Data Protection 360

What's in your disaster recovery plan?

Last week, I wrote about disaster recovery, and what to do when disaster strikes and your company’s main facility is inaccessible. An old-fashioned phone tree and an alternate physical location, perhaps in a neighboring town, is just the beginning, though.

Some companies, especially with sensitive operations, do contract with an office/facilities management company for emergency back-up physical office space, but there is another alternative, and that’s to “go virtual.� In fact, even during ordinary times, there are presently many smaller companies that operate purely on a virtual basis with no physical headquarters. Doing so would be a little trickier for a larger organization, but it’s very possible in an emergency. Having a back-up plan to “go virtual� during a disaster may just be the best way to go. For one thing, if there’s a city-wide disaster, it’s very possible that even your back-up physical office could be inaccessible. Roads might be impassable, and it may be difficult for employees to gather anywhere. Employees may be stuck at home. But there’s one thing that almost all of your employees will have in common, and that’s that they have Internet access at home. Assuming that Internet service is still available, operating remotely could solve the business continuity problem in a disaster situation.

This does require some advance planning, however, and just advising your staff to “log in from home� is inadequate. You’ll need to ensure that everyone has remote software, or immediate access to it. It may not be necessary to provision remote access software ahead of time to everybody of course, just make sure everyone understands where to find the download or how to access the VPN securely from home.

And the biggest challenge is the same challenge faced by companies implementing remote teleworking in general, and that’s to ensure that the computers being used are compliant with internal policies (e.g., up to date antivirus software, etc.). And of course, remote authentication and authorization needs to be stringently applied, preferably with a two-factor authentication system with a granular system of authorization, so that each employee gains access to what they need, but not what they don’t need. And besides being compliant with your own internal policies, you’ll still be liable to comply with any legislative compliance mandates as well, so the same precautions and procedures will still apply.

So, how much thought have you given to your own disaster recovery plan? Let’s take a poll and see:

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world