business continuity - are you ready for disaster? · yes! now we are ready for disaster.....
TRANSCRIPT
Business Continuity - Are you Ready for Disaster?
Sara McAneneyIT Security Officer Trinity College Dublin
Date 12/11/2015
Trinity College Dublin, The University of Dublin
The Spectrum of Disaster Readiness
Denial Partially scoped/documented/tested
Fully Scoped/documented/tested
€€
Trinity College Dublin, The University of Dublin
Defining Disaster
.
Trinity College Dublin, The University of Dublin
Defining Disaster
Hardware failure
Software Failure
Power failure Cooling failure
Malware Cyber attack Industrial
Action
Public transportation
disruption
Epidemic Storm EarthquakeAct of
Terrorism
Act of Sabotage
Act of War Human Error
Trinity College Dublin, The University of Dublin
Where to start?
Risk Analysis
• Identify the risks impact x likelihood
Business Impact Analysis
• Prioritise Key Business Services
• Recovery time objective (RTO)
• Recovery Point objective (RPO)
Trinity College Dublin, The University of Dublin
Risk analysis
Trinity College Dublin, The University of Dublin
Key Business Systems
Trinity College Dublin, The University of Dublin
Infrastructure & Environment
2 Data Centres
Only 300 metres apart
Data Backup Offsite
On tape - slow recovery
Resilient Link to Internet
Single points of failure on campus
Trinity College Dublin, The University of Dublin
DR Action Plan
A Project to :
• Provision a Disaster Recovery Site
• Improve Resilience on Campus
• Ensure all Facilities covered for Fire Suppression, Backup Power etc
• Back Data up Offsite to Disk
Trinity College Dublin, The University of Dublin
Disaster Recovery Infrastructure
Trinity College Dublin, The University of Dublin
Finished?
Trinity College Dublin, The University of Dublin
Business Continuity Plan for IT Services
Roles and Responsibilities
Emergency Contacts
Supplier Contacts
Vital DocumentsCommunications
PlanCredential Storage
Facility Access Details
Recovery Plans for supporting
infrastructure DHCP,DNS etc.
Trinity College Dublin, The University of Dublin
Finished?
BCP extends out of IT…
Trinity College Dublin, The University of Dublin
Yes! Now we are ready for disaster..
Infrastructure Readiness
Business Area
BCP
IT Department
BCP
• Roles & Responsibilities• Credential Management• Data Verification• Testing prior to returning
application to live operation
Trinity College Dublin, The University of Dublin
Evolving DR landscape
Cloud adoption offers opportunities
• Disaster recovery as a service (DRaaS)
• Recovery using infrastructure as a service (IaaS)
• Recovery using backup as a service (BaaS)
Cloud brings new complexity
• SaaS applications
• Service levels
• New Test scenarios for the BCP
Trinity College Dublin, The University of Dublin
Magic Quadrant for DRaaS – Gartner
“The majority of early DRaaS adopters are small organizations whose data centre infrastructure is typically less than 100 servers.” Gartner 2015
Trinity College Dublin, The University of Dublin
Shadow IT
What systems/applications
are in use
Where is our institutional data
being stored
What contingency is in place for these
systems?
Who is responsible for this?
How can this we reconcile this with
our compliance commitments?
“Average an organization is using 953 cloud services… with less than 1% of those services authorized by the enterprises' IT departments.”
Sky High Networks 2015
Thank You