Mirus is delighted to feature Laura Marulandara-Carter PhD as a guest blogger. Laura works at Milton Keynes College as the Head of Curriculum IoT, with 10 years of teaching experience and a strong advocate of employer engagement and women in technology, we're very excited to be working together.
We’re looking forward to sharing more of Laura's unique and discerning insights into IT, IoT and Security.
On being asked to feature as a Mirus Guest Blogger, Laura commented:
"It is a pleasure to be working with Mirus IT Solutions on their blog. An established and forward-thinking business in Milton Keynes, they are an excellent example of an organisation that puts both their employees and clients front and centre. Thriving to develop, learn and share, I couldn’t recommend them more for your IT support. Inspired by their Cyber Security Summit last year, this article gives only a taste of the day and lessons learned from guest speaker Cal Leeming."
Data Backup: When Plan A Fails, How Prepared Are You?
Originally published November 2018, In Information Age
No enterprise is immune from an outage. It can strike at any time and without warning, which is why it’s paramount that IT have a data backup plan in place.
Disaster recovery and business continuity policies are often considered the awkward, much less popular, second cousin of evacuation plans. Some time and effort may have been invested when you were first in the post to create/draft/redraft this document, before ultimately getting lost in the abyss and only resurfacing it as part of an annual tick-boxing exercise. But how many times in the last 12 months have you carried out a “drill” to check your employees’ knowledge of this critical document? If the answer is none, then you join the one in four companies that have never tested their disaster recovery plans.
I recently had the pleasure of seeing the notorious Cal Leeming keynote at a Cyber Security summit. Long are the days (ten to be exact) of his youthful hacking antics; he now stands an impressive public speaker, security adviser and founder of River Oakfield. No different to a traditional fire drill practice, his “let’s play make-believe” rendition of disaster recovery-style scenario testing was an excellent opportunity to show how simple gamification can quickly establish open and reflective discussions among staff.
Organisations that collect, hold and use information digitally need to be fully attentive to the union between the business and planning process. It amazes me how we continue to ignore, even after 20 years of research, such a critical task of ensuring policies are dependable, accurate and in line with business needs. This cannot be a quickly assembled document. It should be dynamic enough to involve active participation of the entire while. Reducing your Recovery Time Objective (RTO) to minimise downtime, while increasing Recovery Point Objective (RPO) restorability will minimise data loss. Despite the evolution of data tiering, I continue to refer to old research that has long recognised the barriers preventing organisations from establishing these policies in practice. It’s time to take the lead in your organisation and debunk these myths.
(1) “… lack of awareness for the need at an executive level because of the perception of no real risk…” Denial. The ‘it’ll never happen to me’ line. I hear this often after some mal- or ransom- ware attack. While many of us do not expect to be burgled whilst out, we still lock the door every morning. So why do organisations continue to not invest in anti-virus or cyber threat detection. If you are struggling to convince your superiors, send them this excellent Internet Security Threat Report that reveals the latest trends and statistics.
(2) “… lack of capacity to test 24/7…” If your IT systems are truly mission critical and cannot, at any point, be shut off, then I would expect a secondary system to have already been established in case of technical incapacity. If not, the associated risks within the organisation would undeniably be profound. It would then be necessary to explore alternative processes to maximise protection and manage disruption.
(3) “… you can have a plan that covers every aspect of your business…” A single one size fits all policy is limiting, ineffective and often results in the longest RTO. A multi-layered backup policy, including snapshots or backups starting at operating systems, continuing to storage layer, then local backups and finally an off-site backup at a disaster recovery site, is more robust. Sacrificing either metric, to reduce spend, could have negative consequences on the ability of your business to bounce back from disaster.
(4) “… using a BCP video in induction training… 200 eyes looking at security is better than two IT eyes… ” Business continuity policy is only one step of regular training and review. There are many IT disaster recovery training providers for employees that can bring awareness and support to ensure the plan works and everyone knows their role within it.
Although I can appreciate the genuine challenges that lead to these excuses – the absence of preparedness acts as a catalyst for those “if only we had..” or “what if..” moments that are estimated to cost UK businesses upwards of £2 billion in unplanned downtime. Even more punitively 60% of small businesses who lose access, to either operational systems or data, often cease trading within six months of the disaster.
More recent research out of London South Bank University suggests the cloud could provide the most feasible solution. Due to its dynamic scalable and high availability structure it’s perfectly placed as a disaster recovery service, both low cost and minimal recovery time without data loss. A recent IBM patent shows a program currently under-development that would have the ability to recover servers during a disaster event, or at the very least allow for continued operations in the event one or more assigned resiliency attributes to fail. By linking a single or group of servers to an independent partner resource at an offsite location, workloads could be duplicated at recovery point to eliminate any form of disruption. A similar cloud service is already widely available if you set-up Microsoft’s Azure site recovery.
Do not wait for the next natural disaster, cyber attack or infrastructure breakdown impede your business. It is a matter of when not if, and your employees are relying on you to ensure the plan is in place (and practised!).
- Dr Laura Marulandara-Carter, PhD