One place for hosting & domains

      Recovery

      Want Disaster Recovery Success? Start with a Business Impact Analysis


      Between 2020’s pandemic, hurricanes and wildfires, it’s never been more important to have a solid disaster recovery (DR) plan. INAP’s Jennifer Curry, SVP, Product and Technology, recently spoke with Tech Republic on this very subject. The necessity of DR is widely known, but getting started isn’t always so simple. When a company launches a disaster recovery planning process, it can be daunting task for the IT team to know what systems they need to be made available and in what order. Do we include all the marketing servers? Do we need our HR server right away? The best starting point to plan your DR strategy is to run a Business Impact Analysis (BIA).

      A BIA allows a company to better understand what services are needed and in what order they need to continue running. There is no right or wrong process in a BIA, but a few things must be taken into consideration when it comes to putting one together. Check out the list below to get started, and then download INAP’s Business Impact Analysis template, linked below.

      Considerations for the Business Impact Analysis

      What essential apps and workloads does the company need to provide in the immediate aftermath of a DR scenario?

      Which departments would be providing those services? These departments will need to provide information on what systems they require to continue serving internal and external customers. These may include auxiliary systems as well.

      Does IT have a list of the systems required by each department to continue business as usual in a DR event?

      Each department, no matter what service they provide, needs to be taken into account. This helps everyone understand the many moving parts between different groups. For example, while the accounting group has their own dedicated servers for their accounting app, they may be using a file server for storing data files that’s shared by everyone in the company. In all likelihood, this file server would have been considered non-essential until the BIA was done.

      What important internal functions and services are essential to operations?

      There may be times when IT assumes a department may not be critical in the plan until they understand all the services it provides. For example, HR payroll systems are essential to a functioning business and needs to be included in the plan. Similarly, marketing and communications systems may need to operate to run critical internal communications during a DR scenario. These functions keep information moving through the necessary channels. Be sure to thoroughly review the functions of all departments.

      What kind of timeline should IT follow in a DR scenario?

      It is important to understand the timeline in which each app and workload is needed to be brought back online. Some systems simply don’t need an RTO (recovery time objective) of under a few hours. Creating a detailed hierarchy and timeline will save money and logistical headaches. What lower priority systems need to be taken into account? Think about your media storage, archival storage and business intelligence applications and databases and similar systems and where they fit into the plan.

      Next Steps

      As you use the above considerations to guide your business impact analysis creation, be sure to run your analysis with key team members of each department to create a holistic business continuity document.

      Ready to get started on your BIA? Below you can download INAP’s ready-to-use template. You can also check out this post from the ThinkIT blog for more tips on creating this important document.

      Deven Arya


      READ MORE



      Source link

      Business Continuity and Disaster Recovery Basics: Testing 101


      “Luck is what happens when preparation meets opportunity.” – Seneca

      As I covered in another blog post, the first step to any effective business continuity and disaster recovery program is crafting a thoughtful, achievable plan.

      But having a great business continuity and disaster recovery plan on paper doesn’t mean that the work is done. After all, how do you evaluate the efficacy of your plan or make adjustments before you actually need it? The answer: by putting it to the test.

      Disaster Recovery Plan Testing

      I am fond of saying that managed services are a three-legged stool made up of technology, people and processes. If you lose any one leg, the stool falls over. And since an IT department is essentially offering managed services to the wider organization, IT management should think in terms of the same triad.

      Let’s break it down:

      • Technology: the tool or set of tools to be used
      • People: trained, knowledgeable staff to operate the technology
      • Processes: the written instructions for the people to follow when operating the technology. (See another blog I wrote for more information: “6 Processes You Need to Mature Your Managed Services.”)

      For a disaster recovery scenario, you need to test the stool to make sure that each leg is ready and that the people know what to do when the time comes. One useful tool for this is a tabletop exercise (TTX). The purpose of the TTX is to simply get people thinking about what technology they touch and what processes are already in place to support their tasks.

      Tabletop Exercise Steps

      Let’s walk through the stages of a typical TTX.

      No. 1: Develop a Narrative

      Write a quick narrative for the disaster. Start off assuming all your staff are available, and then work through threats that you may have already identified. Some examples:

      • Over the weekend, a train derailed, spilling hazardous materials. The fire department has evacuated an area that includes your headquarters, which contains important servers.
      • Just 10 minutes ago, your firm’s servers were all struck by a ransomware attack.
      • Heavy rains have occurred, and the server room in the basement is starting to flood.

      Now, some questions and prompts for your staff:

      • What should we do?
      • How do we communicate during this?
      • How do we continue to support the business?
      • What are you doing? Show me! (Pointing isn’t usually polite, but this might be a time to do so.)
      • How do we communicate the event to clients, customers, users, etc.?

      Going through the exercise, you’ll likely find that certain recovery processes are not properly documented or even completely missing. For example, your network administrator might not have a written recovery process. Have them and any other relevant staff produce and formalize the process, ready to be shared at the next TTX.

      Continue this way for all the role-players until your team can successfully work through the scenario.  You will want to thoroughly test people’s roles, whether in networking, operating systems, applications, end user access or any other area.

      No. 2: Insert Some Realism

      Unfortunately, we have all seen emergency situations and scenarios, such as the 9/11 terrorist attacks, where key personnel are either missing, incapacitated or even deceased. In less unhappy scenarios, some staff might not be able to tend to work since their home or family was affected by the disaster. For the purposes of a TTX, you can simply designate someone as being on vacation and unreachable, then have them sit out.

      Ask:

      • Who picks up their duties?
      • Does the replacement know where to find the documentation?
      • Can the replacement read and understand the written documentation?

      No. 3: “DIVE, DIVE, DIVE!”—Always Be Prepared

      Just like a submarine commander might call a crash dive drill at the most inopportune time, call a TTX drill on your own team to test the plan. For this, someone might actually be on vacation. Use that to your advantage to make sure that the whole team knows how to step in and how to communicate throughout the drill. You might even plan the drill to coincide with a key player’s vacation for added realism.

      No. 4: Break Away From the Table

      Once you’ve executed your tabletop exercise, now it’s time to do a real test! Have your team actually work through all of the steps of the process to fail over to the recovery site.

      Again, you will want to test that the servers and application can all be turned up at the recovery environment. To prevent data islands, make certain that users can successfully access your applications’ recovery site from where they would operate during a disaster. Here are some questions for user access testing:

      • Can users reach the replica site over the internet/VPN?
      • Can users use remote desktop protocol (RDP) to connect to servers in the replica environment?
      • If users in an office were displaced, could they reach the replica site from home using an SSL VPN?

      No. 5: Bring in a Trusted Service Partner

      The help that an IT service provider provides you doesn’t have to stop with managing your Disaster Recovery as a Service infrastructure or environment. With every INAP DRaaS solution, you get white glove onboarding and periodic testing to make sure that your plans are as robust as you need them to be. Between scheduled tests, you can also test your failover at will, taking your staff beyond tabletop exercises to evaluate their ability to recover the environment on their own. Staying prepared to handle disaster is a continuous process, and we can be there every step of the way to guide you through it.

      Explore INAP Disaster Recovery as a Service.

      LEARN MORE

      Paul Painter
      • Director, Solution Architecture


      Paul Painter is Director, Solution Architecture. He manages the central U.S. region, with his team supporting sales by providing quality presales engineering and optimizing customer onboarding processes. READ MORE



      Source link

      How to Defeat Ransomware With Disaster Recovery as a Service


      Given the eye-catching headlines and high-profile disasters, ransomware’s ability to wreak havoc probably needs no introduction.

      Case in point: The government of Jackson County, Georgia, was recently forced to pay $400,000 in cryptocurrency to a criminal gang that had taken over the network and encrypted their environment, making it completely unusable. Numerous stories like this can be found in headlines across the globe, taken from the experiences of hospitals, universities and businesses alike.

      In 2017, the FBI’s Internet Crime Complaint Center received 1,783 complaints from U.S. organizations that were infected with ransomware. These attacks cost millions of dollars in losses. Yet these numbers represent only a fraction of the total number of attacks, as the vast majority are never reported to the FBI.

      Certainly, ransomware can be devastating, but here’s a secret: It doesn’t have to be.

      Disaster Recovery as a Service (DRaaS) allows you to invalidate the threat of ransomware by creating redundancy in your environment. This blog will cover how that works, but first, let’s take some time to understand ransomware.

      What Is Ransomware?

      Ransomware comes in many forms, but two main varieties have emerged: locker-ware and crypto-ware. Locker-ware involves a hacker taking control of a specific computer or network and then changing passwords so that systems cannot be accessed. Crypto-ware uses encryption techniques to mask all data, rendering it unreadable or unusable.

      In both types of ransomware attacks, the criminals extort the organization, offering to unlock the system only after receiving payment (usually in the form of cryptocurrency).

      In 2017, ransomware program WannaCry made headlines, infecting an estimated 200,000 computers and netting its creators roughly $300 every time someone chose to pay to decrypt their computers. The real cost, however, is far greater when you include lost productivity and the work required to recover systems impacted by WannaCry. Estimates ranged from hundreds of millions of dollars, even into the billions.

      Disaster Recovery as a Service (DRaaS): The Silver Bullet for Ransomware

      The first line of defense against any cyberattack or phishing attempt is proper security training for all employees. Foundational security measures include training employees to validate links before clicking them and verifying the identity and legitimacy of senders. For example, a common trick of hackers involves replacing or switching letters in email addresses to make them appear legitimate (e.g., lnap.com vs. inap.com). Every organization should have strong group policy objects set for their end users, such as enforcing unique passwords, limiting the installation of software and disabling forced system restarts.

      One of the best ways to protect your organization from ransomware is to put in place Disaster Recovery as a Service (DRaaS) for your critical applications and infrastructure. DRaaS comes in different flavors, and which option you go with will depend on your recovery needs: i.e., Recovery Point Objectives and Recovery Time Objectives. Read our blog on RPO and RTO to learn about what these mean.

      Regardless of how often you need to back up (RPO) or how quickly you need your applications to be online (RTO), DRaaS is a straightforward, effective way to neutralize the threat of ransomware.

      Here’s how: DRaaS safeguards your physical and virtual systems by creating a functionally redundant environment that you can switch on in the case of any disaster. This minimizes downtime and its impact on your business, while ensuring that you have a “clean” environment that is safe from any malware—ransomware or otherwise.

      If attackers do gain control of your systems, all you have to do is contact your DRaaS service provider to begin the recovery process. As an INAP customer, you can call, email or log in to your portal to immediately let us know what’s happened. We will work with you to verify what systems or files need to be recovered, confirm the recovery point you need, then begin a full recovery to overwrite the compromised environment. This process will usually follow a detailed runbook that is collaboratively designed when the DRaaS solution was first implemented as part of our white glove onboarding.

      Learn More About INAP Disaster Recovery as a Service

      INAP offers two kinds of Disaster Recovery as a Service: On-Demand DRaaS and Dedicated DRaaS. Both offer redundancy and protection from ransomware—built on our secure, high-performance private cloud. We also offer disaster recovery testing to evaluate your DRaaS solution’s efficacy in a realistic scenario, in addition to a white glove onboarding service.

      With a DRaaS solution in place, you can feel confident that your environments are safe from would-be hijackers and, most importantly, costly downtime—whether caused by ransomware, natural disaster, human error or anything else.

      Explore INAP Disaster Recovery as a Service.

      LEARN MORE

      Allan Williamson
      • Technical Account Manager


      READ MORE



      Source link