classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Managing business continuity and disaster recovery
November 2018, IT infrastructure, Security Services & Risk Management

Organisations are increasingly reliant on their IT systems and data, but they are faced with risks in the form of anything from accidental data loss, to deliberate acts of sabotage such as infections by ransomware. One of the most disastrous examples of how things can go wrong was when the English bank TSB’s failed migration to a different IT platform earlier this year left its customers without access to their accounts for weeks, and eventually resulting in the CEO being sacked.

Gerhard Fourie
Gerhard Fourie

It is therefore vital for businesses to have business continuity and disaster recovery plans in place. While there are key differences between those two components, they go hand in hand, explains Gerhard Fourie, district channel manager for South Africa at Commvault. “The difference essentially lies in the scope. Disaster recovery is the process of getting all the important IT operations back up and running after a disastrous event, whereas business continuity is the actual plan you require to make sure that you can recover. This means making sure that the sales guys have access to the CRM system, the marketing people have access to their marketing videos, the HR department has access to the payroll systems, and so on.”

Michael Davies
Michael Davies

Michael Davies, CEO of ContinuitySA, describes business continuity as “a more proactive approach to withstand potential incidents and disasters, including elements of crisis management, communications, etc., whereas disaster recovery is seen as the more traditional, reactive recovery of data and IT systems. Disaster recovery evolved into business continuity which in turn has evolved into building business and operational resilience,” he says.

“Building business continuity capability and resilience is vital and more important than ever before in this volatile, uncertain, complex and ambiguous world we live in,” Davies continues. “Big data and the acceleration of change in technology, together with social media, growing expectations on privacy and confidentiality with more legislation, means that business continuity needs a comprehensive approach to safeguarding not only data and technology but processes and people too.

More than data

“Business continuity is not only about protecting data. When a disaster occurs, it is highly likely that a company would need to deploy an emergency response, crisis management and communications in addition to recovery of the business. On the topic of cloud computing, cloud providers have experienced outages which affect an organisation’s ability to continue through disruption. There is a common assumption that cloud means that backup is included but that is not necessarily so. Cloud providers are an important part of any organisation’s business continuity plan but that is only part of a comprehensive plan.”

Fourie concurs that, while access to cloud storage services do give companies a way of managing their data backup themselves, it is only one piece of the puzzle. “We saw what happened last year in the US when Microsoft’s Azure platform went down,” he points out. “Many of those customers were thinking they don’t need disaster recovery plans because Azure is taking care of it, but the fact of the matter is if a disaster strikes one of the cloud providers, what are the plans to actually help you get your data back and applications back up and running?

“This can be mitigated by replicating your data to a secondary data centre in a different location. You need to identify your critical systems that you can’t do without. Other things like file servers and print servers can come back online as and when the server is back up, but email and CRM and so on are more critical systems in terms of day to day operations.”

To assist companies with this, Commvault offers a full-spectrum service that goes beyond disaster recovery, by doing a backup and ensuring that it can be restored. The company engages with the customer to identify their key and critical systems, and understand whether it would be necessary to replicate data in a near-live environment in an asynchronous manner, so if there is a disaster they can automatically failover to the disaster recovery site and bring up the services on that side.

In terms of backing up data, Commvault indexes the data so its metadata can be interrogated, and also tests the integrity of the data. Another part of the service involves handling conversions between VMware and Hyper-V data formats if necessary, so that the customer can get their backup restored from the data centre seamlessly.

Explaining ContinuitySA’s role, Davies says: “The primary focus of ContinuitySA is to provide peace of mind to our clients by ensuring that their business continues in times of adversity and potential disasters because they have comprehensive cyber resilience, business continuity plans, recovery site and technology solutions in place. We have 30 years of experience in helping organisations through disasters and tests, ensuring that they stay in business.”

Controlling BYOD

“The business continuity plan (BCP) may or may not include personal devices, depending on the organisation’s policy on personal devices and whether work related data is kept on personal devices,” Davies continues. “Businesses should include personal devices into the BCP for a number of good reasons, and definitely should if work related data is kept on the device. However, the BCP should also include a cyber resilience policy and programme as personal devices may be an easy target for cybercrime and data breaches, putting confidential business data in jeopardy. This in turn has an influence on an organisation’s information security and cyber policy.”

Fourie adds that while the BYOD (bring your own device) phenomenon was a challenge for organisations initially, it is now commonplace and effective solutions have been worked out. “More and more businesses these days are using software containers to isolate important corporate data,” he says. “Many also require when you bring your device that you install a form of agent to allow you to backup that data.

“It is key to understand, particularly when PoPI comes in, what data the company owns and what they don’t own. My personal documents are not necessarily the property of the company, but then you also need to have the sense if using a corporate laptop, not to save your personal stuff on it. That’s where the container solution comes in, to make sure all corporate information is managed, and if something should happen with the device they can quickly recover it and restore it on similar hardware. The advent of GDPR and PoPI is forcing companies to think about this seriously, and the consequences,” says Fourie.

Building a plan

“In the normal course of drafting a business continuity plan, an organisation undertakes a business impact analysis and a threat or risk assessment, highlighting key areas of single points of failure and what the business understands to be their recovery time objectives and recovery point objectives for different departments and systems,” says Davies. “It is a common-sense approach to understanding your business better and putting plans in place to mitigate risks and manage incidents when they occur. The plan will always be influenced by the company’s risk appetite, legislation within the industry which the company operates in, and the size of the company.

Fourie says there are a few steps companies can take to make sure what their business continuity and disaster recovery plan is, and they revolve around being proactive and identifying potential risks in the environment, and how those risks will affect their operations. “Take ransomware as an example: if my laptop gets infected will it affect the entire business?” he poses. “The next step is implementing the actual stopgaps and procedures for getting around those risks.

“After that it is vital to test those procedures to ensure their effectiveness, and then review and audit the process as you go along, because no business continuity plan or disaster recovery process is perfect. Once you’re sure the entire environment is as compliant as you can possibly get it to, it’s about constantly testing, which is why automated disaster recovery testing is of vital importance. Once you’ve done a backup copy you should run spot checks to see if you can restore certain systems and applications,” Fourie says.

For more information contact:

Commvault, +27 11 575 6570,,

ContinuitySA, +27 11 554 8000,,

  Share via Twitter   Share via LinkedIn      

Further reading:

  • From the editor’s desk: Converging access control
    November 2018, Technews Publishing, News
    Welcome to the Access & Identity Management Handbook 2019. We’re publishing this in January as opposed to our traditional end-of-year publishing schedule to make sure you have some bed-time reading for ...
  • Significant differences in ­perceptions on state of digital trust
    November 2018, CA Southern Africa, Access Control & Identity Management, Security Services & Risk Management
    Nearly half of businesses admit to selling customer data, despite claiming data ­protection as paramount; consumer behaviour shows strong correlation between loss of business and lack of digital trust.
  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • Managing who, what and why
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security
    Today’s access control isn’t only concerned with who has access, but also what has access, why they need it and what they are doing with it.
  • Physical/logical convergence
    November 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    The convergence between physical and logical (or cyber) security will be a game-changer because it will change the way we do everything, from planning to design and all the way to installation and maintenance.
  • Physical and logical convergence is a fact
    November 2018, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    Convergence, the next buzzword? A dated buzzword? Is convergence ­merely ­integration on steroids? What is convergence?
  • The expanding role of IT in access control
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    What role is IT playing in the world of physical access control and how far will its role expand in future?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • A scan of fingerprint biometrics
    November 2018, Technews Publishing, Access Control & Identity Management
    Given the increase in the use of fingerprint technology in public and private organisations, as well as some recent announcements on the reliability or lack or reliability of certain types of sensors and algorithms in the fingerprint biometric market, Hi-Tech Security Solutions spoke to some of the leading fingerprint biometric vendors in the market to find out more about the state of this market.
  • BIMS set to change identity ­management
    November 2018, Technews Publishing, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Local biometrics integrator, Ideco Biometric Security Solutions, has announced that its Biometric Identity Management System (BIMS) has been launched to market.
  • Your face tells a story
    November 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Government and Parastatal (Industry)
    Facial recognition has advanced to the point where it can be rolled out over large areas and accuracy is no longer a hit-and-miss affair.
  • The right access decisions
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management
    Making the right access control decision depends on what you want secured and how secure it should be.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.