Pat O’Day, CTO for Bluelock, says information hacked, leaked and compromised due to an internal breach, ransomware or an outside attack — it’s a CIO’s worst nightmare, and it’s an increasing threat.
The FBI now ranks cybercrime as one of its top law enforcement activities in the wake of attacks against big businesses such as Anthem, Sony Pictures, Blue Cross, JPMorgan Chase, Target and Community Health Systems.
Companies are never 100 percent safe from emerging cybersecurity threats. To fight these threats, many are considering cloud-based Disaster Recovery-as-a-Service (DRaaS) strategies that include replication and backup-based solutions in order to protect vulnerable data and ensure security across their production site. As such, these businesses are looking to partner with third-party disaster recovery vendors. According to a recent TechTarget cloud storage survey, 63 percent of respondents say at least some of their backup data goes to the cloud and only 44 percent stated their organization had disaster recovery.
If you’re considering implementing a modern DR solution to help protect your data against attacks, check out the tips below:
Replicate Your Data to the Cloud
Replication is one of the best things you can do to ensure your business will be back up quickly from any type of disruption. If some or your entire primary environment goes down, your business is still able to continue running.
When choosing the best replication option for your company, consider the applications you need to stay functional and your overall recovery objectives. There are several options to leverage, such as continuous data replication and batched data replication. You must weigh the critical importance of an application, as well as the time-criticality of each application. In order to assess risk and business impact, consider how many and how often the application processes transactions and new data, as well as how soon the application would need to be up and running after a disruption. Once you’ve inventoried your applications, identifying which need to be back up and running the quickest will save you money — because you’re recovering the most important applications first to keep your organization functional and profitable.
Backup Your Data to the Cloud
Replicating your data continuously leveraging advanced tools like Zerto or Vision Solutions DoubleTake ensure your applications and data can be back up and running quickly. However, that doesn’t eliminate the need for backups, especially offsite backups. In the case of a cyber security threat, there’s a risk that a virus or breach could be replicated and affect both your primary and secondary sites if not identified and acted against fast enough. In those scenarios, you must have backups from which to restore. Your recovery time will be longer, but it can save you from needing to pay out against a ransomware attack if you have a clean copy of your data archived.
Guarding against multiple types of disasters — environmental and human — emphasizes the importance of an offsite location for your DR solution. One factor to weigh: how far your production environment should be from your recovery site. Some organizations are large enough to have private datacenters in multiple locations and enough headcount to manage the replication, monitoring and testing in-house. If multi-site recovery isn’t an option, choose a DRaaS provider with datacenters in varied regional locations. This will allow you to failover, and failback, to another location in a time of crisis, ensuring your vital business data will be secure.
However, many organizations fail to arm their secondary locations with the same security as their onsite premises. Not protecting your recovery and backup site with the same precautions as your production site leaves you vulnerable to hackers. You can avoid risks by using encryptions, firewalls and password protection. That way, your replicated data will be as safe as your production data.
Have a Disaster Recovery Plan with Clear Roles and Responsibilities
Incorporating an overall recovery plan is a key investment for many companies. It’s not difficult to find a quality, scalable solution that is cost effective. No matter your specific strategy for recovery, it’s important to have a detailed disaster recovery plan in place. To execute a seamless, successful recovery plan, you’ll need an experienced, flexible and proactive partner on your internal team, or contracted out from a reliable source.
Consider several key components when putting your DR plan into place, including identifying which parties should be contacted in the case of an emergency, evaluating the risks of key people being unavailable or not having access to the network and who can perform duties in those scenarios.
Additionally, your plan should be consistently tested and updated often to increase the likelihood it will work when needed. Without practice, you could find yourself lost when a disaster actually strikes. It’s also important to know how much of the recovery process your provider can do on your behalf if your team is unavailable or delayed.
Know Your Team
If you use a third party vendor, the vetting process is already completed and is illustrated through various certifications such as SSAE Type II SOC II. The approach can give you access to IT talent without having to onboard a whole new class of employees. Your third-party vendor could employ ethical hackers — whose goal it to penetrate company’s firewalls, passwords and other security parameters in order to diagnose weaknesses. Your partner might also have consultants who can advise you throughout the process, leaving little to no guesswork. Whatever your highest priorities, choose a partner who shares the same values and can truly act as an extension of your current IT team.
Establish and Enforce a Culture of Security
In addition to taking the appropriate precautions upfront, you must also establish the right protocols and policies so that when employees go through the onboarding process or a new vendor is brought in, a climate of enforced security is simply part of the company culture. It’s important for everyone to understand that all copies of data, regardless of whether they are in production, backup or recovery environments, need to be equally secured.
Ensure staff and vendors with privileged access understands the appropriate security measures, controls and responses. Assume that some controls will fail, so be ready with a response plan that is tested and proven to mitigate or minimize the impact. One example is ensuring that you notify your disaster recovery team in the event of a security event in case you can’t recover the production environment or data and need them to be ready.
These tips are guiding principles that should be prioritized in your overall data security plan. If you focus on replication, backup and entrusting the right responsibilities to the right team members and vendors, you’ll make leaps in protecting and safeguarding your data.
Pat O’Day, CTO for Bluelock