Posted on Tue, Jan 26, 2010 @ 04:30 PM
- All threats in a disaster recovery (DR) and business continuity (BC) plan should be highlighted as part of the risk assessment phase of the BC plan. The risk assessment should incorporate all sites, which includes the disaster recovery site. And if the risk assessment is completed correctly, and an objective view of all threats are identified, there should not be any hidden threats in an organization. However, unanticipated threats can still occur, which are issues that can come up during or part of an unforeseen incident. For example, damage to the infrastructure (road closures) can cause delays in reaching your disaster recovery site, which will affect the recovery time.
Also, if the BC plan is not reviewed properly it may contain incorrect information which can threaten the disaster recovery process. If the business focus has been modified since the BC plan was compiled and these changes have not been incorporated within the BC plan, the recovery process will not go smoothly. Similarly, if hardware in your company has been modified and you have not updated your DR plan, you may have issues with the recovery. Both the disaster recovery and business continuity plans need to be current to reduce unanticipated surprises.
Lastly, hidden threats may exist if the business continuity plan does not reflect reality. That is, if the business impact analysis (BIA) does not reflect the true impact on the organization, issues may arise. For this reason it is important to be accurate in the BIA looking at dependencies up and down the line to ensure the recovery time objectives (RTOs) are correct.
Written by Harvey Betan
Posted on Sat, Apr 11, 2009 @ 11:10 PM
Secure - From the Inside Out Data is the currency that makes your business tick. That's why keeping it safe is more important than ever By Jim Shanks 11/12/2008
In a recent poll of BizTech readers, technology managers named remote access, disaster recovery and security as their top three IT priorities. The last thing any business would want is to have their company's sensitive data wind up in the wrong hands. As businesses invest in electronic data systems and infrastructure, intellectual property in the form of data - not hard cash or capital assets - has become the new currency. That's why a growing number of IT managers are shoring up their networks with security tools to ensure that no data leaks out - accidentally or on purpose.
When it comes to security options, market research firm International Data Corp. reports that 81 percent of IT managers invest in some type of data technology to protect and control their sensitive information. According to IDC, data loss prevention (DLP) and encryption are the key features of a comprehensive data protection strategy.
What's driving the increased investment in DLP and encryption? For starters, as businesses revamp their infrastructure and increase productivity through new technology systems, data becomes more and more central to a company's viability and competitiveness. That data - such as customer lists, margin reports and pricing algorithms - help define the competitive differences among businesses, making them too precious to put at risk. Additionally, an increasing number of businesses must also comply with numerous regulations that govern the handling of confidential data.
Sharp HealthCare is a good example. The San Diego-based health-care provider must not only comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), it must also prove that it's in compliance. After putting comprehensive data loss prevention tools in place, the company says it reduced security policy violations by 70 percent in the first year of deployment. The tools Sharp chose also have helped the health-care provider maintain the detailed documentation that proves it complies with those regulatory provisions.
More Than Software
Software tools are critically important - and a good start - but they have to be coupled with training that heightens employee awareness. With restrictions on access and tools to audit usage, the next step is limiting and controlling access to sensitive data to authorized users and training those users to handle this information properly to reduce the risk of data loss.
"Most employees mean to do the right thing; they don't want sensitive data to leak out either," says Starla Rivers, technical security architect at Sharp HealthCare. "Our challenge is to make it easy for them to comply." Rivers adds that training programs and technology tools need to be "something that we are doing for them, not to them."
As Rivers points out, employees may mean well, but if they aren't in the mind-set of looking out for potential leaks, they can't be expected to cooperate. The reality is that the software is fairly easy to deploy and doesn't require much extra work from the staff. There should be little impact on the typical day's work flow.
"The important thing is that there be no surprises," says Kam Golpariani, vice president of security risk management at First Advantage in Poway, Calif. "This can't be something that comes out of left field, which is why a phased rollout is the best approach."
Written by Jim Shanks 11/12/2008 to View the original article Click Here
Posted on Fri, Apr 10, 2009 @ 05:53 PM
Being an IT Managed Services Company (MSP) we find so many business trying to nickel and dime on their technology. For some reason most business owner's don't realize that their entire business future could potentially be gone with a disaster to their technology. When I say disaster I don't mean just natural disasters. Things like power outages, sprinkler system breaking, power surges, data backup failure, server crash and many other things can destroy your data.
When you ask a business owner why do they invest in Accountants and Attorneys? The normal response is because I need their service to run my business. But the real answer is to protect their business. So once again.... Why don't business owners invest in protecting their company's technology, the one thing that can make them more efficient, productive, and help with their bottom line? I do not know!!!
Check this statistic out.
According to research by the University of Texas, only 6 percent of companies suffering from a catastrophic data loss survive, while 43 percent never reopen and 51 percent close within two years.
Gartner estimates that only 35 percent of SMBs have a comprehensive disaster recovery plan in place.
International Data Corp. estimates that companies lose an average of $84,000 for every hour of downtime. According to Strategic Research, the cost of downtime is estimated at close to $90,000 per hour.
According to a recent NFIB National Small Business Poll, man-made disasters affect 10% of small businesses, whereas natural disasters have impacted more than 30% of all small businesses in the USA. Hurricanes are by far the most destructive force causing power failure, flooding, customer loss, and the closure of many businesses.
According to a recent Touché Ross study, the survival rate for companies without a disaster recovery plan is less than 10%!
According to analyst firm IDC, about 70% of all successful attacks on computer networks were carried out by employees and insiders.
If you are in Southern California and want a FREE Data Security and Backup Analysis click on the link below to sign up http://www.pain-free-it.com/products/disaster-recovery---business-continuity-/remote-backup/
Tom Hill
Managing Partner
Technology Management Solutions
https:twitter.com/painfreeit
www.pain-free-it.com