How to Ensure Successful Disaster Recovery

Waiting until you have an incident to understand which of your systems are critical can have serious consequences, sometimes even life or death consequences. Here is an unusual example: It was recently reported that hackers launched a ransomware attack on a Swiss farmer's computer system, disrupting the flow of vital data from a milking robot. See https://lnkd.in/eVhzu429. The farmer apparently did not want to pay a $10K ransom, and thought he didn't really need data on the amount of milk produced in the short term. In addition, the milking robot also worked without a computer or network connection. The cows could therefore continue to be milked. The farmer, however, apparently didn't account for the fact that the data at issue was particularly important for pregnant animals. As a result of the attack, the farmer was unable to recognize that one calf was dying in the womb, and in the end, this lack of data may have prevented the famer from saving the calf. While most of us will hopefully not find themselves in this exact situation, the takeaways are the same for all of us: 1. CONDUCT A BIA: Consider conducting a business impact assessment (BIA) to understand the criticality and maximum tolerable downtime (MTD) of all your systems, processes, and activities, from a business or commercial standpoint. Of course, such analysis should include the health and safety impact of downtime. 2. VENDORS: As part of the BIA, consider assessing the MTD for each vendor as well. This will help you decide which primary vendors require a secondary, as well as define the terms of your contract with the secondary vendors. More details on backup vendors can be found here: https://lnkd.in/e-eVNvQz. 3. UPDATE YOUR BC/DR PLAN: Once you have conducted a BIA, update your business continuity and disaster recovery (BC/DR) plan to ensure that that your recovery time objective (RTO) and recovery point objective (RPO) are consistent with the MTD determined through your BIA. 4. PRACTICE: Conduct regular incident response (IR) and BC/DR tabletop exercises, as well as full failover exercises, to test and improve your ability to respond to a real event. Advice on conducting successful tabletop exercises can be found here: https://lnkd.in/eKrgV9Cg. Stay safe out there!

Your cloud provider just went dark. What's your next move? If you're scrambling for answers, you need to read this: Reflecting on the AWS outage in the winter of 2021, it’s clear that no cloud provider is immune to downtime. A single power loss took down a data center, leading to widespread disruption and delayed recovery due to network issues. If your business wasn’t impacted, consider yourself fortunate. But luck isn’t a strategy. The question is—do you have a robust contingency plan for when your cloud services fail? Here's my proven strategy to safeguard your business against cloud disruptions: ⬇️ 1. Architect for resilience  - Conduct a comprehensive infrastructure assessment - Identify cloud-ready applications - Design a multi-regional, high-availability architecture This approach minimizes single points of failure, ensuring business continuity even during regional outages. 2. Implement robust disaster recovery - Develop a detailed crisis response plan - Establish clear communication protocols - Conduct regular disaster recovery drills As the saying goes, "Hope for the best, prepare for the worst." Your disaster recovery plan is your business's lifeline during cloud crises. 3. Prioritize data redundancy - Implement systematic, frequent backups - Utilize multi-region data replication - Regularly test data restoration processes Remember: Your data is your most valuable asset. Protect it vigilantly. As Melissa Palmer, Independent Technology Analyst & Ransomware Resiliency Architect, emphasizes, “Proper setup, including having backups in the cloud and testing recovery processes, is crucial to ensure quick and successful recovery during a disaster.” 4. Leverage multi-cloud strategies - Distribute workloads across multiple cloud providers - Implement cloud-agnostic architectures - Utilize containerization for portability This approach not only mitigates provider-specific risks but also optimizes performance and cost-efficiency. 5. Continuous monitoring and optimization - Implement real-time performance monitoring - Utilize predictive analytics for proactive issue resolution - Regularly review and optimize your cloud infrastructure Remember, in the world of cloud computing, complacency is the enemy of resilience. Stay vigilant, stay prepared. P.S. How are you preparing your organization to handle cloud outages? I would love to read your responses. #cloud #cloudmigration #cloudstrategy #simform PS. Visit my profile, Hiren, & subscribe to my weekly newsletter: - Get product engineering insights. - Catch up on the latest software trends. - Discover successful development strategies.

We have found 1750 gaps related to business continuity. Here are four important opportunities I'm seeing: 𝟭. 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀 𝗣𝗿𝗼𝗯𝗹𝗲𝗺: Either companies lack policies, they are completely out of date, or they are so complex they are not useful. 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻: Policies are an opportunity to clearly state their intent and hold people accountable. Try to make your BCP policy as clear as possible. Avoid conflating your policy with detailed procedures or event plans. If you are looking for framework guidance, consider ISO 22301. 𝟮. 𝗘𝘃𝗲𝗻𝘁 𝗣𝗹𝗮𝗻𝘀 𝗣𝗿𝗼𝗯𝗹𝗲𝗺: As a rule, most companies have not considered and documented likely scenarios that could impact their business. 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻: Spend some time considering the most likely scenarios that may impact your business and document how the company would respond. Almost every company deals with common events like ransomware, business email compromise, accidental data disclosure, and stolen laptops. 𝟯. 𝗧𝗮𝗯𝗹𝗲𝘁𝗼𝗽 𝗘𝘅𝗲𝗿𝗰𝗶𝘀𝗲𝘀 𝗣𝗿𝗼𝗯𝗹𝗲𝗺: Organizations aren't doing good tabletop exercises and are missing an opportunity to drive organizational change and awareness. 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻: Running a solid business continuity tabletop exercise is a golden opportunity to get cybersecurity at the top of mind of leadership. Get everyone in the same room thinking about risks. It will fast track your team's understanding that there are important risks at play. And suddenly, you have their ear. They suddenly understand why cybersecurity is critical to building enterprise value for your organization. Don't miss you chance to get leadership buy-in. 𝟰. 𝗕𝗮𝗰𝗸𝘂𝗽𝘀 𝗮𝗻𝗱 𝗥𝗲𝗰𝗼𝘃𝗲𝗿𝘆 𝗣𝗿𝗼𝗯𝗹𝗲𝗺: Companies aren't doing full backups or they aren't testing their ability to recover from backups. 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻: I really don't want to pretend this is easy. It is a multistep process. First, considering what you need to back up (e.g., critical data). Second, consider how you should back it up (e.g., different cloud regions vs. off-site backups vs. endpoint restoration vs. something else). Third, doing the hard work of testing your ability to fully recover from backups. 𝗔𝗰𝗸𝗻𝗼𝘄𝗹𝗲𝗱𝗴𝗶𝗻𝗴 𝗧𝗵𝗶𝘀 𝗶𝘀 𝗮 𝗟𝗼𝘁 𝗼𝗳 𝗪𝗼𝗿𝗸 I just threw a few recommendations at you, but I need to acknowledge that this is a lot of work and you are going to need to right-size it for your organizations. A start-up is probably going to have a lighter and agile program. An enterprise company will likely have a team dedicated to business continuity and resilience. Let me offer this encouragement: The efforts put into resilience result in a return on investment when it comes to protecting and building enterprise value. 𝗢𝘂𝗿 𝗢𝘄𝗻 𝗕𝗖𝗣 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 𝗮𝘁 𝗿𝗶𝘀𝗸𝟯𝘀𝗶𝘅𝘁𝘆: Risk3sixty is ISO 22301 (business continuity) certified. We have also helped dozens of companies build their program. Happy to answer questions. #cybersecurity #business #technology