3 steps to consolidate disaster recovery with data security
For years, many IT leaders have outlined and executed security and disaster recovery plans as two separate programs. Now, as IT evolves in a cloud era, this approach is beginning to cause serious issues for organizations.
The original rationale for separating plans is founded on the idea that security prevents manmade disasters from occurring, with zero focus on recovery. This approach was in no way coordinated with the recovery plans. While the protocols for each might be unique unto themselves, it’s risky to keep security and disaster recovery as separate entities.
Even with the best preventative security technology, manmade disasters can and will happen. There have been multiple incidents of this within healthcare, as hackers have crippled providers with ransomware and other kinds of attacks, leaving CIOs scrambling to regain true IT resilience by combining cybersecurity with disaster recovery.
It’s clear now that IT departments must assume that security breaches and cyberattacks will happen. Expecting preventative measures to cover every possible threat is the definition of insanity and gives far too little credit to cyber criminals. And while IT executives within healthcare organizations need a thoughtful strategy to prevent security issues, they also need a Plan B that can result in no unscheduled downtime.
Incorporating both of these elements in one cohesive IT resilience strategy is becoming increasingly crucial, particularly as organizations transition more of their infrastructure to the cloud.
There are obvious risks to running data security and disaster recovery plans separately. No matter how large or small, organizations are frequently exposed to ransomware or breaches when they rely solely on security plans. While security technologies help identity and thwart many attacks, inevitably a breach will occur.
According to the Symantec 2017 Internet Security Threat Report, more than 100 new malware families have been introduced to the public this year. This is more than triple from previous years, with a 36 percent increase in ransomware attacks worldwide. Even large organizations, such as Merck and Britain’s WPP, the world’s largest advertising agency, reported being attacked as late as last June. Domestically, a variety of healthcare organizations have been hit with ransomware attacks.
When organizations such as these, with ample resources, are vulnerable to attacks, it’s clear security plans that detect breaches sooner are not sufficient for all of today's sophisticated cyberattacks.
True IT resilience plans include a “keep-out” security strategy and a recovery plan that guarantees it will take a few minutes at most to return to normal operations. In other words, the first line of defense should always be a modern security tool that works to keep attacks from penetrating vital systems and data. But in the event an attack does penetrate beyond the firewall, it is critical that organizations have a plan that allows for the rapid recovery and resumption of normal business operations.
Any organization that wants to consolidate security and recovery should consider these three basic steps to prevent intrusions and be ready to respond quickly when a breach occurs.
Plan and maintain a consistent update schedule. It is essential to update and upgrade more frequently. Issuing updates once a month is not sufficient. Addressing the threat landscape as categories rather than specific threats can help focus on what kit gets what patches, updates and upgrades at what time. This requires constant vigilance across the organization.
With ransomware, a prevent strategy is a failure to prepare, as it straddles the fence of security and disaster recovery. Having a “DVR-like” capability to “rewind” to the seconds before the encryption occurred and address the specific flaw is a key enabler to a recovery plan.
Coordinate testing and supervision, and then practice reducing recovery times. Modern disaster recovery plan testing can no longer be an annual drill. Frequent and continuous testing must be conducted to guarantee that the disaster recovery plan enables organizations to recover quickly and resume business as usual.
As these two plans converge into a single IT resilience strategy, they should be governed as a single team and staffed by individuals with specific expertise. As both plans target the same objective of uninterrupted IT, it is only logical to merge the group supervising them. Both teams are needed to create and manage a consolidated security and disaster recovery plan to produce a recovery time objective of just a few minutes.
Create an alignment to include a three-prong approach. Security and disaster recovery strategies should broadly align with a three-prong approach to IT resiliency – protect, detect and respond. This method covers all the bases - anti-intrusion prevention, detection and disaster recovery - to neutralize cyberattacks and other business disruptions quickly after the infrastructure has been infiltrated.
Many organizations realize that they are not in the "IT business" and are increasingly adopting cloud-based strategies to implement this approach. Others are leveraging expertise through managed service providers to combine IT security and disaster recovery paradigm as a service.
As organizations become more reliant on their data and applications, security and disaster recovery plans must be more coordinated and even converge. It’s becoming increasingly evident for CIOs and CEOs that their IT investments underperform when hit by a hack, ransomware or a natural disaster. They’re quickly realizing that their operations will be exposed if they don’t correctly integrate disaster recovery and security solutions across a heterogeneous technology stack and test both together in a coordinated and ongoing manner.