Business Continuity - Are you Ready for Disaster?

Sara McAneneyIT Security Officer Trinity College Dublin

Date 12/11/2015

Trinity College Dublin, The University of Dublin

The Spectrum of Disaster Readiness

Denial Partially scoped/documented/tested

Fully Scoped/documented/tested

€€

Trinity College Dublin, The University of Dublin

Defining Disaster

.

Trinity College Dublin, The University of Dublin

Defining Disaster

Hardware failure

Software Failure

Power failure Cooling failure

Malware Cyber attack Industrial

Action

Public transportation

disruption

Epidemic Storm EarthquakeAct of

Terrorism

Act of Sabotage

Act of War Human Error

Trinity College Dublin, The University of Dublin

Where to start?

Risk Analysis

• Identify the risks impact x likelihood

Business Impact Analysis

• Prioritise Key Business Services

• Recovery time objective (RTO)

• Recovery Point objective (RPO)

Trinity College Dublin, The University of Dublin

Risk analysis

Trinity College Dublin, The University of Dublin

Key Business Systems

Trinity College Dublin, The University of Dublin

Infrastructure & Environment

2 Data Centres

Only 300 metres apart

Data Backup Offsite

On tape - slow recovery

Resilient Link to Internet

Single points of failure on campus

Trinity College Dublin, The University of Dublin

DR Action Plan

A Project to :

• Provision a Disaster Recovery Site

• Improve Resilience on Campus

• Ensure all Facilities covered for Fire Suppression, Backup Power etc

• Back Data up Offsite to Disk

Trinity College Dublin, The University of Dublin

Disaster Recovery Infrastructure

Trinity College Dublin, The University of Dublin

Finished?

Trinity College Dublin, The University of Dublin

Business Continuity Plan for IT Services

Roles and Responsibilities

Emergency Contacts

Supplier Contacts

Vital DocumentsCommunications

PlanCredential Storage

Facility Access Details

Recovery Plans for supporting

infrastructure DHCP,DNS etc.

Trinity College Dublin, The University of Dublin

Finished?

BCP extends out of IT…

Trinity College Dublin, The University of Dublin

Yes! Now we are ready for disaster..

Infrastructure Readiness

Business Area

BCP

IT Department

BCP

• Roles & Responsibilities• Credential Management• Data Verification• Testing prior to returning

application to live operation

Trinity College Dublin, The University of Dublin

Evolving DR landscape

Cloud adoption offers opportunities

• Disaster recovery as a service (DRaaS)

• Recovery using infrastructure as a service (IaaS)

• Recovery using backup as a service (BaaS)

Cloud brings new complexity

• SaaS applications

• Service levels

• New Test scenarios for the BCP

Trinity College Dublin, The University of Dublin

Magic Quadrant for DRaaS – Gartner

“The majority of early DRaaS adopters are small organizations whose data centre infrastructure is typically less than 100 servers.” Gartner 2015

Trinity College Dublin, The University of Dublin

Shadow IT

What systems/applications

are in use

Where is our institutional data

being stored

What contingency is in place for these

systems?

Who is responsible for this?

How can this we reconcile this with

our compliance commitments?

“Average an organization is using 953 cloud services… with less than 1% of those services authorized by the enterprises' IT departments.”

Sky High Networks 2015

Thank You