What the Gulf Oil Spill can teach CIOs about disasters

While I’m by no means trying to take attention away from the horrific environmental and economic disaster that the now largest oil spill in U.S. history has caused, I can’t help but see some lessons that I and other IT professionals can learn from it.

The massive amount of crude heading to the Gulf Coast is currently being met by an army of ships, clean-up vehicles and tens of thousands of people who are collecting and cleaning hundreds of miles of beaches. A unified command structure that is coordinating efforts of local, state and federal agencies alongside commercial assets is now in place, sifting and transmitting tons of vital information in near real time, to deploy resources where they can be most effective.

Also see Tom Olzak’s “Business continuity event planning: Analysis and containment” on CSOonline.com

Most of this, of course, is occurring away from comfortable offices with stable infrastructure. Data is being transferred to and from remote operations via multiple channels, including landline, wireless and satellite technology. The connectivity issues alone are mind boggling.

Though there are plenty of other take aways from this tragic event, CIOs and CISOs would be remiss if they didn’t use this incident to evaluate their current disaster recovery strategy. At the very least, contingency plans must be in place that answer these three basic questions.

• How many additional access points will be needed and for how long? IT staffs must calculate these figures depending on how many people are displaced or in various locations at any given time. CIOs should also lean heavily on their service providers to get guarantees as to how soon they can add capacity should it be required.
• How quickly can those additional access points be made secure? One of the worst things a company can do is to increase its remote connectivity capacity at the expense of its security posture; the prospects for disaster will actually increase despite the opposite intentions. IT staffs must ensure that each new access point comes with the necessary VPN, Email and UTM filters. That will also mean identifying the suppliers to make that happen.

How responsible are the backup systems under crisis conditions

Test the off-site and off-line server farms to ensure that they can act as the primary network on no notice without any degradation to security or data integrity. It’s a prudent idea for CIOs and CSOs do this periodically.

With all the attention now being paid by policy makers and operators to ensure that the current Gulf Oil Spill never happens again, IT professionals should also follow suit and ensure that no matter what the crisis, their team is ready to respond to an increase in displaced or remote operations that will place a great deal of stress on its data networks. While the future will always be a bit uncertain, the ability to overcome IT issues should not.

About the author: Max Huang is the founder and President of O2Security, Inc., a wholly-owned subsidiary company of O2Micro. The company is a manufacturer and marketer of high-performance network security appliances and disaster recovery offerings for small- to medium-businesses as well as remote/branch offices, large enterprises and service providers. Max can be reached at max.huang@o2security.com.