Previously, organisations have considered it perfectly acceptable to plan and execute their security and disaster recovery programmes as two separate operations, working side by side but never crossing over or collaborating. Now – in the midst of the cloud era – this approach is likely to cause headaches for IT teams who still operate this way.
The original thought around separating these strategies is rooted in the idea that security prevents man-made disasters from occurring, with zero thought toward recovery plans if prevention failed. While the protocols may differ, it's risky to keep security and disaster recovery as separate entities.
Even with the best security technology, prevention is not a guaranteed and man-made disasters can and will happen. We see examples of this time and again as major brands across the globe find themselves making headlines because of widespread outages or ransomware, leaving CIOs scrambling to achieve true IT resilience because of the lack of coordination between prevention and recovery.
In the current cyber-climate, IT departments have to assume security breaches will happen. Expecting preventative measures to cover every possible threat is just no longer a smart way to work and does not take into account how talented and dedicated cyber-criminals can be. And while IT organisations need a thoughtful strategy to prevent security issues, they also need a plan B that ensures that the business doesn't experience any unscheduled downtime.
Incorporating both of these elements in one cohesive IT resilience strategy is becoming increasingly vital, particularly as organisations transition more of their infrastructure to the cloud.
The pitfalls of running plans in parallel
Organisations, no matter how big or small, are frequently exposed to cyber-attacks or breaches when they rely solely on security measures. While security technologies help identity and stop many attacks, inevitably a breach will occur.
According to the Symantec 2017 Internet Security Threat Report, more than 100 new malware families have been introduced to the public this year. This is more than three time the amount in previous years, with a 36 percent increase in ransomware attacks worldwide. Even large organisations such as WPP, the world's largest advertising agency, and pharmaceutical giant, Merck &Co.reported being attacked as late as last June.
When organisations such as these, with abundant resources, are vulnerable to attacks, it's clear security plans that are put in place to detect breaches sooner are not sufficient for all of today's sophisticated cyber-attacks.
Truly resilient IT plans include a “keep-out” security strategy and a recovery plan that guarantees it will take minimal time to return to normal operations. In other words, the first line of defence should always be a modern security technology that works to keep attacks from penetrating vital systems and data. But in the event an attack does infiltrate the firewall, it is critical that organisations have a plan that allows for rapid recovery and business operations as usual as quickly as possible.
How to consolidate for a solid IT resilience plan
Any organisation that wants to combine security and recovery should consider these three basic steps to prevent intrusions and be ready to respond quickly if a breach occurs.
1. Plan and maintain a consistent update schedule
It is essential to update and upgrade frequently. Issuing updates once a month will no longer suffice. Addressing the threat landscape as categories instead of individual threats can help focus a schedule on what updates are done on what systems and when these happen. This requires constant vigilance across the organisation.
With ransomware, a prevent strategy is now simply a failure to prepare, as it straddles the fence of security and disaster recovery. Having “DVR-like” capabilities to “rewind” to the seconds before the encryption occurred and address the specific flaw is a key enabler to a recovery plan.
2. Coordinate testing and supervision to reduce recovery times
Modern disaster recovery plan testing can no longer be an annual or even quarterly drill. Frequent and continuous testing must be conducted to guarantee that the disaster recovery plan enables organisations to recover quickly and resume business as usual.
As security and disaster recovery plans converge into a single IT resilience strategy, they should be governed by a single team and staffed by individuals with specific expertise. As both plans are combined into one with a goal of ensuring uninterrupted IT, it is only logical to merge the teams supervising them.
The combined team should create and manage a consolidated security and disaster recovery plan to produce a recovery time objective (RTO) of just a few minutes.
3. Create an alignment to include a three-prong approach
Security and disaster recovery strategies should align with a trusted three-prong approach to IT resiliency – protect, detect and respond. This method covers all the bases to neutralise cyber-attacks and other business disruptions quickly after the infrastructure has been infiltrated.
Many companies realise that they are not in the "IT Business" and are increasingly adopting cloud-based strategies to implement this approach. Others are leveraging expertise through managed service providers to combine IT security and disaster recovery paradigm as a service.
Amalgamation is everything
Reliance on data and applications is only set to increase as organisations continue to strive for an advantage in tightly competitive markets. As the number of high profile cyber-security attacks over the last year have shown, organisations leave themselves exposed if integration between disaster recovery and security isn't implemented. CIOs and CEOs need to make the most of their investments by utilising heterogeneous technology that allows for the amalgamation of IT strategy for cohesive and coordinated planning, testing and – most importantly of all – business continuity.
Contributed by Avi Raichel, CIO at Zerto
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.