SMEs Need A Disaster Recovery Plan

Uploaded on 2019-06-28 in TECHNOLOGY--Resilience, FREE TO VIEW

Most businesses dislike renewing IT equipment but they dislike renewing Disaster Recovery (DR) solutions even more. These aren’t revenue-generating systems after all, and small businesses have other things to spend their money on. Still, DR solutions can fall out of date just as quickly as primary IT infrastructure.

The cost of not updating DR solutions could be far greater in the end. A 2017 SME survey caried out by Forrester Research found that only 55% of businesses surveyed  felt prepared or very prepared to recover their data centres after a disaster.

For many, then, it's time to take a long hard look at their DR solution to see if it still fit for purpose. Here are four signs that you may be among them:

The Law has Changed
Regulatory or legal issues were among the biggest factors driving DR improvements, according to Forrester. 
One of the biggest drivers for revising DR plans is the introduction of the General Data Protection Regulation (GDPR), which came into effect in May 2018.

GDPR’s rules affect DR systems and primary systems equally. They require organisations to restore access to personal data in a timely manner, and mandate regular testing and evaluation for all data processing systems, including DR. 
Now is the time to check the security of your DR system and ensure that any DR service providers understand their own responsibilities as data processors under GDPR.

Your Data loads have Changed
Yesterday's DR solution may have been appropriate for a company half your size, but what about now? 
Data volumes have a habit of growing unchecked in the background, and a deluge of data can have an adverse effect on business resilience.

While many companies focus on planning data capacity for primary systems, it is easy to forget this task on the DR side. 
Check DR hardware and network capacity regularly against current data loads to ensure that they are adequate to handle data transfers.

Your Infrastructure has Changed
Data volumes are not the only things that evolve in an IT environment. Applications change, and hardware infrastructure expands. Organisations also move into private, public or hybrid cloud environments. 

In some cases, backup software appliances may not support this expanded infrastructure, especially if they are vendor-specific and new equipment from other suppliers has been brought on board. As your infrastructure strategy evolves, schedule regular reviews of your DR solution to ensure that it still supports your current server, storage and operating system selection and that it will backup data from your entire application portfolio.

Your Risk Profile has Changed
All DR strategies should be closely aligned with business risk, but this risk profile changes over time. Business teams should be involved in regularly revising Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). 
And these may change as the company builds out new business workflows and commercial imperatives shift.

When reassessing your DR solution, re-examine these metrics and ensure that they can support the necessary backup cadence to handle your company’s RPO needs. Ask yourself whether the DR architecture can cope with current RTOs, especially if backing up from a remote location.

Reviews of your DR needs and capabilities should be as regular as privacy and security assessments, especially now that GDPR has tightened the rules. Keeping your DR solution current brings several benefits, but perhaps the most important is that you’ll be able to sleep soundly at night.

DTX:            Probrand:

You Might Also Read: 

Now Is Definitely Time To Check You Are GDPR Compliant:

 

« US Cyber Attack On Iran
US Hackers Penetrate Russia's Electric Grid »

Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Herjavec Group

Herjavec Group

HG's Managed Security Services practice is SOC 2 Type 2 certified and defends your organization from increasingly sophisticated, targeted cybercrime threats.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Secura

Secura

The Secura Cyber Security and Intelligence system predicts and prevents security threats by discovering hidden patterns through the meticulous analysis of large amounts of data.

Tesserent

Tesserent

Tesserent offers world-class managed security at your network perimeter, internal behavioural monitoring and end-point device protection.

Payfone

Payfone

Payfone is a leading digital identity authentication network. Our award-winning Trust Platform validates identities and delivers fast, frictionless, and fraud-free experiences to customers.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.