220 likes | 581 Views
Disaster Recovery & Business Continuity. By:- Stanley Chand & Damien Prescod. Agenda. Introduction Types of disasters RPO & RTO Disaster recovery strategies Business Continuity planning Business Impact Analysis Making Plans Why BC & DR Awareness Types of Risk Key IT risk
E N D
Disaster Recovery & Business Continuity By:- Stanley Chand & Damien Prescod
Agenda • Introduction • Types of disasters • RPO & RTO • Disaster recovery strategies • Business Continuity planning • Business Impact Analysis • Making Plans • Why BC & DR • Awareness • Types of Risk • Key IT risk • Risk Quantifying • Telecommunication Market • Excuses • Conclusion
Introduction • It’s a procedure of restoring operations critical to the resumption of business, including access to data, communications and other business process after a natural or human induced disaster. • Business continuity planning is an interdisciplinary concept used to create logical plans for how an organization will recover partially or completely interrupted critical functions with in a predetermined time after a disaster.
Natural & Man made disaster • A natural disaster is a consequence of natural hazards like hurricanes, earthquakes, volcanic eruptions, land slides etc. For this an adequate emergency management measures can be adopted. • Man made disasters are the result of man made hazards for which adequate emergency management measures have not been adopted. • Crime • Arson • Terrorism • War
RPO & RTO Recovery Point Objective • It can be described as the amount of data lost measured in times. • If the last available good copy of data before an outage was 16 hours ago then the RPO would be 16 hours. Recovery Time Objective • Recovery time objective is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Common Disaster Recovery Strategies Data Protection:- • Backups made of tapes and sent offsite at regular intervals. • Backups made to disk onsite and automatically copied to offsite disk, or made directly to offsite disk. • Replication of data to an offsite location overcomes the need to restore the data. • High availability systems which keep both the data and system replicated off-site , enabling continuous access to systems and data.
Business Continuity Planning http://upload.wikimedia.org/wikipedia/en/c/cf/BCPLifecycle.gif
What Differentiates Technical from Non Technical • “Technical” typically are computer platforms or systems (i.e., mainframes, servers, midrange, routers, gateways, network communications, etc.) found within Data Centers or IT areas. • “Non-technical” are functions and processes that support critical business operations that are external to the above (i.e., HR, Payroll, Legal, Call Center, etc.)
Business Impact Analysis Its an information gathering exercise designed to methodically identify:- • The functions performed by an organization. • The resources required to support each process performed. • The impact of failing to perform a process. • Assess how critical each process is. • RTO & RPO.
How To Build These Plans • A commitment from upper management helps (commitment for resources in manpower and funding). • Gathering information through a Business Impact Analysis (BIA) to determine critical operations. • Determine strategies and objectives for recovering the critical functions. • Document the findings as steps to follow in the event you have to declare a disaster.
Why BC & DR • Two out of every five enterprises that experience a disaster go out of business within five years.” • 80% of all businesses do not have a Disaster Recovery Plan (Business Continuity Plan) in place. • 50% of companies that experience a computer outage lasting more that 10 days go out of business within five years and that most never fully recover financially. (Gartner Group) • DR is a subset of BC • Important points of reference are: Threat, Vulnerabilty, Risk, Assests, Controls, Reputation!! • Important IT reference points are: Data, Physical Infrastructure, Systems & Applications, Personnel,
Awareness • Since 09/11/2001 90% of CEO’s have revamped DRP’s • Employees must be aware of BC procedures • BC plans must be rehearsed at least once a year or when a major change has occurred • Processes should be in place for employees meeting place, disaster declaration hierarchy, employee/family members communications
Types of RISK • Hackers, hurricanes, fires, flooding, power outages, denial of service attacks, telecommunication outages, loss of internet access, hardware failures, application failures, employee error, virus attacks, sabotage, terrorism.
Key IT Risk • Data Loss / Corrupt • Security Breach • Loss of Key personnel • Virus – SPAM - Spyware Attacks • File Server / Network Down • Power Outage • Loss of Phones / Fax • Loss of Internet
Quantifying Risk • Risk = threat * vulnerability * asset value • Threat, vulnerability and asset value can vary from 1 to 5, 5 being most severe • Results in 125 possible risk levels
Telecommunications Market • Currently methods of DR in Telecommunications arena. • WiMax and FSO ( in MANs). • Both are efficient and quickly deployed. • Most enterprises are becoming less dependent on wired infrastructure from SP’s. • Having contrasting methods is beneficial example if currently using underground Fiber optic cable or DSL, employ FSO or SAT as redundant means.
Common Excuses • It costs too much money to implement. • Not enough time or resources. • It will never happen to our company. • Why bother? We have good data backups. • We “plan” on implementing one next year.
Conclusions 1. Physical and IT security will become more tightly integrated 2. BCP must encompass all aspects of an organization 3. Security is a crucial component to BC and disaster prevention 4. Proper identification, planning, and implementation will ensure not only success, but business survival
Sources • Disaster Recovery Internet Article (n.d), retrieved from http://www.enterpriseitplanet.com/networking/features/article.php/3619566 • Disaster Recovery http://www.csoonline.com/article/204450/Business_Continuity_and_Disaster_Recovery_Planning_The_Basics • Business Continuity http://www.csoonline.com/article/204450/Business_Continuity_and_Disaster_Recovery_Planning_The_Basics