Can the Cloud Save you in a Disaster?

Disaster strikes. Access to your network and your data is gone. What do you do?

With what we’ve all been watching on the news, let’s say it the disaster is not man-made but natural: a fire, flood or earthquake (thank heavens we don’t get hurricanes here).

The immediate question in the face of a catastrophe is “How do you keep your business going?” The answer is: Have a solid business continuity plan in place.

What is meant by business continuity?

The short answer is: Business continuity can best be defined as 'the processes, procedures, decisions and activities that ensure that an organization can continue to function through an operational interruption,' but it’s much more than that.

Business continuity is the ‘Big Picture’ plan, but it includes another plan - the crucial, but smaller Backup and Disaster Recovery Plan.

A few years back, IT Support LA came to the rescue when a small non-profit conservancy group needed us. Headquartered in the foothills of the Santa Monica Mountains, the two buildings serving as their headquarters burned to the ground when a car crashed into a power transformer sparking the blaze that spread quickly. Performing forensic data recovery on charred hard drives, we were only able to restore about 45% of their data, but luckily their donor information was part of it.

We set them up in the cloud so that would not happen to them again.

How does cloud help with business continuity?

If you place your operational infrastructure in the cloud, it doesn’t matter what happens to your physical office. Your data and operations are still there and anyone who accessed it before can still do so – from anywhere on any connected device – from desktops, laptops, notebooks, or smartphones.

Just have your employees work from home, and they will only need their login credentials to access your cloud and keep working. This unfortunately does nothing for destroyed inventory or manufacturing machinery. For that part, you will still have to deal with your insurance company.

The cloud also saves you from a man-made disaster, like a data breach or Ransomware, which falls more directly under your Backup and Disaster Recovery plan, where the only restoration necessary is to restore your data and operations while the office remains intact.

What should happen after a data breach?

The very first step is the Incident Report plan. The employee alerts the manager to call IT support, whether an in-house department or a 3^rd party IT consulting service. One of the benefits of using a top-notch Managed IT Services firm like IT Support LA, is that with their proactive monitoring, their IT HelpDesk should already be getting alarms that your system has been breached.

If your IT services team is not yet aware of the breach, get to them right away so they can stem the tide of the attack, isolate and lock down the malware involved and assess what data needs to be restored.

IT Support LA configures our clients’ Cybersecurity to isolate and trap the malware in the initially infected device to prevent spread. Any reputable and experienced member of the IT Support Los Angeles Community should have these policies and procedures in place.

These are only the first steps, and they are only a small part of a comprehensive Backup and Disaster Recovery Plan. This is the point where the plan is implemented. The IT services team, in conjunction with your company’s management, will now do the heavy lifting to restore normalcy to your network operations.

How do you write a good disaster recovery plan?

Remember the old saying “If you fail to plan, you are planning to fail?” This is of paramount importance when it comes to a Backup and Disaster Recovery Plan. Putting an effective plan together requires a thorough process with pinpoint attention to detail. For more information on the greater scope of such a plan, please review our page HERE.

Here are the basic steps required to put together an all-inclusive and reliable plan:

1) Top Management Commitment
From the top down, everyone must be on board with the plan. The IT services crew will do the behind-the-scenes work, but it is company management that must coordinate the plan with the employees, so their involvement and commitment to the plan is the first absolute necessity.

2) Create the Planning Committee
Include all department heads, especially the head of IT support, whether internal or outsourced. All areas of the company that would be affected by the disaster must be represented. The committee will define and delegate duties and define the scope pf the plan and will set the standards for those activities listed below.

3) Assess Risks
Assess and analyze potential dangers to all areas of the organization for the possible impacts and consequences of each possible disaster scenario. For example, a fire will present some different consequences than a Ransomware attack. Risks and the costs involved in responding to and minimizing the exposure as a result of the various possible disasters need also be analyzed.

4) Prioritize
Establish the ’pecking order’ and importance of all areas of Processing and Operations. This is about putting ‘first-things-first.’ Typically, data and communications should come first because they allow other areas of the organization to continue. In manufacturing, the shipping department goes last because they have nothing to ship if nothing is being manufactured.

5) Establish Recovery Strategies and Tactics
For each department, determine what steps will need to be taken and who will take command of ensuring those steps are performed. The objective, much as for those in ‘Priorities’ above, is to avoid confusion and enable the continuity of business while the disaster is being addressed. It is crucial to establish what is to be done and by which key personnel.

6) Put the Plan in Writing
Usually, it’s best to start with an outline, but the final plan in a standardized format must adhere to every small detail in understandable, non-ambiguous wording. The idea that any part of the plan could be open to ‘interpretation’ must be avoided. All functions of all departments must be clearly assigned.

7) Create Criteria for Testing
No plan is perfect the first time out. It’s important to test your plan and ‘tweak’ it on an ongoing basis. Develop reliable testing procedures that allow you to foresee any weak spots and make adjustments. Surprises on the day of the actual disaster are a disaster of their own.

8) Test it!
Perform the first test, based only on the plan and the testing criteria, and update the plan as needed. A plan is rarely proven ‘bulletproof’ the first time. it was 19th century Prussian Field Marshal Helmuth von Moltke who is credited with saying, “No plan of operations reaches with any certainty beyond the first encounter with the enemy's main force” – later shortened by other commanders to “No Plan Survives First Contact With the Enemy.”

Or, as Mike Tyson said, “Everyone has a plan until they get punched in the mouth.”

10) Approve the Final Plan
Once all adjustments have been made following several tests, set the plan in stone – for now. Testing should be scheduled at regular, agreed-upon intervals. The world changes, as does technology, so follow-up tests may show inadequacies that were not present when the final plan was approved.

Cloudian offers a comprehensive guide to writing a reliable Backup & Disaster Recovery Plan HERE.