Posts Tagged ‘business continuity’

Newer Entries »

Data Protection and Your Career Dissipation Light (CDL)

Monday, August 23rd, 2010

As you look back over your IT career, you’ve probably (hopefully) had your share of success stories and significant accomplishments.  But there are events looming out there that may have a massive impact on your company and your career in the worst possible way.  The classic line from the movie Backdraft (1991) sums it up perfectly, “You see that flash of light in the corner of your eye? That’s your career dissipation light. It just went into high gear.”

Game Over.

Here are just a few reasons why your Career Dissipation Light can go into high gear (this = bad):       

1.    The Finance System is DOWN.  And has been for 48 hours.
The financial system is technically up and running but no one can login, receive payments, issue new invoices or cut purchase orders.  Turns out that you’ve got a network worm running rampant on the internal network … who knew?  Your team was supposed to!

2.    Contractors Gone Wild
So your company develops applications that are used by 95% of the Fortune 500.  Your source code repository is your company’s most critical data asset.  Here’s the news flash:  Your most critical data asset was stolen this morning when the new app dev contractor reported to work.  He simply went in, archived all the source code and uploaded it to his home network.  Problem is no one stopped it…hey, no one even knew about it.

3.    Losing your job to Asian hackers?  PRICELESS. (A MasterCard Moment)
This one will put your CDL into overdrive. Picture this:  Your company is experiencing explosive growth.  It sells goods and services over the ‘Net and you are picking up new customers by the hundreds every day.  Life is good!

You leave for vacation expecting some well earned rest and relaxation.  However on day one, your vacation is blown out of the water when you get “the call.”  It’s the network team lead calling every number he has to track you down.  When he gets you live, he gives you the low down:

  • MasterCard has contacted your company.  Thousands of MasterCard customers are reporting credit card fraud … going back for 90 days.  The common thread among all of these reports is that 100% of these consumers are your customers.
  • Network packet captures from this morning show that customer records are being copied in real time to a server at a university in China.
  • The network team lead thinks that multiple servers have been compromised in your cloud computing environment and some person or process is continually resetting the admin password.
  • MasterCard is demanding that your company’s system be taken off the ‘Net immediately and is threatening a $25k per month fine because of non-compliance with PCI.

The network team lead wraps by saying the CEO has an emergency meeting with the board at 8:30 AM tomorrow morning so he wants you in his office by 8:00 PM tonight.  You hang up the phone, tell your spouse and kids to pack their bags, and head home early to try to save your job.

These different scenarios illustrate how absolutely vital a comprehensive data protection plan is to your business; one that includes 7×24x365 monitoring, high availability, and multiple layers of protection. Unfortunately, there is no one single antidote to ward off all attempts. But a cross-functional approach is the best choice and absolutely necessary to safeguard your business-critical information and applications from outside attacks. You can’t afford NOT to have a well-defined security policy in place; the future of your job and the longevity of your company depend on it!

Jim Brown, CISSP
nGuard, Inc.

Headquartered in Charlotte, NC, nGuard is a valued Consonus manufacturing partner in the security arean, providing security assessments, managed security services and security solutions to companies located in the US.  nGuard’s intense focus on real world security expertise and internationally recognized security certifications allows the firm to service a broad range of companies and industries. For more information, please visit www.nguard.com.

Tags: , , , ,
Posted in Business Continuity, Data Protection, IT Solutions | Comments Off

Fractional Data Center Ownership

Wednesday, June 30th, 2010

Maximum benefits at a fraction of the cost!
It would take over $35 million to build a 10-15,000sq.ft. Tier IV data center that provides peak energy efficiency, an enviable PUE factor, and is SAS70 compliant. But what if your business doesn’t need that much floor space or you just don’t want the headache of raising all that capital, yet your business requires the high-availability, security, and scalability that a world class data center offers? 

Become a fractional owner of a data center facility—problem solved.

With fractional data center ownership, you only purchase the space you need without having to invest in an entire facility. This model offers turnkey convenience plus someone else gets to sit through the SAS70 audits!

Key benefits of fractional data center ownership include:

  1. A smart investment that provides minimum capital and maximum benefits.
  2. Turnkey solutions that get you up and running fast.
  3. Predictable maintenance and management costs.
  4. Reduced management responsibilities.
  5. Possible tax and depreciation benefits that a more traditional hosting or colocation facility agreement doesn’t.  (Consult your tax advisor for guidance.)
  6. Optimized capacity that liberates resources so you can better utilize for testing and developing applications, testing new SaaS models, or experimenting with private/enterprise clouds
  7. A valuable supplement to an offsite disaster recovery/ business continuity plan
  8. Satisfies most Green IT initiatives dictated by corporate

The bottom line is this: For each 1/15 share, you can own over 800 sq. ft. of dedicated floor space, with all the redundancy, services, and security you demand, at a 92% savings of the investment cost! 

In other words, all of the benefits of a $35 million+ data center can be yours for just a little over $2 million. 

Now that’s cost-savings!

Brent Wall — Chief Information Officer
Jack Petty — Product Development Manager

Tags: , , , , , ,
Posted in Data Center Relocation, IT Solutions, The Executive Desk | 2 Comments »

On a Tight IT Budget? Failover to the Cloud

Monday, June 28th, 2010

By now you’ve likely received your one millionth email bulletin regarding virtualization or the cloud and you no doubt recognize its value in your environment.  Regardless of where you are in your virtualization strategy, you still need a comprehensive disaster recovery (DR) plan.  While the gold standard for many years was a contract with SunGard for cold-, warm-, or hot-site failover, there are better options available today that provide faster recovery, shorter restore time (RTO) and restore point objectives (RPO), and are significantly less expensive.

More importantly, it is now possible to actually test a full scale failover – something that has been very difficult with traditional technologies.  In the old model, you had to ship the data (on disk or tape) to a distant facility, load the data (possibly onto gear that you paid for but is sitting idle), and pray.  Even then you were only able to test a small subset of the overall DR environment because you simply didn’t have the time in your test window to get it all done.

Today, the technology exists and service providers have well developed solutions to provide near zero RPO’s.  Failover can occur on dozens of production servers in remote cloud environments in just a fraction of the time previously required.  The real benefit of this is that you can run your DR test against a snapshot of your live data while your existing environment continues to replicate just in case there is a true disaster at or near your test window.

A great example of technology that uses the cloud for failover is the patented Virtual Business Continuity (VBC) solution offered by Consonus.  A predictable cost model that minimizes capital investment, pricing is based on the amount of customer data protected and the number of servers used in the Consonus remote replication service.

Check it out.

Daniel Milburn, CISSP
SVP & COO Hosting & Infrastructure Services

Tags: , , , ,
Posted in Business Continuity, IT Solutions, Virtualization | Comments Off

Observations from a Business Continuity Professional…

Friday, June 18th, 2010

It is sometimes easy to second guess others during a crisis, especially ones as devastating as Katrina or the current disaster in the Gulf. But to not criticize the disaster recovery plans or the lack of disaster recovery testing by British Petroleum should be considered negligent by any self respecting business continuity professional. 

I want to offer a few comments on Disaster Recovery (DR) and Business Continuity (BC) planning in general, as it pertains to the situation in the Gulf. 

  1. An experienced DR/BC professional follows leading best practices and would not create a boiler plate template that is implemented in all regions of an organization’s business.  A good DR/BC plan should be modified and customized to account for regional and cultural differences.  An oil company’s disaster strategy for Alaska should be vastly different from a recovery plan developed for the Gulf of Mexico because there are different environmental elements that must be considered and that will have a significant impact on the practicality of the plan.
  2. All DR plans need to be tested on a regular basis, especially ones that have the potential to save an entire region.  If these plans had been tested in the Gulf, then it would have been discovered that having a plan to save walruses was of no use in the Gulf of Mexico and their Call Trees would have had correct names in place.
  3. When creating Crisis Management Plans, it is not always necessary or desirable to have the CEO of a company giving status updates — that in itself can turn into a disaster.
  4. Don’t be afraid to accept assistance from vendors, suppliers, foreign governments etc.  They may have more experience in the type of event.
  5. Have a clearly defined Incident Commander and make sure everyone knows who is in charge.

If you don’t have a current disaster recovery plan in place, create one. Start with a Business Impact Analysis to inventory your current efforts. Then develop a viable, practical plan that can be tested, updated, and approved. Then repeat this process again and again to guarantee your plan remains effective and appropriate.

And by all means, utilize a business continuity expert to assist you. This will ensure you have a true and usable plan. 

Do all that is necessary, take all the needed steps and don’t shortcut the process…unless of course you want the end results to mirror what’s happening in the Gulf.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , , ,
Posted in Business Continuity, IT Solutions, The Water Cooler | 1 Comment »

Disaster Recovery Best Practices

Friday, June 18th, 2010

 For those who need a refresher course in disaster recovery, here are standard disaster recovery best practices according to the Disaster Recovery Institute.

1.  Program Initiation and Management
Establish the need for a Business Continuity Management (BCM) Program, including resilience strategies, recovery objectives, business continuity, operational risk management considerations and crisis management plans.  The prerequisites within this effort include obtaining management support and organizing and managing the formulation of the functions or processes required to construct the BCM framework.
   
2.  Risk Evaluation and Control
Determine the risks (events or surroundings) that can adversely affect the organization and its resources (example(s) include: people, facilities, technologies) due to business interruption; the potential loss from such events can cause  the controls needed to avoid or mitigate the effects of those risks.  As an outcome of the above, a cost benefit analysis will be required to justify the investment in controls.

 3.  Business Impact Analysis (BIA)
Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be established and approved.

 4.  Business Continuity Strategies
Leverage the outcome of the Business Impact Analysis and Risk Evaluation to develop and recommend business continuity strategies.  The basis for these strategies is both the recovery time and point objectives in support of the organization’s critical functions.

 5.  Emergency Response and Operations
Identify an organizations’ readiness to respond to an emergency in a coordinated, timely and effective manner.  Develop and implement procedures for initial response and stabilization of situations until the arrival of authorities having jurisdiction (if/when).

 6.  Business Continuity Plans
Design, develop, and implement Business Continuity Plans that provide continuity and/or recovery as identified by the organization’s requirements.

 7. Awareness and Training Programs
Prepare a program to create and maintain corporate awareness and enhance the skills required to develop and implement Business Continuity Management.
     
8. Business Continuity Plan Exercise, Audit and Maintenance
Establish an exercise/testing program which documents plan exercise requirements including the planning, scheduling, facilitation, communications, auditing and post review documentation.    Establish a maintenance program to keep plans current and relevant.  Establish an audit process which will validate compliance with standards, review solutions, verify appropriate levels of maintenance and exercise activities and validate the plans to ensure they are current, accurate and complete.
     
9. Crisis Communications
Develop and document the action plans to facilitate communication of critical continuity information.  Coordinate and exercise with stakeholders and the media to ensure clarity during crisis communications.
    
10. Coordination with External Agencies
Establish applicable procedures and policies for coordinating continuity and disaster recovery activities with external agencies (local, regional, national, emergency responders, defense, etc.) while ensuring compliance with applicable statutes and regulations.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , , , ,
Posted in Business Continuity, IT Solutions | 1 Comment »

Is your business prepared for hurricane season?

Thursday, May 20th, 2010

June 1st marks the beginning of hurricane season, continuing until November 30th.  With an above  average hurricane season predicted for the United States this year, government agencies, businesses and other organizations need to take steps now to ensure they are prepared for a disruption to both IT infrastructure and critical business processes.

Many business account for IT interruptions but neglect the business or people side of the organization. Unfortunately, the result is a plan where IT may be available, but the people have no place to go and work.  This is where business continuity planning can save a company.

Businesses in the southeast and gulf coast regions should account for natural disasters in their business continuity plans and take the following precautions:

  • Be able to communicate and account for employees. Have call trees in place. 
  • Consider the impact of hazardous materials – The Gulf region oil spill has the potential to affect the entire Gulf and Atlantic Coastline, so plan accordingly. 
  • Give your employees an alternative place to go by establishing a substitute business location in the case of an emergency. 
  • Present other options for transportation. 
  • Ensure drinking water and plumbing issues are addressed. 
  • Develop manual work-arounds for procedures. 
  • Find out if your primary vendors have disaster recovery plans. 
  • Define critical processes and applications and confirm they align with IT. 
  • Test the plan.

When it comes to hurricanes, wind speeds do not tell the entire story. Hurricanes produce storm surges, tornadoes, and often the most deadly of all — inland flooding.  It’s important that you also incorporate the following into your disaster recovery strategy:

  • Protect hardware/software/data records/employee records, etc. 
  • Routinely back up files to an off-site location. 
  • Use a generator for supplying backup power to vital computer hardware and other mission-critical equipment. 
  • Utilize a co-location, managed service provider or have a secondary data center in an area that is out of the impact zone, away from your primary facility. 
  • Prearrange the replacement of damaged hardware with vendors to ensure quick business recovery.
  • Assemble a crisis-management team and create a crisis management plan.

National Hurricane Preparedness Week is next week, May 23 through May 29. According to the National Hurricane Center, each year an average of 11 tropical storms develop over the Atlantic Ocean, Caribbean Sea, and Gulf of Mexico. About six to eight of these storms become hurricanes each year with the potential to cause devastating damage.  Make sure you have a viable, comprehensive disaster recovery plan so you can weather any storm. You’re business depends on it!

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity, IT Solutions | No Comments »

Newer Entries »