It can be very easy to panic when your systems are taken offline. Everyone is thrown from their normal jobs into an ‘all hands on deck’ approach to see the disaster recovery plan through. However, you need to be careful that your data isn’t at risk during this vulnerable time.
While your data recovery plan should aim for speed, it also needs to be comprehensive – that includes considering security, which shouldn’t be forgotten in favour of a quick resolution.
Of course, you should always have data security measures during standard operations. When it comes to establishing what these measures should be, always remember to factor disaster recovery into the equation. Let’s take a look at some ways you can keep things secure.
If you don’t ensure that your security is exactly the same during normal operations and disaster recovery, you risk turning your disaster recovery into an even bigger disaster. That’s the view of Richard Butgereit, director of an organisation that supports the insurance industry during recovery. In this case, ‘security’ encompasses everything like the software, hardware, identity management, and more. It’s any part of your business and stack that needs protecting.
Some of the most critical systems that you need to keep live and secure during recovery are your administrative tools. These are things like your login panels or APIs that you will need to be using when trying to recover the primary systems. If you don’t have these, it’s going to make the job ten times harder.
Consider your operations. Any data should be encrypted at rest and in transit. This includes any data that might be getting sent or received off-site, like backup data. Those working on the recovery should only be given the necessary rights needed to complete their tasks – anything greater and it puts them and you at a higher risk from outside threat. Also, documentation should not include any sensitive information like passwords; keep it with a secure off-site service.
When using off-site facilities for disaster recovery, they should be following the same security protocols as your production. If there’s not parity between these two, there’s a flaw. Do not have backups with weaker protection than production, or vice versa. Whichever is weakest will be targeted, so ensure it’s neither.
“Security-centric organizations have alternate operations facilities featuring secure connections utilizing Federal Information Processing Standard 140-2 encrypted connections,” says Ted Wagner, chief information security officer at SAP National Security Services. The aim here is to have multilayer security. The facilities that Wagner mentions replicate their physical environment security controls.
Ultimately, the message here is always to protect your data, no matter the state its in. Just take note that during recovery, standard procedure is prone to going out the window in favour of a quick resolution. Resist this at all costs. Take no shortcuts because chances are they will come to bite you down the line. Prepare a strong data recovery plan, taking into account all security aspects detailed above, and do not cut corners.
How to Keep Your Data Secure During Recovery
No comments yet. Sign in to add the first!