1. What is disaster recovery process?
2. Which are classifications in disaster recovery?
3. What are the security measures to be taken towards a disaster?
4. How CompuMate can help you with Disaster recovery solutions?.
Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. How safe is your data? In the event of disaster, is it recoverable? No business can afford to risk their information assets’ security and integrity, and yet so many businesses are unprepared. Through a combination of tools and planning, CompuMate can design a solution that will secure your data in case of a disaster. By using our very own resources , or other tools, CompuMate will deliver a complete solution that will allow you to: Data Backup for All Platforms – backs up data on any platform, regardless of operating system. No matter what operating systems are used in your network, effectively and efficiently safeguards all data. Application Backup – Backup critical applications to such as Exchange, Oracle, SQL, Lotus and many others. Secure Offsite Storage – we will design a solution that will include offsite storage in case of a major disaster Bare Metal Restore – be up and running quickly even if you hardware becomes unusable Seamless Operation – CompuMate will deliver a solution that is easy to operate day in and out, and that works for you.
Classification of Disasters
Disaster can be classified in two broad categories. The first is natural disasters such as floods, hurricanes, tornadoes or earthquakes. While preventing a natural disaster is very difficult, measures such as good planning which includes mitigation measures can help reduce or avoid losses. The second category is man-made disasters. These include hazardous material spills, infrastructure failure like fire, power failure, short circuit or bio-terrorism. In these instances surveillance and mitigation planning are invaluable towards avoiding or lessening losses from these events.
General steps to follow while creating BCP/DRP
Identify the scope and boundaries of business continuity plan. First step enables us to define scope of BCP (Business continuity plan). It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution’s assets. Conduct a business impact analysis (BIA). Business impact analysis is the study and assessment of effects to the organization in the event of the loss or degradation of business/mission functions resulting from a destructive event. Such loss may be financial, or less tangible but nevertheless essential (e.g. human resources, shareholder liaison) Sell the concept of BCP (Business Continuity Plan) to upper management and obtain organizational and financial commitment. Convincing senior management to approve BCP/DRP (Disaster Recovery Plan) is key task. It is very important for security professionals to get approval for plan from upper management to bring it to effect.
Each department will need to understand its role in plan and support to maintain it. In case of disaster, each department has to be prepared for the action. To recover and to protect the critical functions, each department has to understand the plan and follow it accordingly. It is also important for each department to help in the creation and maintenance of its portion of the plan. The BCP project team must implement the plan. After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan. NIST tool set can be used for doing BCP. National Institute of Standards and Technologies has published tools which can help in creating BCP.
With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organization’s data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years. It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive longterm. This results in a majority of failed businesses.
Control measures in recovery plan
Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different types of measures can be included in BCP/DRP. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure. Types of measures:
Preventive measures – These controls are aimed at preventing an event from occurring.
Detective measures – These controls are aimed at detecting or discovering unwanted events.
Corrective measures – These controls are aimed at correcting or restoring the system after disaster or event.
These controls should be always documented and tested regularly.
Strategies
Prior to selecting a disaster recovery strategy, a disaster recovery planner should refer to their organization’s business continuity plan which should indicate the key metrics of recovery point objective (RPO) and recovery time objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc.). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes. Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budge . While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical.
The following is a list of the most common strategies for data protection.
| 1. | Backups made to tape and sent off-site at regular intervals (preferably daily) |
| 2. | Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk |
| 3. | Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of storage area network (SAN) technology |
| 4. | High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities. |
| 5. | In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. These may include some of the following: Local mirrors of systems and/or data and use of disk protection technology such as RAID |
| 6. | Surge protectors – to minimize the effect of power surges on delicate electronic equipment |
| 7. | Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure |
| 8. | Fire preventions – alarms, fire extinguishers |
| 9. | Anti-virus software and other security measures |
Backup site : A backup site is a location where an organization can easily relocate following a disaster, such as fire, flood, terrorist threat or other disruptive event. This is an integral part of the disaster recovery plan and wider business continuity planning of an organization. A backup site can be another location operated by the organization, or contracted via a company that specializes in disaster recovery services. In some cases, an organization will have an agreement with a second organization to operate a joint backup site. There are three types of backup sites, including cold sites, warm sites, and hot sites. The differences between the types are determined by the costs and effort required to implement each. Another term used to describe a backup site is a work area recovery site
Continuous data protection: Continuous data protection (CDP), also called continuous backup or real-time backup, refers to backup of computer data by automatically saving a copy of every change made to that data, essentially capturing every version of the data that the user saves. It allows the user or administrator to restore data to any point in time. CDP is a service that captures changes to data to a separate storage location. There are multiple methods for capturing the continuous changes involving different technologies that serve different needs. CDP-based solutions can provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mail boxes, messages, and database files and logs.
Remote backup service : A remote, online, or managed backup service is a service that provides users with a system for backing up and storing computer files. Online backup providers are companies that provide this type of service. Online backup systems are typically built around a client software program that runs on a schedule, typically once a day. This program collects, compresses, encrypts, and transfers the data to the remote backup service provider’s servers. Other types of product are also available in the market, such as remote continuous data protection (CDP). Providers of this type of service frequently target specific market segments. High-end LAN-based backup systems may offer services such as near-real-time transaction-level replication or open file backups. Consumer online backup companies frequently have beta software offerings and/or free-trial backup services.
CompuMate @ Disaster Recovery Solutions: Let it be any security measures like: Backup site, Continuous data protection, Remote backup service, etc. But if you aren’t an expert in preventing such threats, how can you protect your company data and what will be the future of your company? CompuMate is experienced above said technology implementations. We offer a variety of services that will make you sleep better at night knowing that your Data protected and safe some where you trust.
