An effective Disaster Recovery solution enables failover after a disaster and ensures an organization is back up and running in optimal time .
• Respond : Mitigating a cybersecurity attack and limiting the exposure of assets is important to reduce any disruptions or financial costs .
• Recover : Timely recovery to normal operations is important to reduce the impact of a cybersecurity event . Organizations need to develop activities to increase cyber-resilience and restore services in a timely manner .
Effective Business Continuity management enables organizations to update , control and deploy plans and tools while considering organizational contingencies and capabilities , as well as business needs .
Given each organization and IT environment has its own requirements , it is recommended that a Business Continuity and recovery plan is reviewed , tested , updated and maintained on a regular basis .
Limiting potential losses
It ’ s worth drawing out one of the aspects of the NIST framework for further emphasis – and that element is time .
An effective Disaster Recovery solution enables failover after a disaster and ensures an organization is back up and running in optimal time . How ‘ optimal ’ is defined will vary from organization to organization , but there are two useful measures that organizations should understand .
These are the recovery time objective ( RTO ), which is the time taken for a system to be recovered and ready for use again by the business ; and the recovery point objective ( RPO ), which is the time when the last backup of data was made ( reflecting how much data could be lost during a Disaster Recovery initiation ).
These will vary depending on the mission-criticality of the system . There are some systems where an RPO of weeks might be acceptable because reversion to manual processes or alternate systems is possible . For systems crucial to day-to-day operations , such as networks , servers or Active Directory , the RPO is zero minutes , and well-defined and well-tested contingencies will be needed .
Organizations will inevitably be exposed to a variety of risky situations in their operational lifespan . The key is to plan for them and have options when these eventualities play out . Specialist assistance , such as that offered by a managed services provider , is valuable as an additional risk mitigation in this space .
Such relationships can make all the difference , ensuring the best cloud-based security , backup and Business Continuity solutions are in place for the job , as well as access to a team of experts who live and breathe business recovery best practice in a critical time of need . p
38 INTELLIGENTCIO APAC www . intelligentcio . com