What's in your disaster recovery plan?
Last week, I wrote about disaster recovery, and what to do when disaster strikes and your company’s main facility is inaccessible. An old-fashioned phone tree and an alternate physical location, perhaps in a neighboring town, is just the beginning, though.
Some companies, especially with sensitive operations, do contract with an office/facilities management company for emergency back-up physical office space, but there is another alternative, and that’s to “go virtual.” In fact, even during ordinary times, there are presently many smaller companies that operate purely on a virtual basis with no physical headquarters. Doing so would be a little trickier for a larger organization, but it’s very possible in an emergency. Having a back-up plan to “go virtual” during a disaster may just be the best way to go. For one thing, if there’s a city-wide disaster, it’s very possible that even your back-up physical office could be inaccessible. Roads might be impassable, and it may be difficult for employees to gather anywhere. Employees may be stuck at home. But there’s one thing that almost all of your employees will have in common, and that’s that they have Internet access at home. Assuming that Internet service is still available, operating remotely could solve the business continuity problem in a disaster situation.
This does require some advance planning, however, and just advising your staff to “log in from home” is inadequate. You’ll need to ensure that everyone has remote software, or immediate access to it. It may not be necessary to provision remote access software ahead of time to everybody of course, just make sure everyone understands where to find the download or how to access the VPN securely from home.
And the biggest challenge is the same challenge faced by companies implementing remote teleworking in general, and that’s to ensure that the computers being used are compliant with internal policies (e.g., up to date antivirus software, etc.). And of course, remote authentication and authorization needs to be stringently applied, preferably with a two-factor authentication system with a granular system of authorization, so that each employee gains access to what they need, but not what they don’t need. And besides being compliant with your own internal policies, you’ll still be liable to comply with any legislative compliance mandates as well, so the same precautions and procedures will still apply.
So, how much thought have you given to your own disaster recovery plan? Let’s take a poll and see:
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.








Great job
Love this article.Mike Ellis
VOLO
www.volorecovery.com