Thursday, June 10, 2010

Disaster: "When Bad Things Happen to Good Information Technology"

We all see what happens when people and organizations are not prepared for disaster. Whether the disaster is natural (hurricanes) or man-made (oil spills) there is one disaster we will all experience to some degree in our own lifetime: massive technology failure. It can be as simple as your smart phone and personal computer acting up or breaking down on the same day or as extensive as a company’s entire systems and infrastructure critically failing.

The chance of a disaster on any given day is miniscule, but over time the individual chances continue to mount. Without a plan in place, things can quickly evolve into a true nightmare. Disasters can, and do, happen, so it doesn’t pay to be unprepared. Too often organizations that believe "this is too costly and can wait for a better time to be addressed" find that the real costs lie in disaster recovery, and not prevention.

Since disaster can come from all angles, what can we do to prevent it and keep business operating as usual? What would be the Business Impact if any (or all) parts of your IT infrastructure experienced a disaster?

While a disaster can never be predicted as to when it will happen, there are several warning signs that indicate you are at risk.

Aging Equipment: When equipment starts to become outdated (either due to age or the advent of more advanced hardware) it will be more prone to a variety of issues occurring with the worst end of the spectrum being dead equipment. Aging equipment also incurs more expenses by needing increased servicing. In cases of extremely old equipment, your technology may have aged into a legacy category. Think about your IT hardware like a car but with a shorter life span. If it is properly maintained the life can be extended but once it has reached a certain age (4-to-6 years) the costs of continually servicing the machine will start to out strip the benefit of keeping it.

Type and Frequency of Backup: There are roughly 7 tiers of back up types, ranging from absolutely nothing in place to pricy automated recovery. Depending on how mission-critical time and data recovery is to your business, you can determine which tier is most appropriate. So – ask yourself if your back up a disk image? Disk mirroring? Parallel server(s)? And act accordingly.

Insufficient Resources: If you are running low on memory for your servers or do not have back up servers, either on-site, off-site or virtually, your risk of a crash and longer recovery time is exponentially higher. Having a Business Continuity Plan and a Disaster Recovery Plan for your company will save you time and money in the long run!

Wrong User Permissions: This is one of the most easily avoidable and one of the most dangerous mistakes out there. An employee with unlimited permissions can inadvertently or maliciously access and change critical settings. This can also lead to improper data editing and deletion. Consider what would happen if every employee had access and was able to edit payroll and accounting information? It is the type of disaster that has ruined many small businesses.
Improper Maintenance: Just like anything man-made, your IT infrastructure needs to be regularly serviced to maintain optimal performance. Minor problems that do not shut down business operations and go unnoticed or ignored can quickly snowball into a major disaster. Every so often you have a car tuned-up to increase its lifespan; computer hardware is exactly the same.

Security: This contains two main components: Firewall & Anti-Virus. Many products exist that will fill the majority of needs for the average business. Choosing the proper one should be aligned specifically to organizational needs and risks. Nearly everyone has antivirus software, but is it updated and is it protecting what you think it is protecting? Who and what is your firewall letting in? If you don’t know the answer to these questions, you probably need a security upgrade.


Do you have a DRP (Disaster Recovery Plan) in place? Does it cover all applications, data, hardware, communications/networking, and other IT infrastructure?
If not, one can be created after having a Business Continuity Plan Asset Assessment. This will detail what is most critical for your company and the best approach to protect assets between necessity and cost.

Most plans will have several steps involved mitigation measures including: preventive, detective, and corrective measures and monitoring at all phases. Many organizations wait until costly and time consuming corrective measures need to be taken.

After creating a plan, it needs to be maintained and updated as new hardware and software become integrated to the company.

But the best way to face a possible disaster is to follow the old Boy Scout motto: “Always be prepared”


Labels: , , , , , , , , ,

posted by Dataccount Inc. @ 4:35 PM   9 Comments