Do You Know Where Your Critical Data Lives?

 
 
By Karen A. Frenkel  |  Posted 03-08-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Do You Know Where Your Critical Data Lives?
    Next

    Do You Know Where Your Critical Data Lives?

    You can't protect data if you can't find it, so understanding where critical data resides--and how to keep it running in the face of a disaster--is an essential component of every disaster recovery plan.
  • Previous
    Understand What's Critical
    Next

    Understand What's Critical

    You can't protect what you don't know exists. To determine what data is sensitive or critical, don't just look at your applications from an IT point of view.
  • Previous
    Involve Other Departments
    Next

    Involve Other Departments

    Engage with others to assess needs from differing perspectives: business operations, customers, regulators/auditors and shareholders. Keep this list updated because it evolves.
  • Previous
    ITGRC (Information Technology Governance Risk and Compliance)
    Next

    ITGRC (Information Technology Governance Risk and Compliance)

    Build a program. Assess the organization's maturity and adequacy, and demonstrate progress. This progress may be incremental. But do not underestimate the resources needed to run a meaningful program. Know who decides what's important and keep a dialogue open with all business units.
  • Previous
    Vulnerability and Threat Management
    Next

    Vulnerability and Threat Management

    An essential part of risk management is in understanding the vulnerabilities and threats to your assets and data. This will help you determine how your organization might reasonably protect against these threats.
  • Previous
    Determine Appropriate Security Controls
    Next

    Determine Appropriate Security Controls

    Here's how to implement security controls: Research and study the logistics of implementing a workable security solution. Determine how to acquire, implement and monitor the tools that guard your business against threats. Weigh risk criteria with their associated asset and impact values to determine cost-effective controls. Gauge their impact to ensure stringency does not significantly, adversely impact the original business value.
  • Previous
    Backups
    Next

    Backups

    Backups are boring and imperfect targets, especially as datasets continue to grow. But strive to be diligent on everything sensitive and critical to your company. Archive hard copies of the most viable data sets offsite. Test the accuracy and restoration of those backups.
  • Previous
    Replication
    Next

    Replication

    Anything that needs to be recovered quickly, both in a natural or human-related disaster, should exist in an alternate location. Based upon importance, tier your applications into levels of recovery.
  • Previous
    Critical Applications
    Next

    Critical Applications

    Critical applications should be in a high-availability environment, also known as "hot" or always-on. Others may be able to withstand a couple hours or days of downtime. Recovery point objectives and recovery time objectives will help determine which type of replication is best for each application. Consult the ITGRC, because all owners may desire everything to be always-on, which may not be immediately feasible.
  • Previous
    Planning and Preparation for Disasters
    Next

    Planning and Preparation for Disasters

    Hope for the best, but prepare for the worst. Plan and test against someone smarter and more determined than you. Include not just the technical aspects, but also communications, PR and budgeting for the worst.
  • Previous
    Acquire Insurance
    Next

    Acquire Insurance

    Prepare for not only financial aspects of loss, but also the reputational impacts and legal liabilities of a breach. In lieu of reinforcement of some controls, pay more money to cover yourself, but remember that this doesn't fix the problem.
  • Previous
    Befriend Law Enforcement and Lawyers
    Next

    Befriend Law Enforcement and Lawyers

    Lawyers and law enforcement are skilled at handling malicious and careless activities. They can also help with what insurance doesn't cover. Know who to contact before necessary.
  • Previous
    Hire Trusted Partners
    Next

    Hire Trusted Partners

    Retain advisers or professionals to review, audit and assist with your security and data recovery offer a fresh perspective for improvements. Third-party opinions matter because they may have more experience and resources than you.
 

In an era of continuous business operations, being offline has become unacceptable. Yet this drive for high availability, although exciting, also poses serious risks to the security of your data. Your data may be among the most important assets to your business. Any form of downtime can be detrimental to the livelihood of your business because it affects reputation and revenue, said Derek Brost, director of Engineering at Bluelock. "Don't wait until a disaster strikes to take action," he warned. "If you're experiencing pressure to improve your current IT program, don't fret. [These tips] should set you on the right path to a secure business environment, one with optimized recovery." Bluelock provides Disaster Recovery-as-a-Service for complex environments and sensitive data to help companies mitigate risk with confidence. Confidence begins with a plan that works, Brost said. These tips should help the always-on business to proceed with confidence in the face of an intrusion.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...