The Morning After
ComputerWorld TechGuide Security Part 2 ( 14 March 2003
)
By Melanie Liew
Recovery phase activities focus on contingency measures to execute temporary IT processing capabilities, repair damage to the original system and restore operational capabilities at the original or new facility. At the completion of this phase, the IT system will be operational and performing the functions as designated in the plan.
According to the National Institute of Standards and Technology's Contingency Planning Guide for Information Technology Systems, when recovering a system such as a wide area network (WAN), recovery procedures must reflect system priorities identified in the business impact assessment (BIA). The sequence of activities should reflect the system's allowable outage time to avoid significant impact to related systems. Procedures should be written in a sequential format so that system components may be restored in a logical manner.
For example, if a local area network (LAN) is being recovered after a disruption, the most critical servers should be recovered before other, less critical devices such as printers. Similarly, to recover an application server, procedures should address operating system restoration and verification before the application and its data are recovered.
PCs are ubiquitous in most organisations' IT infrastructures. Because the desktop and portable computers are the most common platform for routine automated processes, they are an important part of the contingency plan.
Desktops and portable systems should, in all contingencies emphasize data availability, confidentiality and integrity.
To address this, the following practices must be considered:
Backups should be stored offsite. If users back up data on a standalone system rather than saving data to the network, the company should provide a means for storing the media at an alternative site. A copy of the contingency plan, software licenses, vendor service level agreements (SLAs) and contracts, among other important documents should be stored with the backup media.
Backup, backup, backup. Individuals should be encouraged to back up data, especially if the PC backup process is not automated from the network.
Provide guidance on saving data on PCs. Users can be instructed to save data to a particular folder. If a machine has to be rebuilt, the technician will know which folders to copy and preserve while the system is being reloaded.
Standardize hardware, software and peripherals. It is much easier if standard configurations are possible throughout the organization. If not, then configurations should be standardized by department or by machine type or model.
Well-documented system configurations make recovery easier. In the same way, vendor names and emergency contact information should be listed in the contingency plan so that replacement equipment may be purchased quickly.
The contingency solutions must be coordinated with security policies and system security control.
The most common means to ensure data availability is to backup. When choosing the appropriate solution, there are several factors that should be considered.
First, to ensure that there is equipment interoperability, the backup device must be compatible with the platform operating system and applications and should be easy to install onto different models or types of PCs.
Second, the amount of data to be backed up should determine the appropriate backup solution.
Third, each type of media has a different use and storage life beyond which the media cannot be relied on for effective data recovery.
Fourth, when choosing the appropriate backup solution, the software or method used to back up data should be considered. In some cases, the backup application can be as simple as a file copy using the operating system file manager. In cases where large data transfers are required, a third party application may be needed to automate and schedule the file backup.
PC data backups can be accomplished by floppy diskettes, tape drives, removable cartridges, compact disks, network storage and replication or synchronization.
An option that has become available is Internet backup, or online backup which is a commercial service that allows PC users to back up data to a remote location over the Internet for a fee.
On top of data backup, organizations should also back up system drivers.
Organizations should store software and software licenses in a secondary location.
To secure the data, more and more organizations are turning to encryption. If the encryption key pair and verification key are stored on the PC, data can become unrecoverable or unverifiable if the PC becomes corrupted.
Encryption can be used to protect data from being disclosed on a stolen computer. Mobile workers can also make use of a second hard drive while on travel.
Another contingency solution is imaging where it can be used to install the applications and settings stored. Because disk images can be large, dedicated storage, such as a server or server partition may need to be allocated for the disk images alone.
The system and its data can become corrupt as a result of a power failure. To prevent corruption, a PC can be configured with dual power supplies. The two power supplies should be used at the same time so that if the main power supply becomes overheated or unusable, the second unit will become the main power source.
Though off-site storage of backup media enables the system to be recovered, data added to or modified on the server since the previous backup could be lost during a disruption or disaster. To avoid this, a backup strategy should be complemented by redundancy solutions such as disk mirroring, RAID ( redundant array of independent disks ) and load balancing.
|