One place for hosting & domains

      Disaster

      Business Continuity and Disaster Recovery Basics: Testing 101


      “Luck is what happens when preparation meets opportunity.” – Seneca

      As I covered in another blog post, the first step to any effective business continuity and disaster recovery program is crafting a thoughtful, achievable plan.

      But having a great business continuity and disaster recovery plan on paper doesn’t mean that the work is done. After all, how do you evaluate the efficacy of your plan or make adjustments before you actually need it? The answer: by putting it to the test.

      Disaster Recovery Plan Testing

      I am fond of saying that managed services are a three-legged stool made up of technology, people and processes. If you lose any one leg, the stool falls over. And since an IT department is essentially offering managed services to the wider organization, IT management should think in terms of the same triad.

      Let’s break it down:

      • Technology: the tool or set of tools to be used
      • People: trained, knowledgeable staff to operate the technology
      • Processes: the written instructions for the people to follow when operating the technology. (See another blog I wrote for more information: “6 Processes You Need to Mature Your Managed Services.”)

      For a disaster recovery scenario, you need to test the stool to make sure that each leg is ready and that the people know what to do when the time comes. One useful tool for this is a tabletop exercise (TTX). The purpose of the TTX is to simply get people thinking about what technology they touch and what processes are already in place to support their tasks.

      Tabletop Exercise Steps

      Let’s walk through the stages of a typical TTX.

      No. 1: Develop a Narrative

      Write a quick narrative for the disaster. Start off assuming all your staff are available, and then work through threats that you may have already identified. Some examples:

      • Over the weekend, a train derailed, spilling hazardous materials. The fire department has evacuated an area that includes your headquarters, which contains important servers.
      • Just 10 minutes ago, your firm’s servers were all struck by a ransomware attack.
      • Heavy rains have occurred, and the server room in the basement is starting to flood.

      Now, some questions and prompts for your staff:

      • What should we do?
      • How do we communicate during this?
      • How do we continue to support the business?
      • What are you doing? Show me! (Pointing isn’t usually polite, but this might be a time to do so.)
      • How do we communicate the event to clients, customers, users, etc.?

      Going through the exercise, you’ll likely find that certain recovery processes are not properly documented or even completely missing. For example, your network administrator might not have a written recovery process. Have them and any other relevant staff produce and formalize the process, ready to be shared at the next TTX.

      Continue this way for all the role-players until your team can successfully work through the scenario.  You will want to thoroughly test people’s roles, whether in networking, operating systems, applications, end user access or any other area.

      No. 2: Insert Some Realism

      Unfortunately, we have all seen emergency situations and scenarios, such as the 9/11 terrorist attacks, where key personnel are either missing, incapacitated or even deceased. In less unhappy scenarios, some staff might not be able to tend to work since their home or family was affected by the disaster. For the purposes of a TTX, you can simply designate someone as being on vacation and unreachable, then have them sit out.

      Ask:

      • Who picks up their duties?
      • Does the replacement know where to find the documentation?
      • Can the replacement read and understand the written documentation?

      No. 3: “DIVE, DIVE, DIVE!”—Always Be Prepared

      Just like a submarine commander might call a crash dive drill at the most inopportune time, call a TTX drill on your own team to test the plan. For this, someone might actually be on vacation. Use that to your advantage to make sure that the whole team knows how to step in and how to communicate throughout the drill. You might even plan the drill to coincide with a key player’s vacation for added realism.

      No. 4: Break Away From the Table

      Once you’ve executed your tabletop exercise, now it’s time to do a real test! Have your team actually work through all of the steps of the process to fail over to the recovery site.

      Again, you will want to test that the servers and application can all be turned up at the recovery environment. To prevent data islands, make certain that users can successfully access your applications’ recovery site from where they would operate during a disaster. Here are some questions for user access testing:

      • Can users reach the replica site over the internet/VPN?
      • Can users use remote desktop protocol (RDP) to connect to servers in the replica environment?
      • If users in an office were displaced, could they reach the replica site from home using an SSL VPN?

      No. 5: Bring in a Trusted Service Partner

      The help that an IT service provider provides you doesn’t have to stop with managing your Disaster Recovery as a Service infrastructure or environment. With every INAP DRaaS solution, you get white glove onboarding and periodic testing to make sure that your plans are as robust as you need them to be. Between scheduled tests, you can also test your failover at will, taking your staff beyond tabletop exercises to evaluate their ability to recover the environment on their own. Staying prepared to handle disaster is a continuous process, and we can be there every step of the way to guide you through it.

      Explore INAP Disaster Recovery as a Service.

      LEARN MORE

      Paul Painter
      • Director, Solution Architecture


      Paul Painter is Director, Solution Architecture. He manages the central U.S. region, with his team supporting sales by providing quality presales engineering and optimizing customer onboarding processes. READ MORE



      Source link

      How to Defeat Ransomware With Disaster Recovery as a Service


      Given the eye-catching headlines and high-profile disasters, ransomware’s ability to wreak havoc probably needs no introduction.

      Case in point: The government of Jackson County, Georgia, was recently forced to pay $400,000 in cryptocurrency to a criminal gang that had taken over the network and encrypted their environment, making it completely unusable. Numerous stories like this can be found in headlines across the globe, taken from the experiences of hospitals, universities and businesses alike.

      In 2017, the FBI’s Internet Crime Complaint Center received 1,783 complaints from U.S. organizations that were infected with ransomware. These attacks cost millions of dollars in losses. Yet these numbers represent only a fraction of the total number of attacks, as the vast majority are never reported to the FBI.

      Certainly, ransomware can be devastating, but here’s a secret: It doesn’t have to be.

      Disaster Recovery as a Service (DRaaS) allows you to invalidate the threat of ransomware by creating redundancy in your environment. This blog will cover how that works, but first, let’s take some time to understand ransomware.

      What Is Ransomware?

      Ransomware comes in many forms, but two main varieties have emerged: locker-ware and crypto-ware. Locker-ware involves a hacker taking control of a specific computer or network and then changing passwords so that systems cannot be accessed. Crypto-ware uses encryption techniques to mask all data, rendering it unreadable or unusable.

      In both types of ransomware attacks, the criminals extort the organization, offering to unlock the system only after receiving payment (usually in the form of cryptocurrency).

      In 2017, ransomware program WannaCry made headlines, infecting an estimated 200,000 computers and netting its creators roughly $300 every time someone chose to pay to decrypt their computers. The real cost, however, is far greater when you include lost productivity and the work required to recover systems impacted by WannaCry. Estimates ranged from hundreds of millions of dollars, even into the billions.

      Disaster Recovery as a Service (DRaaS): The Silver Bullet for Ransomware

      The first line of defense against any cyberattack or phishing attempt is proper security training for all employees. Foundational security measures include training employees to validate links before clicking them and verifying the identity and legitimacy of senders. For example, a common trick of hackers involves replacing or switching letters in email addresses to make them appear legitimate (e.g., lnap.com vs. inap.com). Every organization should have strong group policy objects set for their end users, such as enforcing unique passwords, limiting the installation of software and disabling forced system restarts.

      One of the best ways to protect your organization from ransomware is to put in place Disaster Recovery as a Service (DRaaS) for your critical applications and infrastructure. DRaaS comes in different flavors, and which option you go with will depend on your recovery needs: i.e., Recovery Point Objectives and Recovery Time Objectives. Read our blog on RPO and RTO to learn about what these mean.

      Regardless of how often you need to back up (RPO) or how quickly you need your applications to be online (RTO), DRaaS is a straightforward, effective way to neutralize the threat of ransomware.

      Here’s how: DRaaS safeguards your physical and virtual systems by creating a functionally redundant environment that you can switch on in the case of any disaster. This minimizes downtime and its impact on your business, while ensuring that you have a “clean” environment that is safe from any malware—ransomware or otherwise.

      If attackers do gain control of your systems, all you have to do is contact your DRaaS service provider to begin the recovery process. As an INAP customer, you can call, email or log in to your portal to immediately let us know what’s happened. We will work with you to verify what systems or files need to be recovered, confirm the recovery point you need, then begin a full recovery to overwrite the compromised environment. This process will usually follow a detailed runbook that is collaboratively designed when the DRaaS solution was first implemented as part of our white glove onboarding.

      Learn More About INAP Disaster Recovery as a Service

      INAP offers two kinds of Disaster Recovery as a Service: On-Demand DRaaS and Dedicated DRaaS. Both offer redundancy and protection from ransomware—built on our secure, high-performance private cloud. We also offer disaster recovery testing to evaluate your DRaaS solution’s efficacy in a realistic scenario, in addition to a white glove onboarding service.

      With a DRaaS solution in place, you can feel confident that your environments are safe from would-be hijackers and, most importantly, costly downtime—whether caused by ransomware, natural disaster, human error or anything else.

      Explore INAP Disaster Recovery as a Service.

      LEARN MORE

      Allan Williamson
      • Technical Account Manager


      READ MORE



      Source link

      Disaster Recovery is the Perfect Entry Point to the Cloud. Here’s Why.


      Moving to the cloud is not an all or nothing proposition. Most organizations are, at some level, on a journey to the cloud, or as Gartner analyst Thomas Bittman says, “A journey to the mix.”1While some IT shops take the plunge and embrace the change with the grace of an Olympic high diver, most organizations find themselves dipping a toe in the shallow end for a phased-in approach.  

      If the latter seems familiar, you aren’t wrong. We’ve already seen a similar adoption trend with virtualization. But with the exception of legacy applications, virtualization was essentially a one-size-fits-all solution. A technology platform built to solve a variety of IT issues, the cloud is a different story altogether.

      Why? Because moving to the cloud is much more variable in its advantages, and as a result, requires a discerning eye. Simply put, there are dozens of “right ways” to adopt cloud. From tenancy (hyperscale public vs. dedicated private) to payment model (pay-as-you-go vs. discounted reserved resources), the cloud offers an unprecedented degree of service flexibility.  

      So where to get started? Fortunately, there’s one business use case that perfectly showcases the advantages of the diversity of choice offered by cloud computing: Disaster Recovery.

      Disaster Recovery as a Service (DRaaS)

      When the decision comes down from the executive level that you will be required to add DR to your project list, are you really going to build and manage an additional data center for this requirement? Some (mostly larger) enterprises will, and it will be the right decision for them. But that’s an increasingly rare scenario.  

      That’s because the cloud has created a veritable buffet of cloud-based “as a service” offerings that can fulfill the same requirements without having to make heavy investments in both human expertise and IT infrastructure. Disaster Recovery as a Service (DRaaS) is offered by many Cloud Service Providers (CSPs) around the globe, enabling organizations of all sizes to protect their business operations without committing to heavy capital expenditures.  

      Here at SingleHop, we have taken DRaaS a step further by offering a few ways to apply DR to your organization.  

      Standby DRaaS and Active DRaaS

      Looking for a simplified DR solution to “check the box?” Standby DRaaS offers a pay as-you-go model in a private cloud environment, allowing the customer to pay for server resources they consume at the time of demand. Think of it like having a second data center “on call” and ready for action in the event of a critical failure. When the solution is in a “standby” state, only storage and software license fees are charged. SingleHop Standby DRaaS customers can dip their toes in the cloud without fully committing their IT budget.   

      Do you have more stringent compliance requirements or require dedicated resources for the most critical of workloads? SingleHop has a solution for that too. SingleHop Active DRaaS is an always available dedicated cloud environment for disaster recovery that protects your business with the strict recovery times and objectives. This purpose-built environment guarantees that virtualized workloads have the resources they need during an unexpected outage, backed up by an industry-leading SLA.  

      Hybrid DRaaS

      While both Standby and Active DRaaS offerings are based on SingleHop’s Private Cloud infrastructure, SingleHop also has the ability to enable hybrid cloud for your organization.  Hybrid cloud combines the security and control of the SingleHop Private Cloud with economic and scalability benefits of public cloud offerings from Amazon Web Services and Microsoft Azure Cloud. By coupling SingleHop’s Managed AWS and Managed Azure offerings with SingleHop DRaaS, virtualized Disaster Recovery workloads can be placed where they make the most sense.  

      Like the cloud, Disaster Recovery isn’t a one-size-fits-all solution. As a trusted partner in hybrid cloud and multicloud solutions, SingleHop can provide your organization with the guidance and expertise needed during its cloud journey.

      References & Further Reading:

      1. “The journey to the cloud is now about a mix of models, Gartner says.” Lauren Horowitz. Cisco.   



      Source link