Managing business continuity and disaster recovery

November 2018 Infrastructure, Security Services & Risk Management

Organisations are increasingly reliant on their IT systems and data, but they are faced with risks in the form of anything from accidental data loss, to deliberate acts of sabotage such as infections by ransomware. One of the most disastrous examples of how things can go wrong was when the English bank TSB’s failed migration to a different IT platform earlier this year left its customers without access to their accounts for weeks, and eventually resulting in the CEO being sacked.

Gerhard Fourie
Gerhard Fourie

It is therefore vital for businesses to have business continuity and disaster recovery plans in place. While there are key differences between those two components, they go hand in hand, explains Gerhard Fourie, district channel manager for South Africa at Commvault. “The difference essentially lies in the scope. Disaster recovery is the process of getting all the important IT operations back up and running after a disastrous event, whereas business continuity is the actual plan you require to make sure that you can recover. This means making sure that the sales guys have access to the CRM system, the marketing people have access to their marketing videos, the HR department has access to the payroll systems, and so on.”

Michael Davies
Michael Davies

Michael Davies, CEO of ContinuitySA, describes business continuity as “a more proactive approach to withstand potential incidents and disasters, including elements of crisis management, communications, etc., whereas disaster recovery is seen as the more traditional, reactive recovery of data and IT systems. Disaster recovery evolved into business continuity which in turn has evolved into building business and operational resilience,” he says.

“Building business continuity capability and resilience is vital and more important than ever before in this volatile, uncertain, complex and ambiguous world we live in,” Davies continues. “Big data and the acceleration of change in technology, together with social media, growing expectations on privacy and confidentiality with more legislation, means that business continuity needs a comprehensive approach to safeguarding not only data and technology but processes and people too.

More than data

“Business continuity is not only about protecting data. When a disaster occurs, it is highly likely that a company would need to deploy an emergency response, crisis management and communications in addition to recovery of the business. On the topic of cloud computing, cloud providers have experienced outages which affect an organisation’s ability to continue through disruption. There is a common assumption that cloud means that backup is included but that is not necessarily so. Cloud providers are an important part of any organisation’s business continuity plan but that is only part of a comprehensive plan.”

Fourie concurs that, while access to cloud storage services do give companies a way of managing their data backup themselves, it is only one piece of the puzzle. “We saw what happened last year in the US when Microsoft’s Azure platform went down,” he points out. “Many of those customers were thinking they don’t need disaster recovery plans because Azure is taking care of it, but the fact of the matter is if a disaster strikes one of the cloud providers, what are the plans to actually help you get your data back and applications back up and running?

“This can be mitigated by replicating your data to a secondary data centre in a different location. You need to identify your critical systems that you can’t do without. Other things like file servers and print servers can come back online as and when the server is back up, but email and CRM and so on are more critical systems in terms of day to day operations.”

To assist companies with this, Commvault offers a full-spectrum service that goes beyond disaster recovery, by doing a backup and ensuring that it can be restored. The company engages with the customer to identify their key and critical systems, and understand whether it would be necessary to replicate data in a near-live environment in an asynchronous manner, so if there is a disaster they can automatically failover to the disaster recovery site and bring up the services on that side.

In terms of backing up data, Commvault indexes the data so its metadata can be interrogated, and also tests the integrity of the data. Another part of the service involves handling conversions between VMware and Hyper-V data formats if necessary, so that the customer can get their backup restored from the data centre seamlessly.

Explaining ContinuitySA’s role, Davies says: “The primary focus of ContinuitySA is to provide peace of mind to our clients by ensuring that their business continues in times of adversity and potential disasters because they have comprehensive cyber resilience, business continuity plans, recovery site and technology solutions in place. We have 30 years of experience in helping organisations through disasters and tests, ensuring that they stay in business.”

Controlling BYOD

“The business continuity plan (BCP) may or may not include personal devices, depending on the organisation’s policy on personal devices and whether work related data is kept on personal devices,” Davies continues. “Businesses should include personal devices into the BCP for a number of good reasons, and definitely should if work related data is kept on the device. However, the BCP should also include a cyber resilience policy and programme as personal devices may be an easy target for cybercrime and data breaches, putting confidential business data in jeopardy. This in turn has an influence on an organisation’s information security and cyber policy.”

Fourie adds that while the BYOD (bring your own device) phenomenon was a challenge for organisations initially, it is now commonplace and effective solutions have been worked out. “More and more businesses these days are using software containers to isolate important corporate data,” he says. “Many also require when you bring your device that you install a form of agent to allow you to backup that data.

“It is key to understand, particularly when PoPI comes in, what data the company owns and what they don’t own. My personal documents are not necessarily the property of the company, but then you also need to have the sense if using a corporate laptop, not to save your personal stuff on it. That’s where the container solution comes in, to make sure all corporate information is managed, and if something should happen with the device they can quickly recover it and restore it on similar hardware. The advent of GDPR and PoPI is forcing companies to think about this seriously, and the consequences,” says Fourie.

Building a plan

“In the normal course of drafting a business continuity plan, an organisation undertakes a business impact analysis and a threat or risk assessment, highlighting key areas of single points of failure and what the business understands to be their recovery time objectives and recovery point objectives for different departments and systems,” says Davies. “It is a common-sense approach to understanding your business better and putting plans in place to mitigate risks and manage incidents when they occur. The plan will always be influenced by the company’s risk appetite, legislation within the industry which the company operates in, and the size of the company.

Fourie says there are a few steps companies can take to make sure what their business continuity and disaster recovery plan is, and they revolve around being proactive and identifying potential risks in the environment, and how those risks will affect their operations. “Take ransomware as an example: if my laptop gets infected will it affect the entire business?” he poses. “The next step is implementing the actual stopgaps and procedures for getting around those risks.

“After that it is vital to test those procedures to ensure their effectiveness, and then review and audit the process as you go along, because no business continuity plan or disaster recovery process is perfect. Once you’re sure the entire environment is as compliant as you can possibly get it to, it’s about constantly testing, which is why automated disaster recovery testing is of vital importance. Once you’ve done a backup copy you should run spot checks to see if you can restore certain systems and applications,” Fourie says.

For more information contact:

Commvault, +27 11 575 6570, [email protected], www.commvault.com

ContinuitySA, +27 11 554 8000, [email protected], www.continuitysa.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

From the Editor's desk: The good, the bad, and the victims
Technews Publishing News & Events
When the Internet first arrived, everyone was expecting amazing things from it, well, everyone who knew what it was and how it worked. We had the dotcom boom and bust, and it’s fair to say that if we ...

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
Get the AI fundamentals right
Technews Publishing SMART Security Solutions Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
The role of drones in farm protection
Agriculture (Industry) Security Services & Risk Management
Laurence Palmer reminds us of the role drones play in agricultural security and offers a free security risk assessment template for downloading (link at the end of the article).

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Combining TETRA or DMR with 5G broadband
Infrastructure IoT & Automation
As enterprises face rising complexity and connectivity demands, hybrid networks offer a transformative path, combining the proven reliability of TETRA or DMR with the innovation and coverage of 5G broadband.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.