The news always seems dominated by disasters—from the current COVID-19 pandemic, wildfires and flu outbreaks to cyber and ransomware attacks. While these events affect personal lives, the impact on small-to-midsize businesses (SMBs) is often forgotten in news reports. Employees are being sheltered in their homes; physical facilities are affected, and a company’s supply chain can be disrupted. These factors are crucial to a company’s ability to operate. In 2018, the U.S. alone saw 14 separate disasters that were each estimated to generate a $1 billion loss.
The issue goes deeper because many people are seeing only now what the influence of these events has on business operations. They want their service or goods to be ready, no matter the circumstances. Companies that plan on how to handle and retain operations are the ones that will come through an epidemic strongest, with minimal impact.
Cyber resilience and data protection expert Jamie Zajac of OpenText-owned Carbonite, our industry resource for this eWEEK Data Points article, shares steps in building a resilient data infrastructure in the face of disaster.
Data Point Step No. 1: Understanding Your Data Governance Regulations
In the age of GDPR and evolving U.S. data privacy legislations, companies must have solid knowledge of how to handle record retention, email archiving and discoverability—regardless of a disaster. Data retention policies and automated backup practices help ensure compliance.
Data Point Step No. 2: Working Remote to Keep the Lights On
The beauty of technology is that it allows employees to work remotely in the event of a disaster. Mobile phones, tablets and laptops can be connected to the company’s network to access data. So, if employees are quarantined due to the flu or other viruses, they can remain productive and keep business operations running smoothly. Additionally, if a natural disaster or pandemic like COVID-19 prevents employees from traveling to the office, an automated data backup system ensures day-to-day information is available in the cloud or alternative location, and secures any work they do offsite is safely saved in their organization’s storage of choice. This allows companies to maintain internal collaboration and minimize disruption.
Data Point Step No. 3: Securing Offsite Locations
Critical business data can be found on all desktops, laptops, tablets and smartphones. When employees are working remotely due to a disaster, it is essential to maintain security on these devices to prevent future issues. Endpoint data protection ensures that these devices are secured against malware, ransomware and other cyber-attacks—or even human error, such as accidental deletions—at a time when the company is the most vulnerable.
Data Point Step No. 4: Categorizing Data Into Backup and High-Availability Buckets
Data protection comes in all forms and sizes. A few years back, it was enough that all the data was backed up to one offsite location. However, with data being a company’s most valuable asset, it is critical to determine what systems truly need to be available at all times versus what can wait a few hours or days to restore; the essentials for governance; and what data needs protected at the time of upgrades and patches. High availability options allow for the deployment of critical, time-sensitive operations for continuous business operations. Backup is used across all systems for data governance and rapid recovery.
Data Point Step No. 5: Deploying Backup for All Types of Data
Data backup is an essential form of disaster recovery planning as it covers all types of data and captures snapshots at periodic intervals. In the event of a power outage or other natural disaster, IT can restore files, folders or full system recoveries, ensuring business continuity. With the varied options of on-premises and cloud backup options, companies may opt to have a backup storage plan with multiple copies in various locations to fully protect against all potential events.
Data Point Step No. 6: Protecting Data With the Cloud
Adequate data protection in today’s technology landscape means moving data offsite. Businesses should look at various options and have their data stored at multiple locations. This may be an alternative business location in a different geographical region, branch office or the cloud. While a second data center is a great option, the cloud offers the option of supporting mixed IT environments with failover options across geographic regions and support by a team of experts. A cloud-based option also allows a company to do an instant failover within mere minutes or seconds, so operations continue seamlessly.
Data Point Step No. 7: Migrating Data Provides Agility
Public clouds such as Microsoft Azure help businesses stretch their resources and provide adequate data protection and backup for all levels of business operations. Migrating data to one of these cloud platforms provides greater agility when a business needs to move from one vendor or data center to another in the event of a disaster.
Data Point Step No. 8: Ensuring Data and Applications Are Available and Accessible
An important part of any resilient company’s operation is ensuring the data and applications are available to employees regardless of what is happening at the firm’s main data center. Companies should continuously be replicating data to a secondary location anywhere in the world—preferably one in a different geographic region for one simple reason: If the second data center is located within a short drive and both areas are impacted due to a storm, such as a tornado, hurricane or wildfire, then company operations grind to a halt.
Data Point Step No. 9: Testing It All Out
Even if you have a plan in place in the event of a disaster, it is meaningless unless you test it. Many companies may believe they are ready, but when plans are enacted, they find there are certain variables that were not expected. These issues could include an employee’s remote access to servers doesn’t work, a certain database is missing from the replicated data, information is not properly encrypted from the alternative location, etc. Testing helps uncover these issues and educates employees on the proper procedures prior to an emergency.
In Summary …
While these steps sound simple, many companies may only implement one or a few of them in their planning process. Technology has granted businesses the ability to be more resilient in the face of natural disasters through remote workspaces, automatic backups and data access, but companies cannot forget the human aspect. Building a complete cyber resilience strategy is more than IT. It is creating a plan that takes the workforce into account and establishes a supportive atmosphere that will ensure employees are not left in the dark on what to do. Data protection education and clear planning will help certify that companies are resilient—regardless of the event.
If you have a suggestion for an eWEEK Data Points article, email [email protected].