| By James Carlini |
Article Rating: |
|
| November 15, 2012 08:00 AM EST |
Reads: |
2,671 |
Based on different reports of companies in New York still caught "off-guard" with their computer systems, it is hard to believe that corporate computer systems are down for some major companies - especially financial ones - and there are no redundant systems up-and-running.
What happened to adhering to the Sarbanes-Oxley Act, where it clearly states you need to have both a back-up plan as well as redundant systems? Some IT executives should lose their jobs for poorly designed mission-critical information systems.
Did Your Cloud Get Blown Away?
It's not Disaster Recovery 101, today it's Business Continuity 101. There is a huge difference in how you design and configure your systems and network.
Note to all affected companies: If you experienced down-time in your systems, you have laid off the wrong people and kept the incompetents to manage your operations.
Disaster recovery is the old approach of "as the impending disaster looms, shut down all systems in an orderly fashion so that you can restore them in an orderly fashion when the disaster ends." When the disaster is over, go back and restart all the systems to get the organization back up-and-running.
Compare that approach to Business Continuity: "Design your computer systems so that they are impervious to any disaster, natural or man-made. The goal: continue doing business through the disaster."
If the building burns up or gets flooded, the systems should switch to an off-site location. That location should be at least one time-zone away. It should not be across the river in New Jersey.
If the central office that you are connected to gets hit by a plane, your network should automatically reconfigure so that it is going to another location outside your area. DO you have those types of safeguards in place?
Evidently, some companies have not learned from previous disasters. They somehow continue down the path of not worrying about a crisis until after it hits.
What Does It Cost to Get Back Up?
Years ago, I attended a conference on compliance issues and happened to speak to the Chief Compliance Officer of Lehman Brothers. We talked about 9/11 and what they had to do in order to get back in business. He said they got back up in two days, but the price tag was high.
I asked him if he could tell me what they spent and he answered, "We wrote a check for $1,000,000,000 in order to get back up. How many of you or your organizations could write a check for One Billion Dollars to get back online in two days?
That is "power buying" your way back into business.
Semper Paratus
"Always prepared." This is the motto of the U.S. Coast Guard, but it should be the motto for every cloud computing facility. Don't be caught short because you will not have the money to "power buy" your way back into business.
Here are some good examples of what you should be doing:
Making Your "New York" Systems More Resilient
|
|
GOOD
|
BAD
|
|
Back-Up Site Location?
|
In a Different Time Zone
|
Across the River in NJ
|
|
BACK-UP PLAN
|
Having one that you have tested and modified on an annual basis.
|
Not having any plan or having a plan that you never dusted off or tested out.
|
|
Electricity
|
UNINTERRUPTIBLE POWER SYSTEM until you can switch over to another site
|
Some battery back-up for an hour or less. After that, no power.
|
|
Design Concept for Back-Up
|
"BUSINESS CONTINUITY" - the business stays up, no matter what happens outside. (No "downtime" is the concept's goal.)
|
"DISASTER RECOVERY" - the old concept of having an "orderly shutdown" of systems when the disaster strikes and then "recovering" them after the Disaster and its downtime.
|
Source: James Carlini
Once-in-a-lifetime disasters seem to happen every year in one place or the other. If you are in charge of a nationwide or international network, chances are you will be faced with a crisis somewhere along the network more often than what you think. Be prepared.
• • •
Copyright 2012 - James Carlini
Subscribe to Web Security Journal Email News Alerts
Subscribe via RSS
