Replicating the production security infrastructure at a disaster recovery site can be a problem: Professor Avishai Wool looks at how organizations should approach security policy management in their disaster recovery planning.
When it comes to downtime and cybersecurity attacks, despite many high profile incidents in the past year many businesses are still stuck in the mind-set of ‘it won’t happen to me’ and are ill-prepared for IT failures. And with IT teams facing a broad range of unpredictable challenges while maintaining ‘business as usual’ operations, this mind-set places organizations at serious risk of a damaging, costly outage. Therefore, it’s more important than ever to have plans for responding and recovering as quickly as possible when a serious incident strikes. As the author Franz Kafka put it, it’s better to have and not need, than to need and not have. In short, effective disaster recovery is a critical component of a business’ overall cybersecurity posture.
Most large organizations do have a contingency plan in place in case its primary site is hit by a catastrophic outage – which, remember, could just as easily be a physical or environmental problem like a fire or flood, as well as a cyberattack. This involves having a disaster recovery site in another city or even another country, which replicates all the infrastructure that is used at the primary site. However, a key piece of this infrastructure is often overlooked – network security – which must also be replicated on the disaster recovery site in order for the applications to function yet remain secure when the disaster recovery site is activated.
More of the Continuity Central postCon