A big part of business continuity planning is making sure we have manual processes or other workarounds in place. They act as interim bandages to keep business processes moving forward. Many organizations, especially those required to do so by regulation, have documented processes sitting in a file server somewhere waiting for a server, system, or data center event. Sitting on a file server? In addition to the risk of not placing up-to-date documentation in the recovery bin at the off-site storage location, there is one glaring piece of the recovery puzzle missing: the data. What good is a workaround if employees can’t access customer information, product availability, payment processing information, etc. We sometimes forget when building our response plan that it’s still all about the data. Data is on tape or cloud-based backup? Excellent. How long will it take to get it on a new server and available to business users? The time it takes to reconnect business users with data is also process downtime. Whether your data is quickly available or, as with many traditional DR plans, available within 24 hours, should depend on management’s understanding of maximum tolerable downtime (MTD). While the MTD of payroll might be 24 hours, how acceptable is having order entry and shipping systems down that long… or longer? In years past, it was usually cost-prohibitive to ensure almost immediate access to data when a business continuity event occurred. That is no longer true. Cloud vendors provide reasonably priced solutions for data storage, system hosting, etc. Choosing one that is secure with recovery of data access within two or three hours should not be out of reach for most organizations. For larger organizations, building a second, backup, data center just for the most critical systems is another option. Like all security planning, how you meet this challenge depends on a risk assessment and business impact analysis. Just keep in mind that users today are less forgiving than they were in the olden days when you tell them to call back because the computer’s down… Related content opinion MQTT is not evil, just not always secure The MQTT messaging protocol standard used by IoT vendors is not inherenly secure enough. Solutions exist to secure it, but organizations and vendors must assess risk and properly configure IoT and network security. By Tom Olzak Jul 17, 2017 3 mins Internet of Things opinion IoT messaging protocol is big security risk Popular IoT messaging protocol lacks encryption and sufficient device authentication security. By Tom Olzak Jul 14, 2017 3 mins Cloud Security Data and Information Security Internet of Things opinion Anatomy of an insider attack Manage insider attack risks with scenarios and application of common sense. By Tom Olzak Sep 30, 2016 4 mins Business Continuity Security opinion Identity governance and admin: beyond basic access management User behavior analytics give additional power to identity management and compliance. By Tom Olzak Aug 30, 2016 5 mins Investigation and Forensics Compliance Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe