How to ensure a secure disaster recovery operation
As if recovering from a disaster isn't pressing enough, organizations also need to be mindful of potential security breaches when they are most vulnerable.
During a recovery, is your organization's storage secure? System attackers and data thieves are cowards, so it's only natural that they're attracted to enterprise systems when they're most vulnerable.
Disaster recovery is a complex and multifaceted operation, and your DR team members are likely already spreading themselves thin trying to ensure a speedy and complete recovery. That's why it's important to ensure that system and data security is always maintained, especially during a DR operation.
There are several key points to consider as you evaluate your organization and work on crafting a secure disaster recovery plan. Along with having solid data security measures in place as part of your standard business operations, see how it helps to consider DR when establishing these standards. Here are four steps to maintain security during recovery.
Remain consistent
Security during a DR operation cannot be any different than during regular operations, said Richard Butgereit, director of catastrophe response at the Geospatial Intelligence Center, an organization that serves the insurance industry and first responders with geospatial support during disaster situations. "Otherwise, you look to turn your disaster recovery into yet another disaster," he stated.
A prime directive for a secure disaster recovery operation should be to maintain the same security standards in place for normal business operations, said Greg Arnette, director of data protection platform strategy at Barracuda Networks. "This means the security apparatus -- software, hardware, identity management, etc. -- needs to be at the core of the [business continuity/DR] planning."
Stay strong
Access and authorization systems should be protected as part of a business continuity and DR plan. "These critical systems are the foundation for modern enterprise IT systems, and themselves need a DR plan to ensure that APIs and login screens are accessible when primary systems are affected by the disaster event," Arnette said.
Stick to the plan
Ned BellavanceDirector of cloud solutions, Anexinet
The best way to maintain a secure disaster recovery process is to have good security practices already baked into existing technologies and processes, recommended Ned Bellavance, director of cloud solutions at IT service management company Anexinet. "The data and applications running in your DR location should be following the same guidance and security protocols as your production facilities," he said.
Bellavance noted that several key security items should be considered when developing secure disaster recovery operations. "First, any sensitive data should be encrypted at rest and in transit, including backup and replication data being sent to a secondary site," he said. "Second, DR documentation should not include any passwords or secrets." Such information should be stored securely with an off-site service that can be easily accessed in the event of a disaster. "Third, DR operators should follow the principle of least privilege," Bellavance said. This means not giving operators more rights than they absolutely need to accomplish their tasks.
Build layers
Aim for a multilayer security approach to secure disaster recovery. "Security-centric organizations have alternate operations facilities featuring secure connections utilizing FIPS 140-2 [Federal Information Processing Standard 140-2] encrypted connections," said Ted Wagner, chief information security officer for SAP National Security Services. Such facilities replicate physical environment security controls.
Always have a backup plan for your backup plan, said Jackie Rednour-Bruckman, chief marketing officer for software development firm Daxima. "Plan for the worst-case scenario, and then plan for the backup plan," Rednour-Bruckman said. "You want multiple redundancies, especially for taking your network immediately offline when it's been compromised and to continue vital operations with secure [on-premises] systems."