Backup and Disaster Recovery – do you have have a plan?

What would you do if your CEO calls you at 8:00pm on a saturday night telling you he or she cant send a critical email to the board. he summons you to office as an emergency. You enter the server room and you observe the server rack and there is no sign of life on that server in question; say the UPS malfunctioned and fried the mail server. You feel that cold sweat trickle down your back when reality hits you. Why reach that point?

Backup and recovery methods are essential to data protection and security. Any loss of data due to file corruption, virus, security or human error is a loss of time and money. Furthermore, loss of data can severely impact the success of a project, department or college or government ministry. An effective server backup and recovery plan is crucial. It can mean the difference between recovering in minutes rather than days or even after several weeks.

FACT: on average, over 40% of companies without a Disaster Recovery Plan go out of business after a major data loss. According to figures from a study conducted by the Strategic Research Corporation. They provided the top five leading causes of business continuity and disaster recovery incidents as being;

  • Hardware Failures (servers, switches, disk drives, etc) 44%.
  • Human Error (mistakes in configurations, wrong commands issued, etc) 32%
  • Software Errors (operating systems, driver incompatibility, etc) 14%
  • Viruses and Security Breach (unprotected systems are always at risk) 7%
  • Natural Disasters 3%

The human element is among the weakest links in a Backup and Disaster Recovery Policy others include threat of virus infection, hacking, server side scripting or malicious take-downs. Disaster with respect to systems and networks is a broad subject that due to numerous factors can render a service unavailable. Among the key factors to consider is security. Performing security checks or hardening or penetrative testing etc are ongoing processes that needs modification and updates. Furthermore securing any server or network is not a one off project.

This plan be be a 4 page document or a very detailed 100 page document depending on the scope. Key features of this document include;

  • Planning for  a disaster; sounds weird but yes, you need to analyze your most likely threats such as Flooding if you stay in Bwaise. have a team that is responsible for managing this recovery; team should include a variety of departments and remember senior management must be in the loop of situations. this team will help come up with both core and non-core business processes that are at risk of being affected. collect as much relevant information as you can e.g. which vendor equipment is in use, do you have a secure offsite backup location, potential risks and alot more.
  • Emergency response; what criteria do you use to aknowledge you have a disaster at hand. do you have alerts incase of a server? this determines how fast you respond.
  • Recovery Procedures; document how best you would recovery if you experience a disaster.
  • You need to test the plan, train your staff and remember to maintain the plan by routine reviews and updates as your environment changes.

No server or system or database is guaranteed 100% disaster proof or hack proof however following minimum security recommendations makes it harder to compromise any installation. The website of EC Council the institution that teaches and certifies Certified Ethical Hacking (CEH) got hacked, The US Department of Defense was hacked and they didn’t know for nearly 4 months, Microsoft reports an estimated 300,000 attempted attacks every day. In the event of a compromised system, what is important is; identification of the root cause, restoration of services as soon as possible, incident management and documentation so that there is no re-occurrence (learn from mistakes). Intervention methods include; user training on Information Security Awareness.

The key to a successful Disaster Recovery Plan is planning. A formal review of a Disaster Recovery Plan should be conducted yearly, and a quarterly Disaster Recovery Readiness Assessment Audit should be conducted as well to ensure that objectives and scope are being achieved.

If procedures are followed, it helps ensure services are restored as soon as possible in the event of service disruption due to a disaster. It is worthy of note that other processes are key to ensuring this document objectives are achieved example Database Management Policy, Application Code Management Policy, Change Management Processes Guidelines, Redundancy Backup Server Guidelines. Thus it is a collective effort to ensure business continuity.

This writeup is brief doesnt cover everything it should however give you a feel of what you can go through or when disaster strikes. Do you have a plan or policy in place? Its not too late, l can help you draft up one at a small fee, you will thank me later.