Remote and hybrid ways of working have been expedited over the last 18 months, resulting in hurried deployments of remote access and cloud applications into an increasingly complex and hostile cybersecurity landscape. Stephen Young, Director, AssureStor, considers at how this might make a fresh look at your disaster recovery plans a good idea
The option to work from home, or remotely, has now become the norm for many businesses, with a Gartner CFO survey last year showing that over two-thirds (74%) plan to permanently shift employees to remote working after the crisis ends. With these new – sometimes, unfamiliar – working practices, combined with the absence of a formal office environment, the intrinsic security structures taken for granted have diminished. This has exposed gaps in security, leading to an increased risk of attack involving some form of data corruption, ransomware, loss or theft.
The onus now must be on revisiting and revising disaster recovery (DR) plans to ensure they evolve to keep up with changing business conditions and new working methods. If any organisation fails to see this as a priority in their planning, they need to take a serious look at what is happening today with ransomware attacks in particular wreaking havoc on businesses.
Well-prepared and well-executed DR plans will keep the business up and running through ‘disasters’ of any kind, whether it’s an IT failure or a malicious attack.
This means focusing on the three ‘Rs’ – resilience, recovery and robustness – and how quickly can you get your data and systems back online. In the past, recovery times might be measured in days or possibly hours. Today, that’s changed, with businesses expecting to be back online within minutes.
This was the case with a customer we worked with, a housing association, which experienced a ransomware breach affecting a number of its critical systems. As soon as the threat was discovered, its systems were taken offline to avoid any cross-infection, causing downtime for the whole organisation.
Using its traditional backup solution, the IT team predicted it would take over 24 hours to recover, with the added risk that the recovered data could still contain the original infection. Once they looked at their data recovery as a service (DRaaS) platform as an alternative route to recovery and based on the known infection time, the team was able to recover the impacted servers in less than 10 minutes, and to within seconds of the infection point, minimising downtime and data loss.
This shows that an effective DR solution must be able to deliver flexible recovery from a single item through to an entire estate, applications and sites, and perform recovery operations with minimal downtime and minimal data loss.
Any organisations still yet to update their DR plans or still basing recovery procedures on the previous evening’s backups, the following five-point plan will provide the important aspects to consider:
Clearly define what you consider to be an IT disaster. Every company is different. In a complex environment, a single server failing could have the same impact as a catastrophic site outage for IT services. Any DR plan should also factor in data loss or corruption events, such as user error and cyber attacks – especially ransomware and DDoS attacks which can be so debilitating – with suitable options allowing for rapid recovery of both recent and aged data.
With the rise of cloud applications and services, and with organisations taking a hybrid or remote working approach, it’s likely that the modern IT environment is spread over multiple sites, continents, data centres and vendors. So don’t limit your DR plan to technology, recovery point objective (RPOs) and recovery time objective (RTOs) only. Try and be more holistic and factor in the external delivery of applications and services. As the workforce becomes more dispersed, the importance of user connectivity and access to corporate data must be included in your plan.
When planning a new deployment of hardware, software or services, consider the post-installation implications. How quickly can external applications and services, such as SaaS and PaaS, come back online? Remember this is something out of your direct control, but with the potential to cause significant disruption – what does the vendor’s small print say about data, disaster and recovery, as their objectives may not align with yours?
With pressure to ‘keep the lights on’, it is vital to ensure DR policies are maintained and kept up to date. It is very easy for these to drift when you are focusing on other priorities and demands from users, particularly a more dispersed workforce. If the business is regulated, ensure the policy still adheres to relevant industry regulations.
Run regular DR tests that are measured and approved, with no compromises. Try not to assume and address all non conforms and run the test again as soon as viably possible. Consider the use of the cloud for a DRaaS platform, as these typically provide robust, regular testing paired with seamless access that mimics the normal day-to-day remote access familiar to users. Regular DR testing will place IT staff in a far more confident position to respond promptly and appropriately.
With everything that has happened over the last 18 months, with the global pandemic, rising numbers of attacks and the risk of outages more likely, it’s crucial to take time out to shift your thinking from reactive to proactive to ensure you are ahead of the game and ready for when disaster strikes.