Now that conferences and trade shows are back in person, I’m reminded of how it is our tendency to look to technology to solve all our problems.
Business resilience was one of the prevalent themes at RSA last week and I can tell you from years of experience working on a disaster recovery team, no matter how advanced a technology is, technology is not the place to start. What you need first is a business continuity plan (BCP).
A BCP helps you identify all the core assets required to keep your business running so you can maintain resilience in the face of an interruption. If your disaster recovery team has a BCP then that groundwork is already done. You can use that as a roadmap to explore technology that can help with continuity and resilience. However, if you don’t have a BCP then you’ve got the proverbial conundrum: “How do you eat an elephant?” In other words, where do you begin?
Whether you have a plan or not, the following questions and tips can help you work your way through the process and make your business more resilient.
What applications and infrastructure does the organization need to generate revenue?
Keep in mind that business continuity extends beyond IT and related systems and should encompass all critical business functions, including sales, marketing, customer support, human resources, and more. Every organization is different so think through what functions must remain operational in order for your business to keep generating revenue and remain focused on how to minimize the impact of disruptions to those systems and processes.
What’s regulated?
Business resilience and meeting privacy regulations are interrelated. If you have sensitive data that if not protected in the event of a disruption will subject your organization to penalties or fines, then you need to comply with those regulations as part of your BCP. Certain laws may require encryption, but to maintain availability of sensitive data that is out of scope of compliance or if you want another layer of resilience in addition to encryption, consider Microshard™ technology which uses a “Shred. Mix. Distribute” approach to obfuscate data.
Are there other dependencies you might have overlooked?
Making sure critical applications can continue to run is paramount, but if they are dependent on email then your email system becomes high priority by default. So, it’s important to think all of these dependencies through and include these systems in your BCP. Additionally, in a recent discussion, Rob Clyde, Board Director at ISACA, and White Cloud Security Executive Chair, pointed out that if one of your dependencies is your cloud provider, consider a multi-cloud and/or multi-region strategy. That way, if a certain provider or geography is disrupted, you may be able to continue running with other locations.
Microshard technology offers additional business continuity benefits because you can store microsharded data in different regions, in different clouds, even using a combination of on-premises and cloud. In the event of an outage or network issue, the global failover feature reduces the risk of downtime and avoids a single point of failure. User activity is seamlessly directed to an operational location if one location becomes inaccessible.
If certain applications or infrastructure go down, how long will the business survive?
It’s not enough to have a BCP. Your runway for recovery is only as long as your answer to this question, so it is critically important to test your BCP periodically. In a recent ShardSecure webinar, our guest Forrester Principal Analyst Heidi Shey advised, “Test your plan to see if the outcome is what you expected. Then, learn from this and take corrective measures.” Lots of late nights can be spent waiting for different systems to be brought back up, costing businesses millions of dollars per hour. The goal is to shorten that time as much as possible.
What is your time to recovery?
The point of testing is to iterate and improve. But you can also add more layers of resilience to ensure consistent levels of data availability and integrity even when systems go down, so recovery time is less of a concern. Microshard technology incorporates a feature called self-healing. If a data storage location becomes unavailable for any number of reasons—an outage or network issue, or deleted, corrupted or encrypted due to human error or a cyberattack—the overlapping data in the other locations is used to transparently, and in real-time, reconstruct the data for your applications. This ensures a high level of uptime, without having to restore data from backups in many outage scenarios.
Technology is no substitute for a BCP, but it can help you meet the outcomes you desire once your plan is in place. In this blog, I’ve touched on just a few of the features that our Microshard technology incorporates to assist in the availability, reliability, and resiliency of your data to deliver business continuity and disaster recovery benefits. To learn more about how ShardSecure can help you maintain business resilience in times of uncertainty, download our white paper, “Improving Business Continuity with ShardSecure.”