Natural disasters, cyberattacks, supply chain disruptions—they can all happen without warning. These events can and will be catastrophic for a business that is unprepared. Business continuity is all about planning ahead and allowing your business to function in a difficult situation with as little disruption as possible. A strong business continuity plan recognizes potential threats to a business or organization and determines the impact they have on day-to-day operations. Business continuity will help mitigate these threats and reduce their impact on organizations. So, how much can you afford to lose? We spoke to David Eaton, technology consultant II at Ingram Micro, to learn more.
What is business continuity, and how do people play a part?
Business continuity considers people, processes and technology as assets and plans how to mitigate interruptions to business operations when any or all of those assets are impacted by a disruptive event.
Typically, we think of business continuity in terms of making sure that people have access to their data via processes and technology—but in 2020 we experienced a disruption to the people asset. Employees couldn’t use the office due to municipal rules, illness or the need to care for family members. Natural disasters and other types of disruptive events can impact our people asset as well. Just like we try to eliminate single points of failure in our infrastructure by engineering in redundancy, we need to take a similar approach with our people. Cross-training is one way to ensure that a business continues to run; for example, making sure that if the virtualization admin is out, the network or system admin can step in or that you have a service provider you can rely on to keep things up and running. Ensuring that people can work from home without creating an exponential number of attack surfaces is also key to mitigating that risk.
What is continuous data protection (CDP)? How does cloud come into play?
To start, let’s define some terms.
Recovery Point Objective, or RPO, “is a measurement of time from the failure, disaster or comparable loss-causing event. RPOs measure back in time to when your data was preserved in a usable format, usually to the most recent backup.” (IBM)
Recovery Time Objective, or RTO, “is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.” (Druva)
In an ideal case of continuous data protection, the recovery point objective is zero, even though the recovery time objective is not zero. CDP runs as a service that captures data changes to a separate storage location. CDP technology works by creating an initial data copy to a protection server, and then using changed block tracking, backs up the storage blocks that have been modified or created since the previous version. With so much data being collected, the next question quickly becomes “where do I store my backups?” On-premise storage can quickly increase CapEx, and many businesses are looking for ways to transition to more of an OpEx model. Cloud-based business continuity is 99% more reliable than more conventional backup options, such as tapes, disks or even flash drives.
How can I ensure recoverability in the event of a ransomware attack?
The number of high-profile ransomware attacks lately should serve as a reminder that the question isn’t if an organization is going to suffer an attack, but when. The FBI recommends not paying any requested ransom for multiple reasons; payment does not guarantee that encrypted files will be recovered and may encourage subsequent attacks, additional demands for payment in the future or fund future nefarious activity.
Ransomware attacks remind us that attackers are coming up with new and novel ways to hijack even the most secure networks, which is why the NIST Cybersecurity Framework includes recovery as a function. Recoverability is an important element in the defense-in-depth security strategy. So, how does an organization ensure recoverability from a ransomware attack? The 3-2-1 backup architecture—3 copies of regularly backed up data stored on 2 different media with a minimum of 1 copy offsite—is a great place to start. However, many ransomware variants look for and target backup systems, so the 3-2-1 strategy requires some tweaking in the face of this very real threat. To ensure recoverability from ransomware, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) recommend that organizations store one copy of mission-critical and proprietary data backups in an air-gapped data-vault—offline, physically isolated and password protected.
Additional safeguards are also recommended. Creating immutable copies of backup data using retention lock policies can further ensure recoverability. This prevents backups from being deleted or tampered with. Maintaining multiple immutable copies of mission-critical data is also highly recommended so that there are multiple points in time from which to recover in the event of an attack. Use of software that scans backups to detect changes over time and diagnose the presence of ransomware and other forms of malware adds yet another layer of protection.
Any solid backup strategy includes regular testing to ensure that backups are complete and recovery procedures are well documented and up to date. Those tried and tested recovery procedures become an integral part of a disaster recovery or incident response plan in the face of a ransomware attack.
How do I prepare for the unknown?
A business continuity plan is vital because disruptive events can happen at any time; it can mean the difference between staying in business or closing your doors. These plans outline what is vital to the business, and what steps need to take place in case of emergencies and disasters. A well-designed plan can strengthen both your organization and your employees’ confidence by helping them understand the processes in place to ensure uptime. These plans also enable employees to be proactive. How did your business respond to limitations or lockdowns during the COVID-19 pandemic? There are 5 steps to develop a solid business continuity plan: prevention, mitigation, response, recovery and restoration. How many of these steps have you developed?
How do I implement a business continuity strategy?
The first step is to take ownership of your current business continuity strategy if one is in place at all. Where is your business located and where do you physically store your most vital backups? How much data do you need to protect? What is most vital or important to your business to keep the lights on and continue with business as usual? Develop a business continuity plan that addresses how the business will prevent or mitigate a decrease in business due to an unforeseen event. Other questions to ask include: what tools do you have in place to back up your current data? How current is your data? Are your current RTOs/RPOs defined and acceptable?
If you’re not sure where to start, you’re not alone. Ingram Micro’s Cybersecurity Delta Force is here to help connect you to the elements of business continuity technology and process that you will need to develop a robust strategy. Leverage our team to help work through available options that meet your needs.