Managing business continuity and disaster recovery

November 2018 Infrastructure, Security Services & Risk Management

Organisations are increasingly reliant on their IT systems and data, but they are faced with risks in the form of anything from accidental data loss, to deliberate acts of sabotage such as infections by ransomware. One of the most disastrous examples of how things can go wrong was when the English bank TSB’s failed migration to a different IT platform earlier this year left its customers without access to their accounts for weeks, and eventually resulting in the CEO being sacked.

Gerhard Fourie
Gerhard Fourie

It is therefore vital for businesses to have business continuity and disaster recovery plans in place. While there are key differences between those two components, they go hand in hand, explains Gerhard Fourie, district channel manager for South Africa at Commvault. “The difference essentially lies in the scope. Disaster recovery is the process of getting all the important IT operations back up and running after a disastrous event, whereas business continuity is the actual plan you require to make sure that you can recover. This means making sure that the sales guys have access to the CRM system, the marketing people have access to their marketing videos, the HR department has access to the payroll systems, and so on.”

Michael Davies
Michael Davies

Michael Davies, CEO of ContinuitySA, describes business continuity as “a more proactive approach to withstand potential incidents and disasters, including elements of crisis management, communications, etc., whereas disaster recovery is seen as the more traditional, reactive recovery of data and IT systems. Disaster recovery evolved into business continuity which in turn has evolved into building business and operational resilience,” he says.

“Building business continuity capability and resilience is vital and more important than ever before in this volatile, uncertain, complex and ambiguous world we live in,” Davies continues. “Big data and the acceleration of change in technology, together with social media, growing expectations on privacy and confidentiality with more legislation, means that business continuity needs a comprehensive approach to safeguarding not only data and technology but processes and people too.

More than data

“Business continuity is not only about protecting data. When a disaster occurs, it is highly likely that a company would need to deploy an emergency response, crisis management and communications in addition to recovery of the business. On the topic of cloud computing, cloud providers have experienced outages which affect an organisation’s ability to continue through disruption. There is a common assumption that cloud means that backup is included but that is not necessarily so. Cloud providers are an important part of any organisation’s business continuity plan but that is only part of a comprehensive plan.”

Fourie concurs that, while access to cloud storage services do give companies a way of managing their data backup themselves, it is only one piece of the puzzle. “We saw what happened last year in the US when Microsoft’s Azure platform went down,” he points out. “Many of those customers were thinking they don’t need disaster recovery plans because Azure is taking care of it, but the fact of the matter is if a disaster strikes one of the cloud providers, what are the plans to actually help you get your data back and applications back up and running?

“This can be mitigated by replicating your data to a secondary data centre in a different location. You need to identify your critical systems that you can’t do without. Other things like file servers and print servers can come back online as and when the server is back up, but email and CRM and so on are more critical systems in terms of day to day operations.”

To assist companies with this, Commvault offers a full-spectrum service that goes beyond disaster recovery, by doing a backup and ensuring that it can be restored. The company engages with the customer to identify their key and critical systems, and understand whether it would be necessary to replicate data in a near-live environment in an asynchronous manner, so if there is a disaster they can automatically failover to the disaster recovery site and bring up the services on that side.

In terms of backing up data, Commvault indexes the data so its metadata can be interrogated, and also tests the integrity of the data. Another part of the service involves handling conversions between VMware and Hyper-V data formats if necessary, so that the customer can get their backup restored from the data centre seamlessly.

Explaining ContinuitySA’s role, Davies says: “The primary focus of ContinuitySA is to provide peace of mind to our clients by ensuring that their business continues in times of adversity and potential disasters because they have comprehensive cyber resilience, business continuity plans, recovery site and technology solutions in place. We have 30 years of experience in helping organisations through disasters and tests, ensuring that they stay in business.”

Controlling BYOD

“The business continuity plan (BCP) may or may not include personal devices, depending on the organisation’s policy on personal devices and whether work related data is kept on personal devices,” Davies continues. “Businesses should include personal devices into the BCP for a number of good reasons, and definitely should if work related data is kept on the device. However, the BCP should also include a cyber resilience policy and programme as personal devices may be an easy target for cybercrime and data breaches, putting confidential business data in jeopardy. This in turn has an influence on an organisation’s information security and cyber policy.”

Fourie adds that while the BYOD (bring your own device) phenomenon was a challenge for organisations initially, it is now commonplace and effective solutions have been worked out. “More and more businesses these days are using software containers to isolate important corporate data,” he says. “Many also require when you bring your device that you install a form of agent to allow you to backup that data.

“It is key to understand, particularly when PoPI comes in, what data the company owns and what they don’t own. My personal documents are not necessarily the property of the company, but then you also need to have the sense if using a corporate laptop, not to save your personal stuff on it. That’s where the container solution comes in, to make sure all corporate information is managed, and if something should happen with the device they can quickly recover it and restore it on similar hardware. The advent of GDPR and PoPI is forcing companies to think about this seriously, and the consequences,” says Fourie.

Building a plan

“In the normal course of drafting a business continuity plan, an organisation undertakes a business impact analysis and a threat or risk assessment, highlighting key areas of single points of failure and what the business understands to be their recovery time objectives and recovery point objectives for different departments and systems,” says Davies. “It is a common-sense approach to understanding your business better and putting plans in place to mitigate risks and manage incidents when they occur. The plan will always be influenced by the company’s risk appetite, legislation within the industry which the company operates in, and the size of the company.

Fourie says there are a few steps companies can take to make sure what their business continuity and disaster recovery plan is, and they revolve around being proactive and identifying potential risks in the environment, and how those risks will affect their operations. “Take ransomware as an example: if my laptop gets infected will it affect the entire business?” he poses. “The next step is implementing the actual stopgaps and procedures for getting around those risks.

“After that it is vital to test those procedures to ensure their effectiveness, and then review and audit the process as you go along, because no business continuity plan or disaster recovery process is perfect. Once you’re sure the entire environment is as compliant as you can possibly get it to, it’s about constantly testing, which is why automated disaster recovery testing is of vital importance. Once you’ve done a backup copy you should run spot checks to see if you can restore certain systems and applications,” Fourie says.

For more information contact:

Commvault, +27 11 575 6570, gfourie@commvault.com, www.commvault.com

ContinuitySA, +27 11 554 8000, info@continuitysa.co.za, www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Alarms are smarter than ever
Spectrum Security Products Technews Publishing SMART Security Solutions Arxtech Perimeter Security, Alarms & Intruder Detection
Modern smart alarms are evolving beyond simple sirens and basic alerts. They now include features such as system health checks, remote management, real-time notifications, mobile apps, and multiple communication options.

Read more...
From the editor's desk: The high price of cheap
Technews Publishing News & Events
Bringing fire and safety, along with intrusion and perimeter protection, into the same publication is an interesting exercise. At their core, all these systems exist for one reason: to warn people ...

Read more...
Fire safety in South Africa
Technoswitch Fire Detection & Suppression Technews Publishing SMART Security Solutions Editor's Choice Fire & Safety Security Services & Risk Management
Fire safety is sometimes ignored, sometimes relegated to whatever is cheapest, and sometimes treated with the seriousness it deserves, given that it focuses on protecting life and assets. SMART Security Solutions asked Brett Birch, MD of Technoswitch, for some insights into the realities of fire safety in South Africa.

Read more...
A risk-based approach to fire safety
Fire & Safety Security Services & Risk Management Industrial (Industry) Agriculture (Industry)
A report by fire engineering consultancy ASP Fire is challenging blanket assumptions around combustible-core sandwich panels, arguing instead for a rational, risk-based approach that balances fire safety requirements with commercial realities in sectors such as agriculture, manufacturing and industrial processing.

Read more...
Preventing and suppressing lithium fires
SMART Security Solutions Technews Publishing Editor's Choice Fire & Safety Security Services & Risk Management Smart Home Automation
SMART Security Solutions asked Clyde Becker, director of Pyro Brand, for some insight into the mechanics of lithium-ion battery fire risks, especially thermal runaway, and to define a comprehensive, layered approach to fire detection and suppression.

Read more...
Integrated layers offer dependable security
OPTEX SMART Security Solutions Technews Publishing Perimeter Security, Alarms & Intruder Detection Integrated Solutions
A layered approach to security tightens protection and minimises downtime and operational risk. Moreover, integrating all the parts of a solution and proving they can do the job before spending money are critical.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
From drone market growth to application-level commercialisation
IoT & Automation Infrastructure
After years of pilot projects and technology validation, the question for the market is shifting from whether drones can fly safely and collect data, to where they can deliver repeatable operational value at scale.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.