As a company, we take resilience of our IT infrastructure very seriously, as should any company, but we do not run a formal backup process to our file system.
Odd you might say, but then we do have three full copies of our file system, each copy located in a geographically separate location and all three copies automatically synchronised overnight. Having two (or more) full copies of a company’s file system held in geographically separate locations is not just good for resilience, it is a cornerstone for business continuity.
But a resilient IT infrastructure goes beyond designing a resilience file system; there is no point having an operational file system at a disaster recovery site if it cannot be accessed and used to support business as usual.
This means you need to ensure that any critical business-as-usual applications can be made available quickly and that staff, customers and remote applications can access the disaster recovery site(s) when required, for example secure remote access mechanisms, domain controller, customer web server and so on – but do not forget voice communications.
A resilient IT system also needs to be a secure and available IT system. Secure means, among other things, up-to-date security patches, not just on servers but also on other infrastructure components, including firewalls, Ethernet switches and network storage.
It means well thought-out configurations and rule sets that are documented and maintained; defence in depth with servers running their own firewalls in addition to any externally facing firewall; and regular IT health checks (not just penetration testing) are carried out and issues addressed.
Read more about building cyber security resilience
- Security Think Tank: Resilience is about understanding the real threat
- Security Think Tank: Resilience is both a technical and a business responsibility
- Security Think Tank: For cyber resilience, assume the worst
- Security Think Tank: How to build a resilient defence against cyber attacks
- Security Think Tank: Cyber security resilience: Prepare, Share, Test
It also means user access rights should conform to the principle of the least privilege necessary to perform their function and only authorised system administrators should have administrator rights.
Availability includes such items as clean power (spike and RFI removal), uninterrupted power and equipment that is operated comfortably within its capability. Last, but not least, it is important to ensure that the IT systems – at all sites – are fully documented, including a resiliency/disaster recovery plan; and that the documentation is maintained and kept up to date.
The bottom line: Design and build in security and resilience from the beginning, not as an afterthought.
Peter Wenham is a committee member of the BCS Security Forum strategic panel and director of information assurance consultancy Trusted Management.
This was first published in July 2014