Why A Disaster Recovery Strategy Must Be Top Of Mind for IT Security Personnel
POST WRITTEN BY: Jeffrey Ton for Forbes
(Link to original article at the end of the piece.)
It’s no secret that data security is essential to our modern, technology-driven marketplace. With the internet of things and artificial intelligence growing commonplace, the expectations for continued innovation and constant availability are stronger than ever. I don’t know about you, but when I log into Netflix, I expect to watch movies without interruption. Yet I would be pretty upset if Netflix delivered this streaming at the cost of my privacy.
My personal demand for easy accessibility, like everyone’s, is in constant struggle with security, which tends to slow down user access (think of how login credentials hinder fast banking on your phone). These two immensely important values are challenging for businesses as they try to push innovation forward.
An entire empire has been built on stealing sensitive company data, holding data hostage or releasing scandalous information to the public. This has made cyber attacks the No. 1 threat for businesses, according to data from Business Continuity Institute. But despite precautions, these breaches are still occurring at an alarming rate. What could companies be doing better?
The answer lies in mitigating the most vulnerable areas where companies keep their data. In my line of work, I’ve seen this is desperately needed in IT disaster recovery (DR) environments.
How To Increase Security In DR Environments
Large corporations typically spend millions of dollars each year securing their production environments. Yet, secondary sites don’t receive the same attention, which leaves them vulnerable to cyber security breaches. In fact, cyber criminals have caught wind of this, and may now view DR environments — which house a company’s most critical data — as low-hanging fruit.
DR originally emerged to help organizations get running again after weather-related events, but tornadoes and floods are no longer the main causes of downtime. As a result, the focus has shifted to account for new threats, which demands a more proactive approach. Security events are increasingly being considered “disasters,” and companies are taking additional steps to avoid reputation and revenue fallout.
To beef up your DR environment, start by making sure that everything is current, from firewalls to patching levels on devices where you’re landing your data. Your storage should be encrypted, and so should the data itself in all stages of transit and rest.
Consider who has access to the data, not just in terms of virtual access, but in physical equipment as well. Do you keep a log of who enters your data center and when? I’m not talking about a guest list like the ones you’d find at weddings: Rather, do a time-based sign-in and sign-out at the entrance. All DR environments, especially those with an active/active setup, should be as fortified as your production hosting.
For tape-based copies of data, it’s important to store these backups in a secure location. I would suggest using an offsite vault – and confirm delivery after backups have been performed. This may seem nitpicky, but I’ve heard about an IT administrator who oversaw tape backups and forgot about them in the trunk of his car. This meant he was driving around town with his company’s most critical data, leaving it vulnerable and accessible to virtually anyone nearby.
Uses Of DR For Security Incidents
It’s not all “doom and gloom” when it comes to DR, though. In fact, there can be several benefits when you take those “doom and gloom” scenarios and turn them around with proactivity. Yes, I’m talking about using DR as a mitigation strategy for security breaches.
This is best illustrated in the instance of ransomware, where DR can quite simply be a get-out-of-jail-free card. When a cybercriminal infects your IT systems and locks you out, you have two choices: Pay the hostage fee or put your foot down. If more companies refused to pay these hostage fees, the ransomware industry would crumble. So, let’s kill it.
With a robust DR strategy, your IT team can simply wipe affected components clean and hit the “restart” button with the aid of your most recent data copies. Having physical backups disconnected from the internet for this scenario is a great strategy. But if these copies aren’t easily accessible or haven’t been performed recently, then you could risk losing critical changes or transactions. For this reason, pair your physical backups with another form of recovery, called replication. These “snapshots” create copies in real time whenever changes occur, or in frequently-timed increments. Because they are available via a connected environment, this makes recovery possible in minutes.
Keeping Your DR Plan Updated
Imagine your company has fallen victim to a ransomware attack and your current DR strategy is to back up systems to tape. There’s a chance your IT team will spend several days restoring everything only to find your tape copy was also infected. Now you must start all over again. However, imagine if you leveraged replication combined with a cloud environment. If the restoration still shows infection, you can go to another recovery point. You are operational in hours without having to pay the ransom.
While there may be no complete safeguard against security incidents, with a solid DR plan, organizations can better ensure business continuity in the face of doom. While all of these suggestions might seem commonsense to some, many companies still aren’t taking the right measures for robust protection – perhaps because it might not occur to them, or because they simply lack the necessary resources. It’s crucial to be vigilant. After all, focusing your security attention on DR is both a protection and a mitigation strategy.