like having a predefined hash tag (#companynameBC) will make the recover process easier and provide a quick way to get back in business. In addition utilize sites like youtube.com to have instructions on what and how to do it in the recovery process.
As the risk for a pandemic increases, Texas prepares.