3 ways to consolidate data security and disaster recovery strategies

by Novi Technology Novi Technology

Data security and disaster recovery have long been considered as two distinct strategies requiring separate plans of action. However the emergence of cloud as the mainstay of enterprise IT operations means that this approach could cause issues for businesses. The tendency to assume that adequate security measures negate the need for a robust disaster recovery strategy (as the inevitable won’t happen) is leaving a business vulnerable. While protocols required might differ, to view security and disaster recovery as 2 separate functions is risky as even with the most robust security measures in place other disasters, such as floods or fire can happen.

Even excluding natural disasters IT security measures no matter how agile and sophisticated are at pains to keep up with the ever-evolving threat landscape. IT Managers need to have a plan that prevents unscheduled downtime and data loss occurring. Merging all these considerations into one strategy is now essential as more and more infrastructure is moved to the cloud.

Truly resilient IT strategies must have a combined security and recovery plan. The first line of defence is to keep the threats out of the network but in today’s world of increasingly sophisticated attacks that approach is not sufficient. A recovery plan also needs to be aligned to the security plan to ensure that in the event of a threat breaking through the defences downtime is kept to a minimal and normal operations resumed as soon as possible.

Here are Novi’s recommended 3 steps to take to forge a consolidated security and recovery plan.

1. Devise a multi layered IT Security strategy

The key to safely securing your business from cyber attack is layering. The more security layers you have in place the better. Antivirus is no longer enough as a defence mechanism. Other measures such as two factor authentication, next generation firewalls, internal firewall segmentation, a secure offsite repository and ongoing monitoring are all important steps to consider in a robust security strategy. Unfortunately, there is no magic bullet when it comes to a robust cyber security solution. There are many elements and entry points to a network to consider. That coupled with the increased sophistication of attacks means that IT Managers need to broaden their thinking.

2 Commit to a planned upgrade schedule

More and more cyber attacks are entering networks through known vulnerabilities that remain unpatched. Patching can be an arduous and time-consuming task and it can be risky to reply on users to apply patches when prompted. Automated patching tools such as Novi Patchguard can help IT departments keep up to date with upgrading all devices across their estate. Managed via a centralised dashboard a patch management service will identify what patches have been installed and more importantly what haven’t. Patches can be applied on a scheduled basis can can include remote devices once they become online.

Automated patch management enables IT departments to streamline the patching process and keep operating systems up to date reducing the risk of threats entering the network.

3. Make sure to test disaster recovery plans

Disaster recovery testing should not be an annual drill. Frequent testing is needed to ensure that recovery times remain high so that downtime is minimised. Only with testing can you prove that the backup plan is as effective as it needs to be. Ongoing testing is necessary as the effectiveness of the plan can be impacted with changes to personnel, skill levels and hardware and software architectures.

Converged Plans

Security and disaster recovery plans should align and be considered as a combined strategy with a 3-pronged approach to protect, detect and respond. As one strategy they should be managed by a single team to keep consistency. Often businesses utilise the skills of a managed service provider to capitalise on their expertise. An experienced IT Managed Services company can advise on a combined security and disaster recovery strategy and implement the required measures to affect that strategy. The benefit of their tried and tested expertise is invaluable as IT Managers are easily overwhelmed by the wealth of information and different solutions now available in the security area. A good IT Managed Services provider is constantly testing new strategies, services and solutions and will be well versed in the latest technologies that will assist in protecting data, secure storage of replicate data and speedy resolution of service in the event of an attack.