Due to the tragic events
that occurred on September 11, 2001 more attention is focused on security, at
airports, public and sporting events such as the Olympics, etc., and of course
security of computer systems.
Disaster recovery as seen in
New York was stymied by the fact that the city of New York had its emergency
response center located inside of the World Trade Center.This was the first time in the history of
the US stock market that a disaster caused it to be closed for a period of two
weeks.
The role of security, and
disaster recovery/business resumption planning in an organization has taken on
a new urgency in the business world, and the government with the creation of
the Department of Homeland Security.
As businesses automate core
functions, they gain competitive advantages over their competitors that may be
doing similar tasks manually.
Automating core and critical business functions should increase the
profit of a business, if it is carried out in a cost effective manner with the
proper security. As business functions
are automated to increase efficiencies, the revenues per employee should
continue to rise along with its stock price.
As output of a company rises from automation, the efficiencies
create a
win-win situation for the company and our economy.
The need for better and
faster computing technologies incorporated into the business infrastructure
continues at a fast pace, as our society and economy becomes increasingly
information based.
Businesses need to examine
and plan their computer technology security very carefully as they become more
dependent on automated business processes.
A secure computing environment is as much a business problem as a
technological problem that needs to be addressed, starting at the upper
levels
of management.
Information Technologysecurity, Information Security (InfoSec), or
computer security are synonymous terms.
These terms address the areas of protecting your computing system and
everything associated with it. This
includes the building, terminals, printers, cabling, networks, hard disks,
tapes, power sources, and your data and programs stored on these systems. Most people think of outside intruders who
break into systems to steal or wreak havoc as the main danger. Outside intruders do exist and receive most
of the media attention, but they are not the only or primary danger to your IT
systems. There are more immediate dangers such as divulging passwords to
others, failing to make back ups of critical data, accidentally spilling on or
destroying equipment, or opening e-mail attachments that have viruses, which
are more likely to cause problems to your IT systems on a daily basis.
There are three distinct
aspects of computer security: secrecy or confidentiality, accuracy or
integrity, and availability. Your
assessment of what type of security your organization requires will influence
your choice of the particular security techniques and products needed to meet
those requirements.
In business environments,
confidentiality ensures the protection of private information, such as payroll
data, as well as sensitive corporate data, such as internal memos and
competitive strategy. Secrecy is
important to the DoD, to protect vital assets and information from the
enemy. In these environments, the other
aspects, integrity or availability, may not be as important as secrecy and
confidentiality.
This ensures that the system
does not corrupt the information or allow any unauthorized malicious or
accidental changes to it. In network
communications, a related variant of accuracy known as authenticity provides a
way to verify the origin of data, by determining who entered or sent it, and by
recording when it was sent and received.
In financial systems, this is generally the most important aspect of
security.
This addresses the issues of
keeping your computer systems hardware and software working efficiently, and
the system is able to recover quickly and completely if a disaster occurs. Internet based businesses, e.g., Ebay,
Yahoo, etc., regard availability as one of the most important aspects. If their servers go down, customers cannot
access the company's services and products.
The business grinds to a halt. Availability is important, also, for the
other two aspects, because if you do not have access to your computer you do
not know the status of confidentiality or accuracy.
Any computer that is
networked has the potential to be compromised.
Since most large businesses have various operating system platforms
networked together, they fall into the category of a Distributed Computing Environment (DCE). As a business it is the management's
responsibility to determine how much effort and money will be spent on securing
the IT infrastructure and determining the risk/reward ratio that a company or
organization is willing to accept.
Planning for disaster
recovery is a serious undertaking that is required by all companies with a DCE
infrastructure. This effort needs to
come with a commitment from upper management.
Financial resources need to be allocated with the establishment of a
planning committee. Critical business processes
need to be identified and a risk assessment of DCE vulnerabilities needs to be
completed.
Security policies and
strategies must address the following vulnerabilities of the IT infrastructure:
Not incorporating secure IT
into a business leads to increased business operational vulnerabilities, possible
bankruptcy, and possible litigation from investors. Planning initially with support from the management to
incorporate secure IT into the business infrastructure may be a small price to
pay compared to potential disasters waiting to happen or paying the increased
costs after your infrastructure is complete.
Contact HarvestSoft
for your Disaster Recovery and Business Continuity Planning needs now!