Thursday, July 14, 2011

DR, BCP & Security - 4 things for any business

It seems a lot of organisations struggle to realise the value of their data.

With recent events in Australia, such as the hacking of Distribute.IT and Mosman Council, on-top of countless international events, such as Sony and the infamous Wikileaks Cablegate.

Distribute.IT lost all mission critical business data, was unable to recover, effectively rendering the organisation out-of-business overnight.

Mosman Council, hacked by Anonymous, lost backend website data, resulting in damaging press regarding the organisations inability to protect and store their data.

Sony suffered multiple hacks to various parts of the organisation, one of the worst brought down the entire Playstation online gaming network, compromising personal details and credit card numbers of over 45 million customers. Causing a storm of bad press, followed by lost revenues.

Wikileaks Cablegate created a never-ending public leak of countless secret government cables, one of the worst data leaks in the history of the internet, causing on-going damage to the US and foreign governments.

International movements such as Anonymous, Lulzsec and the high profile incidents across the globe, culminate into something organisations simply can't afford to ignore...

Organisations struggle to justify the cost of proper Disaster Recovery, Business Continuity Planning & Security. However when faced with the actual loss of data, it's value, very quickly becomes realised.

Disaster Recovery, will assist your organisation to recover from a disastrous event, such as flooding, a building fire or any other major disruption to production systems, including malicious attacks.

Business Continuity Planning, to plan how to continue business operations, in the event of a disaster.

Security, to prevent against the loss of data and respond to a security event.

4 things for any business to consider:

  1. What is the value of your data to the organisation?
  2. What is the value of your data to competitors, hackers or the public?
  3. What are the ramifications if your organisation lost data completely or could not recover data in a timely manner?
  4. What are the ramifications if your data was leaked to competitors, hackers or the public?

These 4 points will help you better determine the approach your organisation takes, when deciding on processes, procedures, technology and strategy for Disaster Recovery, Business Continuity Planning and Security.

Don't forget, when it comes to your next planning session...

Plan your RPO & RTOs, but also consider the value of your data.

I'd love to hear your comments below...