Skip the navigation

Data security risks missing from disaster recovery plans

The scope of contingency programs needs to be expanded, execs say

By Jaikumar Vijayan
October 10, 2005 12:00 PM ET

Computerworld - Corporate officials need to consider disruptions from major information security failures when making business continuity and disaster recovery plans, security managers and analysts said last week.


Failure to do so, they added, could leave businesses dangerously underprepared to respond to infrastructure disruptions during a time of growing cyber-risks.


"Disaster recovery plans that take into account only the physical impact to the infrastructure are shortsighted and need to be remedied," said David Jordan, chief information security officer for Arlington County, Va.


The county now routinely incorporates cyberthreats and other potential technology-related calamities into its disaster recovery planning processes, according to Jordan.


21st Century Threats


It's important that the topic not get lost in the wake of hurricanes Katrina and Rita, said John Pironti, principal security consultant at Unisys Corp. in Blue Bell, Pa. He noted that such disasters prompt many IT operations to focus on traditional business continuity processes which involve disruptions caused by physical damage to the infrastructure, he said.


IT managers shouldn't overlook the threat that cybersecurity incidents and other electronic failures can also pose to critical infrastructure, Pironti said. Disaster recovery "is stuck in a 1970s to 1980s mind-set of a mainframe, a LAN and a glass house that need to be backed up," he added.


What is needed is an "expanded perspective of what constitutes a disaster," said Bob Palmer, a vice president in IT at Lenox Inc., a Lawrenceville, N.J.-based maker of tableware and giftware.


Disaster planning "traditionally required that firms work with a single vendor who provided physical facilities and equipment in case of an emergency," Palmer said. An infrastructure failure stemming from an electronic attack would force a company to deal with security firms, Internet service providers and law enforcement agencies, among others, he said.

Adding to the complexity is the unpredictable and evolving nature of electronic attacks and potential responses to them, thus creating a difficult environment in which to conduct tests, Palmer said. As a result, he noted, disaster recovery planning needs to become "broader and [more] dynamic in nature."


Information security teams need to undertake security-threat scenario planning with workers who are responsible for business continuity programs, suggested Roberta Witty, an analyst at Gartner Inc.


The team should identify threats that could take down a company's core infrastructure or parts of it, she said. "Clearly, e-mail is a prime target, so you've got to look at how your business can continue without e-mail," Witty said. Similarly, "if you have an internal or an external security breach, the first thing you've got to understand is whether you'll be replicating the problem when you try to recover at a recovery site," she added.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Security White Papers
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
Identity Governance: The Business Imperatives
This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make...
All Security White Papers
Security Webcasts
Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
Introduction to VMware vCenter Site Recovery Manager 5
Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
The Top Ten Secrets to Avoiding SAN Performance Problems
Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
Deduplication Without Compromise
Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
Director of Disk Products Discusses DXi6700
Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
Playing Defense: Staying on Top of Your Disaster Recovery Game
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
All Security Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs