Jim Satterfield, Chief Information Officer, Firestorm Solutions, LLC
Today, 80 percent of the value of corporate assets has shifted from physical to virtual. Accordingly, the business risk has increased dramatically over the last two decades.
Corporations face accelerated, complex, sophisticated attacks resulting in expanding impacts. A characteristic of cyber-breaches is that they can penetrate a company’s perimeter data security defenses through multiple channels to exploit all layers of information security. Unfortunately, if a sophisticated attacker targets a company, they will be able to breach the data security in place.
While cyber-breaches garner headlines, information technology outage disasters stop work, cost thousands, and cause CIOs and CTOs to lose jobs.
Information Technology-Disaster Recovery (IT-DR) planning represents the broad scope of activities designed to sustain and recover critical IT services and vital electronic data following any incident which causes comprehensive information technology interruption such as loss of electrical or telecommunications services; loss of a data center; loss of any company servers residing outside a hardened data center.
The IT-DR Plan does not address specific IT disaster scenarios; instead it identifies IT recovery strategies. The purpose of an IT-DR plan is to create a state of readiness that can support an immediate response to any incident which causes a comprehensive information technology interruption, and disaster impacting the operations of other company servers.
What do IT-DR Plans Do?
IT-DR plans are a critical component that intersect with business continuity recovery, because there is an inherent relationship between IT systems and the business functions they support. When an organization is implementing a n I T-Disaster Recovery strategy, that strategy and the people and processes needed for recovery—must be documented in an IT-DR plan and aligned to the Business Impact Analysis (BIA) priorities and dependences.
The objectives of the IT-DR Plan are to:
- Assure prompt and appropriate response to an IT outage;
- Provide an organized and consolidated approach to the management of IT recovery activities;
- Recover essential IT operations in a timely manner;
- Restore operations once an alternative data center is operational.
The resulting plan provides the capability to help ensure essential technology services are promptly restored following an unplanned interruption. A well-designed and tested plan:
- Lowers impact to critical business functions and customers;
- Reduces time required to restore essential technology services;
- Minimizes errors by having trained and knowledgeable personnel; and
- Mitigates exposures by implementing proven data backup and protection strategies.
Predict Plan and Perform
At Firestorm, we employ a Predict, Plan, and Perform methodology to analyze and enhance the IT-DR planning process. The process should be evaluated for the five stages of a crisis with distinct decisions to be made, actions taken, and communications in each stage:
- Pre-action- Preparedness responsibilities include ongoing responsibilities necessary to maintain normal day to day business operations. Annual Pre-action activities are completed in an effort to mitigate the impacts of negative events to include regularly scheduled document review and activities to address business requirements, recovery strategies, and personnel training issues.
- Onset- At the start of this phase, a preliminary impact/ damage assessment will be conducted to determine damage to the impacted data center infrastructure.
Impact Assessment - Some IT impact/damage assessment activities are performed concurrently with many of the activities in the Onset Phase. DRT members will assist the Crisis Management team (CMT) to investigate and assess the IT event, as well as confer with other business units to perform an initial IT impact/damage assessment and client impact.
In a situation where the impacted data center has sustained physical damage, a more in-depth IT impact/ damage assessment is performed to determine the full extent of the damage and impacts. At this time, the insurance claim process and the salvage effort will begin led by the DRT.
- Response & Recovery- Upon receipt of authorization from the CMT that an IT disaster has been officially declared, computer processing will be resumed at the IT Recovery Site.
- Post-Consequence Management- In this phase, the handling of the crisis will be analyzed and lessons learned documented. Changes/updates to company procedures and documents will reflect lessons learned.
Because of the irreplaceable value of company data, successful recovery is absolutely dependent upon the reliability of a robust data backup and protection program. A formal analysis of this program is needed to document the effectiveness of current data backup practices and procedures and evaluate the company’s ability to recover essential data and information following a technology disaster.
This analysis/evaluation should:
- Review the data backup and availability strategy;
- Review selected data synchronization;
- Review work-in-process and pending transactions;
- Evaluate findings against the company’s defined business Recovery Point Objectives; and
- Document findings and present recommendations t o correct identified exposures or weaknesses.
The resulting IT-DR plan will document the teams, critical resources, and actionable steps that must be followed to restore the IT infrastructure.
The IT-DR plan should address:
- Recovery prioritization structure for critical T components, applications and data;
- Identification of key utilities, software, hardware, network and licensing keys needed for recovery;
- Identification of IT recovery personnel;
- Response and recovery actions by functional teams;
- Actionable steps required to complete recovery;
- Identification and location of critical vital records needed for recovery; and
- Identification of critical suppliers.
The Disaster Recovery Team (DRT) is responsible for the following recovery activities:
- Conducting an I T-related impact/damage assessment and recovery time estimate;
- Coordinating the establishment and transition o f I T processing;
- Determining if external resources are needed;
- Ensuring the recovery of essential IT operations;
- Adhering to IT procedures throughout the recovery effort;
- Coordinating t he development and implementation o f restoration procedures;
- Assisting affected departments to recover data, access LAN, and voice communications; and
- Resolving technical and logistical problems encountered during recovery.
Once the plan is developed, training and testing will be essential for the plan’s success. The training, in addition to making all company team members aware of their duties under the plan, should validate the conceptual completeness of the plan, resulting in an efficient and effective response and recovery process. Testing will demonstrate areas where the plan requires modification. Proper planning can keep a disruption from becoming a disaster.