Recovery options and measures of success
1. Recovery options and measures of success
In this video, we’ll explore one of the most critical aspects of a security professional’s role: disaster recovery. Recovery is more than just a backup plan. It works alongside prevention efforts. But when prevention doesn't work and disaster occurs, a speedy and efficient recovery is essential to keep business operations running smoothly. Recovery is a team effort. All members of a security team must know how they contribute to recovery processes. They also must maintain awareness of business continuity standards and timelines. Business continuity ensures that your company’s operations are uninterrupted at all times. And when a disaster strikes, recovery is a corrective measure that can get your company back on track. There are several recovery options to use in the event of a disaster. But the recovery option you choose will depend on the type of security disaster you encounter. To help you make the right call, let’s review the different types of recovery options. Backup restoration is a common practice and recovery option security professionals use to recreate a system from its most recent stable backup. Another recovery option is redundancy, which is the practice of having multiple copies of data in different locations to avoid a single point of failure. Copying data across multiple zones has a lot of benefits. It improves the availability of cloud resources and prevents potential disruptions in the event of a failure or disaster. For example, if system A fails, a redundancy mechanism can automatically start, allowing system A-1 to take over to minimize downtime and maintain availability. Cloud providers like Google Cloud provide backup and restore recovery options and replication for databases, giving security professionals a quick way to recover lost data. To support backup and restore efforts, cloud providers offer failover and redundancy services. These services manage heavy traffic loads using load balancers. Load balancers improve the performance of services or applications by distributing network traffic across resources. In the context of recovery, if a server fails or suddenly becomes unavailable, load balancers identify this change in server performance. Then, load balancers work to provide availability by evenly distributing traffic across the other servers. Another recovery option is warm standby. With this strategy, a duplicate system is always running in the cloud, but on a much smaller scale. The duplication is fully configured and operational, so in case of a disaster, security professionals can scale up this system to run quickly. Now that you’re familiar with a few recovery options, let’s discuss how security professionals use these recovery options on the job. Disaster recovery strategies are included in a disaster recovery plan, or DRP for short. A DRP is like a to-do list that includes the details you need when a security disaster occurs. A DRP also includes measures of success. The success of a recovery effort is not only when a business returns to normal operations, but how quickly the recovery happens and what data is lost when the system is down. These measures of success are known as recovery point objectives, or RPOs, and recovery time objectives, or RTOs. A recovery point objective, RPO, is the maximum acceptable length of time during which data might be lost from an application due to a major incident. A recovery point objective defines how much data you can afford to lose if a system goes down. As a security professional, an RPO informs how often you backup your systems and how you use redundancy. RPO also typically involves a data backup policy. For example, during the event of a failure, a financial organization like a bank needs a low RPO. In this context, a low RPO ensures that the bank can restore its data as close as possible to the point of failure. Not only does this minimize potential data loss, it provides the bank’s customers with access to their information. However, a small local bookstore that uses manual data entry might not need a low RPO, because losing a few hours of their data during a failure might not significantly affect their business operations. Recovery time objective, RTO, is the target time allowed for the recovery of a service in the event of a disaster. An organization’s RTO is how long they can afford to wait until data is restored from a backup, or how long a system can be down before it’s back up and running after a failure. For example, if an organization specifies their RTO as 1 to 2 business days, this means they can accept 1 to 2 business days of downtime in the event of a disaster. In this video, we explored recovery, and discussed how recovery strategies, like backups and redundancy, can be applied and measured using RPO and RTO. Keep in mind that when prevention isn't enough, recovery steps can help you get your organization up and running, even after a security disaster.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.