Nothing like a disaster to remind you how important it is to plan for one. With the super storm Sandy wreaking havoc in the Northeast last week, many an organization is realizing that their disaster recovery plan was either out of date or, even worse, non-existent. Of course, the lesson is a painful and costly one, but perhaps it will help others to better plan in the future.
Having been in information security for some time, I remember when the outbreak of mass attacks like Code Red and Blaster were in some ways the best things that happened for the security vendors. It made people take security seriously. The same holds true for Sandy. I guess that is the natural way of things. Some folks were out warning in advance. After all, we saw Sandy coming for a week. My friend Larry Walsh over at Channelnomics wrote this the week before Sandy, "Solution providers already supporting customers’ backup, this weekend is the time to check data integrity and backup processes are working properly." A perfect example is how many data centers had generator backup in place. Unfortunately, they only had a day or two of fuel for the generators. Without access to gas, all of those generators didn't do much good.
The industry is also already pointing to Sandy as the poster child of why you should be working on your backup and DR plans before the disaster comes. My friend David Wartell of R1Soft/Idera wrote a nice blog on why Sandy is a lesson to be learned by all of us. David's message is that after the next disaster, or even right before the next disaster, is not the time to be planning your DR and backup strategies. The time to do is now. You don't know when the next disaster will strike.
I had a chance to speak with Rachel Dines, a senior analyst with Forrester Research. Rachel heads up Forrester's Business Continuity and Disaster Recovery analyst team. Before I go any further about my conversation with Rachel, let me tell you that as a result of Hurricane Sandy Forrester for the month of November is making available a library of reports on BC and DR for free! They have lowered their paywall and allow people to access these reports that normally are available only to their paying customers. These reports are available here. I wouldn't waste any time in taking advantage of this generous offer from Forrester.
You can listen to my entire conversation with Rachel in the media player below. Rachel actually wrote a new report on the DR space at the end of September. Rachel and her team are advocating what they call Data and Technology Resiliency. Rachel says we live in a world where we no longer can afford significant down time. Disaster Recovery connotes we are recovering from a stoppage, restarting if you will. Resiliency is more about depth and the ability to shift resources and assets so that operations never actually stop.
With technologies like disk duplication, virtualization, the cloud and ubiquitous bandwidth, Rachel and her team lay out a great vision of how companies can leverage all of these to minimize the impact of unplanned events and disasters.
Of course, there is more to DR than products or even services, a successful strategy includes process and policy and procedures. It means building data resiliency into your very DNA.
You can listen to the rest of my conversation with Rachel below. It's only about 15 minutes long. I hope you find it enlightening. Also, be sure to take advantage of Forrester lowering their paywall and and download those free reports!
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.