Archive for the ‘DR’ Category

Disaster recovery and the mobile office

April 27, 2012

As we are all aware, today’s working culture has moved on from the traditional old 9 to 5 office work to a new concept where people are working flexible hours from flexible locations. As a consequence, both employers and employees expect more – in particular, the ability to work seamlessly from any device and from any location.

Technology advancements in telephony, collaboration tools, virtualisation, security and application and desktop delivery have enabled the ‘mobile office’ concept to be embraced faster than a speeding freight train. Adoption is also driven by the many benefits achievable through this solution – for instance, basing some staff at home can be used to reduce building and office related costs.

Relocating employees to work from their own desks using their own utilities can not only provide many financial benefits, but also allow avoiding issues such as transportation strikes and weather disasters, or the much-anticipated chaos during the Olympics and Paralympics.

But more strategically, when it comes to disaster recovery and business continuity planning, more and more companies are choosing to utilise the mobile or home office concept as a significant and vital recovery tactic. Dedicated workplace recovery services can be costly, and placing technology services at a designated workplace recovery suite will have an additional financial impact.

Similarly, if a company has multiple offices and the continuity plan states that a number of staff must relocate, for example, from the London office to the Birmingham office, then that number desks must be either kept available, which is costly, or the existing staff displaced, with a loss of function or productivity. Then, there is also the matter of a number of PCs to configure as well as the setting up of telephones and other equipment.

Basing or rotating technical support or business support functions at home can be a huge advantage when faced with a business continuity scenario. Home-based workers are less likely to be affected by denial of access issues such as high profile terrorist targets or threats, major city power failures, office fires or flooding. The first members of staff ready and waiting for services to be brought online to be able to work during an invocation are the home-based employees.

It is not all easy and straightforward, though: all devices used by mobile and home workers – mainly laptops, smartphones and tablets – have to be managed properly and securely by the company.

Policies, technology and management tools must be in place to block users from saving or transferring harmful data onto devices, and also to maintain client confidentiality and adhere to Data Protection regulations as well as contractual obligations to customers, whilst still allowing staff to seamlessly access applications and data stored within the corporate network.

The tools already exist to support businesses to remotely manage, secure or wipe devices, remotely activate device services, and to create and manage their own security policies – whether those policies are corporate ‘end-user acceptable use’ policies, or technology enforcing policies such as disallowing ‘Copy & Paste’ between devices or disabling printing or screen capture.

Fortunately, thanks to new technologies and industry best practices, the tools to achieve business continuity and to make a full recovery after a serious incident are all quite easily available. If the company’s disaster recovery and business continuity plan covers the mobile office service as well as any physical offices, the chances of a successful recovery and return to ‘business as usual’ are vastly improved. Moreover, there may be an advantage to be won over competitors going through the same issues, as well as reputational and credibility gains.

The key to any mobile office solution is resiliency and planning. It is vital that considerable thought, planning and design for the mobile office service is placed at the forefront of any disaster recovery environment and business continuity plan, to provide resiliency and contingency for the mobile and home-based workers in the event of technology failure, office inaccessibility or other unplanned incidents, as these employees may be the key to providing rapid continuation of business services in the most productive, seamless and cost-effective manner.

Jennifer Norman, Technical Consultant

This article was written for Contingency Today:


5 tips for moving Disaster Recovery to the Cloud

October 5, 2010

As virtualization technologies become increasingly popular, more and more businesses are thinking about using cloud computing for Disaster Recovery. Experts in the field believe that there are many advantages in embracing this solution – however, there are also some potential threats that need to be taken into account.

In order to consider cloud computing services, organisations need to evaluate the potential risks to their Information Assets and, in particular, how a 3rd party supplier will affect the Confidentiality, Integrity and Availability of their data.

Here are five tips on how to deal with the main challenges:

1. Risk Assessment and Asset Valuation

Right from the outset, organisations should try to understand what the greatest risks to the business are and identify which information assets are too important or too sensitive to hand over to a 3rd party supplier to control.

2. Smoke and Mirrors

To overcome the risks associated with choosing a new supplier, it is a good idea to carry out due diligence on the Cloud Supplier – find out all you can about who you will be trusting with your information and review their facilities, processes and procedures, references and credentials, i.e. if they are ISO27001 accredited.

3. Migrating Information

Once a decision is made to either partially or wholly migrate data/systems to the cloud, the biggest challenge is how to ensure there is a seamless migration to the external provider’s service. This is a very delicate step which, if dealt with inadequately, may result in data loss, leakage or downtime which could prove extremely costly to the business.

4. Service Level Management

When businesses trust 3rd parties with their vital corporate, personal and sensitive information, it is important to set up structured SLAs, Confidentiality Agreements, Security Incident handling procedures, and reporting metrics, and above all ensure they provide compliant, transparent, real-time, accurate service performance and availability information.

5. Retention and disposal

Depending on the policies and regulatory requirements applicable to the business, one of the main challenges with cloud computing is how to ensure the corporate retention polices are enforced if the information is located outside the company’s IT network perimeter. Obtaining certificates relating to the destruction of data is one thing, but proving that information identified as sensitive or personal is only kept for as long as necessary is another.  With the economies of scale often associated with cloud computing, total adherence with retention policies of individual companies may prove difficult if resilience, backup and snapshot technologies are employed to safeguard the environment from outages or data loss.

David Cowan, Head of Infrastructure and Security

Find this article in the ‘5 tips’ section of Tech Republic: