Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/13/2009
10:22 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

3 Disaster Recovery Tips (Or Risks!) You May Have Overlooked

You've got your Disaster Recovery plan in place (don't you?) and, if disaster should strike, you're ready to bounce back quickly. Or are you? Take a look at these three good -- and in case of disaster, critical -- tips to make sure your plan works.

You've got your Disaster Recovery plan in place (don't you?) and, if disaster should strike, you're ready to bounce back quickly. Or are you? Take a look at these three good -- and in case of disaster, critical -- tips to make sure your plan works.Last month I asked bMighty's readers for their Disaster Recovery (DR) tips and stories, and you weren't shy about sharing. All of the responses were good and appreciated, and we'll be looking at them in the weeks ahead.

Here, thanks to the readers, are three key DR points that are often overlooked:

More muscle may be needed for restoration than operation -- One of the most frequently identified keys to efficient and rapid restoration of business after a data disaster is understanding which aspects of the data and business apps are most needed to resume operations, even minimally.

It's that minimally that introduces this particular risk. Even a partial restore of a large amount of data -- and some of you are looking at really large amounts -- is likely to require, for a time at least, more horsepower (and time) than day-to-day operations.

Factor these considerations into your formal DR plan (which, of course, you have) and test them in your regular DR rehearsals and tests (which, of course, your perform) and adjust your minimal DR hardware requirements accordingly.

In other words, plan your DR hardware for the recovery and restoration, not just the subsequent operations, and you should be fine.

Telecommuting works best when it's DR-ready -- The growth of telecommuting and remote workers/offices is another often-cited plus for DR readiness. Workers with well-equipped home offices may be able to pick up at least some of the operational slack when a main facility goes down.

But, as more than a few readers pointed out, it's one thing to have a home office that's set up to handle a worker's specific area of responsibility, but often another thing altogether when that equipment is called upon to handle (or even tackle) other, perhaps far larger tasks.

If home workers or telecommuters and their equipment are part of your formal DR plan (which you've had in place for awhile, right?), include those offices and that equipment in your DR tests. Put them through the same paces they'd be expected to handle in the event of an actual disaster and you'll discover whether or not your home-based insurance is good DR policy or only wishful thinking.

(And speaking of wishful thinking, particularly in times of tight budgets, think about underwriting or at least contributing to the upgrading of home-based workers' equipment if it's critical to your DR plan.)

Security first, then (and only then) DR -- Heard this one from quite a few of you, and every one of you is absolutely right. In the scramble to recover data, re-establish communications, get your business working again, even fundamental security issues can all too easily be overlooked.

Check your DR p[an you do have one, don't you?) and make sure that restoration of thorough security precautions, including security software and tools, or Security as a Service (SaaS)connectivity if you've gone that route, are at the top of the list.

Don't put your restored data at risk of a breach disaster while you're recovering from another kind of catastrophe.

Thanks, again, to all the readers who responded -- and bear in mind that I'm always open for more suggestions. Drop me a line.

DR played a large part in bMighty's bSecure SMB Security online event recently -- in fact, I moderated a terrific panel on the topic. But in the course of the day other panels and exhibitors and commentators touched on all manner of small and midsized business security issues and techniques. If you were there you know how rich a program it was.

And if you weren't able to attend, don't worry: bMighty bSecure SMB Security On A Budget is now available on demand.

Check it out here:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.