Disaster Recovery Planning Blackout. Katrina

Transcription

1 Disaster Recovery 2003 Blackout Before: After: Katrina 1

2 Sandy Mentor, Ohio Flood Disaster Map 2

3 It is believed that some of the companies spend up to 25% of their budgets on disaster recovery planning; this is intended to avoid larger losses. Of companies that had a major loss of computerized records, 43% never reopen, 51% close within two years, and only 6% will survive long-term!!! Elements of a DRP Be Prepared! ahead is the most important part! Here are some tips to prepare and maybe even prevent disasters! 3

4 Watch Your Power! Develop an alternate power supply Protect against power surges Insurance Cloud Hosting/Storage (Box) Guard Yourself Document Administrative Procedures Solid State Drives Segregate responsibilities Backups! Guard Yourself Backup Remote Offsite Storage Develop emergency operating procedures Limit physical access 4

5 Guard Yourself Allow business use only Be careful using the Internet (Malware) Give your computer periodic checkups Virtualization at Server and Workstation Care for your System Keep food and beverages away from your computer equipment Maintain i the right temperaturet Clean your computer Care for your System Write down a plan Don t minimize the threat of a computer disaster by claiming it can't happen to me 5

6 Disaster Recovery Business Continuity Business Continuity Business Continuity Analysis Risk Analysis Impact Analysis Definition of impact scenarios Recovery requirement documentation Business Continuity Risk Analysis A structured approach to risk evaluation involves four steps: Asset and threat identification. Quantification of potential losses. Assessment of vulnerabilities. Evaluation of solutions or mitigating factors. 6

7 Business Continuity Assets: List and categorize your assets. Consider both tangible, intangible (e.g. reputation), and transient (e.g. technology lead) assets. Look at areas of risk Policies and procedures. Physical security of the facility. Personnel issues - recruitment, induction and discipline. Computer systems and networks. Communications. Customer interface. Business Continuity Quantify Your Potential Losses When possible, look at historical data to estimate losses. Seek outside opinions from others in your sector, consultants, s, etc. At times, "best guess" estimates are needed to establish losses resulting from having to restore a tarnished reputation. RISK = IMPACT x PROBABLITIY This calculation should enable you to rank risks from the most serious to the most trivial in terms of their overall impact to the business. Business Continuity Assessment of Vulnerabilities Use appropriate historical data. Apply commonly used industry formulas. Make subjective estimates. Apply a risk weighting system (there are many available to customize or develop your own). Evaluation of Solutions Accept the risk Manage the risk Reduce the risk 7

8 Business Continuity Business Continuity Impact Analysis Risk analysis versus BIA Participants BIA Questionnaire RTO and Prioritization of Functions BIA Questionaire Function description Dependencies Impact profile Operational impacts Financial impacts Work backlog Recovery resources Technology resources Standalone PCs or workstations Local area networks Work-around procedures Work-at-home Workload shifting Business records Regulatory reporting Work inflows Work outflows Business disruption experience Competitive analysis Other issues and concerns 7 Tiers of Disaster Recovery Tier 0: No off-site data Possibly no recovery Tier 1: Data backup with no hot site Tier 2: Data backup with a hot site Tier 3: Electronic vaulting Tier 4: Point-in-time copies Tier 5: Transaction integrity Tier 6: Zero or near-zero data loss Tier 7: Highly automated, business integrated solution 8

9 Business Continuity Recovery Time Objective Tier 1 (0-24 hours) Tier 2 (24-48 hours) Tier 3 (48-72 hours) Tier 4 (72-96 hours) Recovery Point Objective Acceptable date rollback Recovery requirement documentation Business Continuity Solution Design 1. The minimum application and application data requirements. 2. The time frame in which the minimum application and application data a must be available. a ab The crisis management command structure The location of secondary work site (where necessary) Telecommunication, data, application, and hardware architecture between primary and secondary work sites. Business Continuity Implementation Crisis command team call-out testing Technical swing test from primary to secondary work locations Technical swing from secondary to primary locations Application test Business process test 9

10 Business Continuity Maintenance Information updated Staffing, Vendor, Department changes Hardware and Application check Application security and service patch distribution Virus definition distribution Testing Have the systems used in the execution of critical functions changed? Are all recovery documents still meaningful and accurate? Does the Disaster Recovery Plan allow for recovery in the predetermined amount of time? Backup Methods Backup Overview Tape Rotation Suggestions Backup Software Options Offsite Storage Backup Methods Full: All files that match your selection are included into the backup. Incremental: Only those files will be included which have been changed since the last backup. Differential: Only those files will be included which have been changed since the last FULL backup. Which method is best for me? 10

11 Tape Rotation Daily Schedule (Bi-weekly Tape Rotation) Backup Software Options Manual Copying your files without the help of backup software Windows Backup Free with operation system VERITAS/Backup Exec Most reliable and widely used backup software Offsite Storage Keeping one (or more) of your Tape Rotations off site Offsite Storage Services KVS Remote Backup Service 11

12 Reciprocal Recovery Strategy Reciprocal recovery ensure that should one site be affected, the facilities of the other become available to the agreeing party. Things to consider with Reciprocal Recovery: Proximity of reciprocal locations Works best when the two sites have (close to) identical business functions Physical space Available computing resources KVS Remote Backup Service How does it work? Backup Rotation Daily backups for two weeks Weekly backups for 1 month Monthly backups for 1 year Immediate Access to Last Night s Backup Tech Support Staff Available to assist you restoring from previous backups Conclusion Questions/Comments? 12