Are you prepared for the worst possible DR scenario

Disasters can strike at any time and at any place and can be from mild to severe (usually severe). But are you prepared for the worst possible disaster attack? It is time to review or update your DR plan as it might not best be suited for the worst disaster recovery case scenario.

Backup for the ‘worst’

‘Worst’ is a relative term. While some enterprises might plan for the end of the world, total destruction as a worst-case scenario, others might not go all overboard with this.

The important thing to note here is that there might be different ‘worst cases’ for different enterprises. Everyone has to be prepared for their version of a worst-case scenario.

Take VFEmail hack for example, the attack took place earlier this year. In the attack, all of VFEmail’s U.S business data was deleted by the hackers overnight, without any sort of warning. Although they were able to ultimately recover its European operations, their U.S business no longer exists.

Many enterprises tend to ignore the fact that they could be hit by a worst-case scenario and don’t find it necessary to prepare for it. This is a very unprofessional approach and should be avoided.

Business Continuity & Disaster Recovery

While planning for the worst cases, business continuity should be in the mind of the business owners. If your backup and DR plan has some uncertainties which might make it vulnerable in case of a worst case scenario, then it is time to rethink and setup a new plan.

Risk calculation is important. It is important to note down exactly how will a severe natural disaster will affect the enterprise. If it is too much to handle for the enterprise, then it is time to setup a plan which is more effective and suitable for the enterprise.

A Disaster Recovery plan should check out a very important point and that is business continuity. If your enterprise can sustain a worst possible natural disaster with no disruptions to day to day operations whatsoever, then your plan is good enough, otherwise, make a plan for it.

Conclusion

Think of a worst DR scenario and put your plan in place of it and ask yourself, how well prepared are you for it? If everything checks out, your good to go, if not, advise a plan which is best suited for mild to sores case scenarios, in terms of disaster recovery.

Utility versus Fully Managed Cloud Backup and DR

The cloud market is getting highly saturated day by day. The options for cloud and backup solutions are increasing. The organizations that fail to benefit from cloud solutions are the ones that don’t take decision making seriously. A high percentage of organizations fail to provide a high availability structure to their customers and employees.

There are two types of backup service providers:

•             Utility Service Providers

•             Fully Managed Backup service providers

What is the difference between the two kinds of services?

The answer lies here:

Utility Service Providers

Utility Service Providers deploy backup and DR as a utility assuming that the organization requires the

utility only and has dedicated trained personnel to oversee the backup processes. Having trained IT

professionals to handle Cloud Backup services can be costly and SMEs and SMBs seldom have that manpower. What happens here is that the solutions are deployed without taking the data security and management into account.

Organizations end up losing data because of poor management. This is because the Backup service has been deployed as a mere utility. The main principle that should be from the cloud service provider’s perspective is that “you handle your end and we handle our”. On these terms, the ambiguity is removed.

Fully Managed Backup Service Providers

A fully managed backup service comes with all the perks of management and security. It saves a lot on the labor overhead. Reduces the possibility of human error. The cloud service provider in this case covers the deployment and overseeing of secure data transfer and backup.

Organizations should make sure that their data and backups are actively monitored. Choose from reliable service providers that prioritize security. The hardware used must be reliable. Cloud service providers should be compliant to well-known standards along with the standard that your organization follows. Lastly, even though the CSPs manage the infrastructure, Organizations must retain visibility and control. Everything should be transparent.

Conclusion

Fully Managed cloud backup and DR comes with a lot of advantages. The mission-critical workloads of the organization are managed with the right priority. Cloud backup service should not be completely ruled out; it is still an option for an organization that has dedicated staff to oversee the backup processes. Choosing from among a lot of different cloud vendors in a saturated market can be challenging. Organizations should not compromise on security, hardware, and control.

Ransomware attack on the Government of Nunavut

Ransomware has struck again and this time the victim is the government of Nunavut. Their communication system was infected with malicious software that encrypted GN servers, workstations and files, rendering them inaccessible. If they have backup and disaster recovery plan they would save thier data from such attacks.

The good news, however, is that GN services remained open and available which shows how serious they were about backups and were fully aware of the ransomware threats.

Backup & DR helped GN to remain open

A new and a very advanced, sophisticated type of ransomware hit the government of Nunavut’s electronic communication system. Fortunately, the essential services were not affected and the GN remained opened, although there may be some delays due to the attack.

Joe Savikataaq, a Nunavut premier stated that Nunavummiut are working non-stop to resolve this issue as quickly as possible and further said that essential services will not be impacted in any way and the GN will continue to operate while this issue is resolved.

Now, how was this possible? 

How were they able to remain operational even after a ransomware attack?

Backup and disaster recovery. They had a proper backup and disaster recovery plan in place which enabled them to continue operations efficiently, without suffering a lot of downtime.

Having said this, they did not remain completely operational. They only managed to remain partially open. So far, electronic data for services related to health, family services, education, justice and finance are down.

If a person wants to visit the QCH or the health clinic, he or she needs to bring their health card and a list of any medication they may take if form of a hard copy, until the services are restored back, which the officials say as a top priority.

The Officials stopped Ransomware from spreading

The attack encrypted individual files on many servers and workstations but the officials were able to stop the malware from spreading and are restoring all the files from the backups.

According to the GN, there was no loss of personal information or any privacy breach and the team was working around the clock to help restore all the files and services as soon as possible. The GN requested patience and corporation from the general public.

 A better DR plan would have boosted the recovery process

There is no doubt that the GN did a formidable job in stopping and containing the malware and are recovering from backups, but it is taking quite a long time to do so. They were able to restore some operations and were partially available but still suffered some inconvenience as their communication system was infected.

All this could have been avoided if they had a reliable and efficient DR backup plan which offers RTOs less than 15 minutes and offers end-to-end encryption which makes it highly resilient to ransomware. StoneFly, for example, offers such disaster recovery solutions in a very cost effective way.

Conclusion

The ransomware attack on the government of Nunavut reminds us how common these attacks have become and how important it is for any organization to setup a backup and disaster recovery plan. It enables organizations to restore workstations and servers and continue operations without suffering any sort of downtime whatsoever.