Technically News - 6/10
In this week's Technically News: When Disaster Strikes, Will Federal Data Be Safe; Dell, Oracle form Strategic Partnership for Integrated Systems; Translating Good Intentions Into Effective Cybersecurity Policy; 25 Most Influential Government CIOs.
Five Key Takeaways From InformationWeek’s GovCloud
DLT Solutions sponsored last month’s InformationWeek’s GovCloud. As the public sector continues migrating workloads to the cloud, Cloud Service Providers (CSPs) are gaining acceptance and increasing traction.
Disaster Recovery Gets Some Fresh AIR
When it comes to disaster recovery, there has historically been a limitation on disk storage. While tapes can easily be sent offsite to be used for restores after a site outage, disks do not offer the same flexibility.
Some OpenStorage technologies, support out-of-band replication in which the contents of the disk storage are replicated between devices. In these instances, NetBackup has no knowledge of the data, which complicates recovery in a NetBackup protected environment because the replicated data can only be accessed after recreating the NetBackup catalog. Replication is done by importing the entire contents of the disk storage at the remote site using the bpimport command. The nbcatsync utility, introduced in NetBackup 6.5.6 and 7.0.1, can address this challenge as well, but it relies on being able to restore the catalog from a catalog backup and then post-processing it to reconcile the disk device mappings, resulting in a very time consuming process.
Current State of Information Security | Part 2
Part 2 o2:
A few weeks ago, we looked at the current state of information security and implementations from the Ten Domain Model. Using this information, we can now look at where we need to be.
Due to the rapidly changing threat landscape two key requirements for information security are becoming increasingly critical. These requirements are automation and continuous monitoring.
1) Why Automation? Only automated approaches can scale and respond rapidly to large-scale incidents.
a. Preventative policy enforcement reduces risk:
i. overall number of security vulnerabilities
ii. the success of any particular attack technique.
b. Automated remediation systems have a positive impact on a large number of hosts with a relatively small time investment from computing staff.
2) Why continuous monitoring? A primary goal of continuous monitoring is, as much as is practicable, to apply automated remediation to security vulnerabilities that are found. That takes the need for human intervention out of the picture. Human intervention and the errors and delays that result from it are credited for many of the lapses in IT security.
Business Impact Analysis: The Foundation of a Disaster Recovery Plan
Consider the following statistics taken from the Disaster Recovery Journal (Winter 2011):
• A single incident of data loss can cost a company an average of $10,000.00
• 93 percent of companies that lost their data for 10 days or more, filed for bankruptcy within a year.
• 40 percent of businesses that suffer a loss of data, fail within 5 years.
And while most companies and organizations have taken Disaster Recovery seriously, they often fail to take a proper BIA or Business Impact Analysis and properly test their plan for appropriateness; often resulting in losses.
A BIA or a Business Impact Analysis is exactly what it sounds like; proper research to determine what the business impact would be if an application, website, database, HR document, etc… were not available for given sets of time. Perhaps if a database were not available for an hour there would be little impact, but if it were down for a day, it would be critical. It is important to do an accurate study to determine where those pain points are for all aspects of your organization and review them regularly for changes in criticality. While this sounds like the absolute foundation for all DR plans (and it is) I have regularly encountered both government and private industry that fail to do this most basic step. They either consider everything to be critical (it isn’t) or they only backup a few servers that they think contain their most important documents/data. Neither of these plans accomplishes suitable DR.