1 / 30

Disaster Recovery for Information Technology

Learn how to define, plan, and implement disaster recovery strategies for information technology systems to ensure business continuity in case of disruptions. Explore alternate site types, controls, recovery steps, data management, and security measures.

jnicole
Download Presentation

Disaster Recovery for Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Recovery for Information Technology

  2. Objectives • Define the scope of Disaster Recovery Planning • Identify alternate site type • Provide a method of selecting alternate site providers • Determine the alternate site location • Identify controls at the data center • Identify the steps needed to recover the data center • Review information management procedures • Review information security measures.

  3. Disaster Recovery Plan • Information Technology (IT) – Hardware, software, telecommunications and other technologies used in computer based information systems. • A Disaster Recovery Plan (DRP) is a plan for the IT department to provide continuation and recovery of the systems and communication capabilities of the organization.

  4. Disaster Recovery Plan • IT Alternate Site - backup data center • Data Center Controls - existing controls in the data center designed to prevent or mitigatethe impact of a disaster • Data Center Recovery Plan - plan to resume data center operations • Information Management Plan - plan to store and retrieve electronic information and critical applications • Information Security Plan - plan to secure data

  5. Redundant Site • Completely functional separate operation that continually duplicates every activity of the primary data center. • Redundant site is fully staffed, equipped, and continually operational. • Primary data center can be completely shut down without any interruption of service.

  6. Hot Site • Separate operation that is ready on a standby status. • Compatible hardware, power and communications are ready to be activated. • Site must be regularly tested to assure readiness. • Hot sites can generally be made operational within 24 – 36 hours.

  7. Cold Site • Separate facility that is not operational but can be made operational within a ‘reasonable’ period of time. • Electric power and communication access is available. • Hardware is not in place and other basic requirements (raised floors, security) may be available. • As additional features and hardware are added, the cold site becomes a ‘Warm Site.’

  8. IT Alternate Site Support Requirements

  9. IT Alternate Site vs. Recovery Time Illustration

  10. Vendor Provided Site • costs • technical requirements • locations of sites • primary assigned site • other clients with priority • back-up power supply • alternate communication capability • annual testing hours

  11. Disaster Declaration (Invocation, Activation) is thestatement used to announce the activation of BCM. • Upon receiving a disaster declaration, the vendor’s employees configure the hardware with the goal of having the hardware setup completed by the time the IT team arrives.

  12. Co-location Site • Vendor provides the facility and infrastructure support but not the hardware. • The organization provides the hardware which is secured inside compartments at the vendor’s location.

  13. Internally Provided Site • Organizations with multiple locations • Cost of hardware is decreasing • Increasingly popular

  14. Mutual Aid Agreement Some potential issues: • Hardware incompatibility • Insufficient capacity • Lack of availability • Both data centers disabled

  15. IT Alternate Site Location • Located away from primary data center to avoid destruction to both locations. • Require relocating personnel to test, activate and maintain the IT alternate site. • Some severe weather crisis events provide warning time to pre-position personnel. • Some businesses have opted for local IT alternate site locations in heavily fortified buildings. • After certain major community-wide crisis events, local travel may be impossible and unsafe. • IT mobile sites with self sustaining and redundant utility systems are also vulnerable.

  16. IT Alternate Site Considerations • How often is the IT alternate site tested? • What types of tests are being performed? • Can the IT alternate site be activated remotely? • For resuming applications, has a recovery sequence been developed and is it compatible with the overall RTO for the business? • How well documented is the IT alternate site plan?

  17. IT Alternate Site – Cloud Computing • Cloud computing is the delivery of services over the Internet and a ‘Private Cloud’ is a proprietary network that delivers services to designated users. • The Internet has many infrastructural redundancies and is considered to be highly reliable and location independent. • This is important in a post-disaster environment where the community-wide communications infrastructure is damaged. • Communications between the IT alternate site and the users may be continued by relocating employees.

  18. Data Center Control • Electrical equipment protection • Power backup • Fire suppressant systems • Gauges and alarms • Raised floors, wiring and cabling

  19. Electrical Equipment Protection and Power Backup • Backup diesel powered electrical generators automatically start after a power disruption. • There needs to be adequate fuel for several days of operation. • Generators need to be regularly tested under full-load. • Short term power disruptions and power fluctuations are covered by surge protectors and uninterruptible power supply (UPS) devices. • UPS devices maintain electrical power long enough for a controlled shutdown.

  20. Fire Suppressant Systems • Handheld gas-based fire extinguishers in data centers are for small fires. • ‘ABC’ fire extinguishers are effective but damage electrical components. • Common data center fire suppressant system is typical water-based system. • The dry-pipe water system will not discharge water unless a sprinkler head is open and another ‘trigger’ activates. • Data centers may have gas based fire suppressant systems which present unwanted chemical exposure to personnel.

  21. Gauges and Alarms • Temperature and humidity gauges monitor atmospheric conditions. • Smoke and heat sensors detect fire. • Alarms and gauges should be monitored 24/7/365.

  22. Physical Security • A key pad entry system is not 100% foolproof and typically does not record the user. • There should be a swipe-card access system that records all access activity. • Surveillance cameras in the data center are also a security tool.

  23. Raised Floors, Wiring and Cabling • Classic design for data centers was a raised floor to protect from flooding. • Cables located under the floor are protected from damage. • Modern data centers run cables in the ceiling. • Data center hardware is generally supported on racks and raised floors may also be used.

  24. Miscellaneous Controls • Dedicated climate control systems are preferred for data centers. • Fortified walls may protect the data center from crisis events. • Emergency lighting should be available. • An emergency shutoff switch should be placed near the data center exit door.

  25. Data Center Recovery • Data center hardware and hardware configuration needs to be well documented. • Contracts need to be in place with outside service providers.

  26. Data Center Recovery • Assess damage • Engage subcontractors • Provide infrastructure • Provide hardware • Load and test data • Resume applications

  27. Information Management –Hardcopy Data • Certain industries (law firms, lenders) need to maintain hardcopy data - original signatures may be important. • Hardcopy-only data has not been electrically secured.

  28. Information Management – Hardcopy Records • Data security is the responsibility of IT. • The most fail-safe approach to secure hardcopy-only data is to duplicate and disburse. • Locations of duplicated hardcopy-only data should be sufficiently distant. • Contents of safes are subject to explosion, flood, and theft.

  29. Information Management – Electronic Data • Electronic data should be duplicated and disbursed. • Locations of data should be apart to avoid multiple-destruction or denial of access. • Real-time data backup is becoming popular.

  30. Information Security • Information security officer • Information security plan • Information hazard assessment • Administrative controls • Information security classifications • Access controls • Usernames and passwords • Data encryption • Firewalls

More Related