Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/23/2009
01:15 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

What Part Of Disaster Recovery Don't You Understand? (bMighty Wants To Know!)

Disaster Recovery planning and preparation remains one of the great vulnerabilities of small and midsized businesses (and plenty of big businesses, too). Why do so many businesses avoid taking the time and spending the money to prep themselves for disasters that may never happen? The three most common answers are in that question.

Disaster Recovery planning and preparation remains one of the great vulnerabilities of small and midsized businesses (and plenty of big businesses, too). Why do so many businesses avoid taking the time and spending the money to prep themselves for disasters that may never happen? The three most common answers are in that question.Time, money and the unlikeliness of being hit by a disaster (large or small) that interrupts a company's ability to do business.

These are the most common reasons companies and individuals have for not creating a formal disaster recovery (DR) plan, testing it, refining it if necessary, and implementing it.

All three are valid (if not defensible: Just ask anyone who's had a disaster without effective recovery plans in place.) answers that each of us can understand.

Each holds the potential for making a disaster unrecoverable.

And each can be dealt with with a little application:

Time: It takes time to review your business practices (and the technology required for their operation) and then to translate your findings into an effective step-by-step plan that will bring at least your most critical systems and data back up quickly.

But not that much time. You can start with just a few minutes' imagination, considering how (and how quickly) you would be able to restore business functionality if your facilities were rendered unavailable.

From there, it's a matter of a fairly small amount of time to poll appropriate personnel about their DR needs and expectations, review existing backup strategies with an eye toward restoration of data (and related matters such as communications) if primary systems are inaccessible or worse.

That polling process is a perfect opportunity to create a formal DR team which will put together, in writing, the formal plan that can save your company from business catastrophe when physical or digital disaster strikes.

Money: Times are tight, budgets are tighter. And that becomes an integral part of your DR team's challenge: finding ways to incorporate DR needs into existing IT (or IT security budgets..

Perhaps you turn to Software as a Service for your DR needs and free up staff for other pursuits.

Conversely, as your business grows, it may be more cost-effective to bring backup-and-restore in-house, or to split the difference and achieve savings by employing outside services to manage the backup/restore process while you maintain the hardware/software in-house.

The point is that there are any number of ways to approach the budget challenge; look hard enough and you'll find the one that suits you -- and your budget.

Unlikeliness: Nobody, as Monty Python said, expects the Spanish Inquisition, either.

But the "It won't happen to my business" mentality only works if it never happens to you.

In other words, you're making a bet -- a large one -- that your business will forever be somehow immune to the disaster (whatever form it may take) that you've avoided so far.

Just bear in mind that the wager you're making puts your business on the line.

During next week's bMighty bSecure SMB On A Budget event we'll be looking more closely at these and related issues, and before that I'd love to hear from you about how you implemented your company's formal DR plan -- or why you haven't got one.

Got any questions about DR? How to budget for it? What goes into an effective plan? Share them, along your stories and insights with us.

And don't forget to register:

bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.
REGISTER NOW!

I look forward to hearing from you.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31828
PUBLISHED: 2021-05-06
An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
CVE-2020-18888
PUBLISHED: 2021-05-06
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
CVE-2020-18890
PUBLISHED: 2021-05-06
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
CVE-2021-31793
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
CVE-2021-31916
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...