Disaster Recovery Service
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Disaster Recovery Service               Request a Call Request a Brochure

Overview

Security Brigade has the services and expertise to ensure the continuity of IT processes by protecting, recovering and making available business critical information in the event of a disaster. Security Brigade engineers will work with the client to design and implement disaster recovery processes and procedure while controlling the total cost of ownership. We leverages alliances with leading storage product companies including IBM, HP, SUN and Veritas and CA for Disaster Management Solutions.

Today's IT-dependent businesses have to keep pace with huge advances in technology, which have escalated the costs
of downtime. They also have to deal with the risk of adverse impact from unforeseen events, natural or manmade disasters that could interrupt or disrupt the business.

This is why it is so essential for companies to have a disaster recovery strategy in place, to minimize the impact of a disaster and to recover from a disaster quickly. It's not just mission-critical data that is affected, but the software, hardware and systems essential for it to run on. A disaster recovery plan or business continuity plan (DRP/BCP) or business process contingency plan (BPCP) describes how an organisation is to deal with potential disasters.

  • Disaster recovery assessment - Evaluates plans, processes, procedures, roles and responsibilities for your disaster recovery program, including backup for servers and recovery analysis.
  • Disaster recovery planning and design - Helps plan for disaster recovery, including program management, reporting and service level management.
  • Data center recovery - Provides access to recovery centers around the world.
  • Network recovery - Provides disaster recovery of client networks.
  • Workplace recovery - Provides disaster recovery of client workplace to a fixed location or a virtual workplace.
  • Disaster recovery validation and testing - Helps test your disaster recovery plans, assisting you in testing your disaster recovery plans.

Features

Security Brigade's Disaster Recovery service enables you to keep your losses to a minimum. They are designed to bring you back within your stated recovery time and recovery points. So you aren't left hanging.

Our services focus on helping you secure your data, keep your critical employees online, keep your key business processes running, and then—once your primary system is restored—migrate interim data back.

Key Features

  • Perform backups regularly. Keep information central, this will help control information backup and help protect information integrity.
  • Increase physical security to server room to prevent Data loss.
  • Antivirus and Patch update and management.
  • Internet facing systems are secured and maximum security is applied.
  • Remote access to data servers is controlled and strictly monitored.
  • Backups are stored offsite.
  • Physical solutions like fire suppression environmental monitoring and access control are implemented.
  • Document all changes using proper change control.
  • Perform systematic scheduled restores that verify Tape or backup media integrity.
  • Ensure the whole process is documented and can be followed by non-technical personnel.
  • Disaster Recovery at the Site level - Along with the existing 100 seats there can be 50 other seats in the same facility reserved for the company which cannot be used for any other purpose
  • Disaster Recovery at the State Level - Additional reserved seats in the same city or state.
  • Disaster Recovery at the National Level - Additional reserved seats in a different state or city.
  • Call center disaster recovery can also be based on operations. This includes the maintenance of disaster recovery centers.

Benefits

With Security Brigade's Disaster Recovery Service, If disaster strikes we ensure that you are prepared so that the business can continue to function with the least amount of impact possible. Irrespective of sound backup strategies and intelligent decisions taken to protect a company’s data many organisations leave out the vital disaster recovery aspect of the whole security strategy. A comprehensive solution is important as many things now depend on IT.

Security Brigade's Disaster Recovery Service will provide the following benefits:

  • Prevent Revenue Loss from Business downtime.
  • Avoid fines and penalties for non-compliance.
  • Prevent Brand image Loss and recovery.
  • Avoid penalty clauses invoked for late delivery and failure to meet Service Levels.
  • Prevent Loss of share value.
  • Prevent delays in customer accounting, accounts receivable and billing/invoicing.
  • Save cost of replacing equipment.
  • Prevent Lost ability to respond to contract opportunities.
  • Prevent Penalties from failure to produce annual accounts or produce timely tax payments
  • Save cost of replacement of buildings and plant.
  • Prevent Loss of revenue for service contracts from failure to provide service or meet service levels.
  • Avoid additional cost of advertising, PR and marketing to reassure customers and prospects to retain market share
  • Save cost of replacing software.
  • Avoid additional cost of working; administrative costs; travel and subsistence etc.
  • Prevent loss of credit control and increased bad debt.
  • Prevent loss of cash flow.
  • Avoid loss of customers (lifetime value of each) and market share
  • Save cost of re-creation and recovery of lost data.
  • Prevent potential prosecution for non compliance and contract adherence.

HIGH COST OF DOWN TIME
Disasters can have crippling effects on a business. For example, fires permanently close 44% of the affected businesses. According to a study by Cummings, Haag & McCubbrey, 2005, 43% of companies that had a major loss of computerized records never reopen, 51% close within two years, and only 6% will survive long term.

On the positive side, companies affected by the Sept 11 attacks with tested business continuity plans in place resumed business within days.

With their reliance on business-critical data, global businesses don't take a chance. They factor in disaster recovery as part of their overall business strategy. Remote back-up facilities for their call center operations are distributed at different locations in different parts of the world. India with its sophisticated technology and expertise is a chosen spot for strategic call center outsourcing and disaster recovery operations.

BACKUP AND PREVENTIVE STRATEGIES
While considering possible emergency situations, the complexity of the task can be determined by studying the situation in advance and documenting the requirements for disaster recovery.

What are the requirements to keep the business up and running? These could include some or all or of the following:

  • Switching to an alternative business process
  • Insurance coverage
  • IT systems back-up and recovery
  • Premises and essential equipment back-up and recovery
  • Customer service back-up and recovery
  • Administration and operations back-up and recovery
  • Information and documentation back-up and recovery

Technical Information

Today's IT-dependent businesses have to keep pace with huge advances in technology, which have escalated the costs
of downtime. They also have to deal with the risk of adverse impact from unforeseen events, natural or manmade disasters that could interrupt or disrupt the business.

This is why it is so essential for companies to have a disaster recovery strategy in place, to minimize the impact of a disaster and to recover from a disaster quickly. It's not just mission-critical data that is affected, but the software, hardware and systems essential for it to run on. A disaster recovery plan or business continuity plan (DRP/BCP) or business process contingency plan (BPCP) describes how an organisation is to deal with potential disasters.

Potential emergencies include business disruption caused by one or more of the following disasters.

  • Tornados, Hurricanes, Strong winds
  • Floods, Snowstorms
  • Earthquakes, Electrical storms
  • Fires, Subsidence and Landslides
  • Freezing Conditions
  • Contamination and Environmental Hazards
  • Epidemic
  • Organised and/or Deliberate Disruption
  • Act of terrorism, Act of Sabotage
  • Act of war
  • Theft, Arson, Disgruntled employee.
  • Labour Disputes/Industrial Action
  • Loss of Utilities and Services
  • Electrical power failure
  • Loss of gas supply, Loss of water supply
  • Petroleum and oil shortage
  • Communications services breakdown
  • Loss of drainage / waste removal
  • Equipment or System Failure, Internal power failure, Air conditioning failure
  • Production line failure, Cooling plant failure
  • Equipment failure (excluding IT hardware)\
  • Serious Information Security Incidents
  • Cyber crime, Loss of records or data
  • Disclosure of sensitive information
  • IT system failure
  • Mergers and acquisitions
  • Negative publicity
  • Legal problems

TECHNOLOGIES USED TO PROTECT DATA

Data replication – synchronous or asynchronous replication – or a combination of both. The objective is to l imit data loss and aid data recovery through continuous, real-time replication keeping replicas up-to-date at all times. The ideal solution also provides automatic failover for instantaneous data and application availability and protection against data corruption. Remote backup maintains data offsite, in a different location from the original data.

Continuous backup will ensure that all data operations (writes, deletes, copies, etc.) are captured and recorded to a journal at all times. Users interested in the highest data integrity and recovery speeds would prefer this option as this ensures that recovery is practically instantaneous.

 

FOCUS - BUSINESS CONTINUITY

Disaster recovery has a focus on business continuity – that is, keeping a business running as smoothly as possible with minimum interruptions to service.

Business continuity planning (BCP is a part of an organisation's risk management, which involves crisis management and disaster recovery planning.

BCP is a methodology used to create a plan spelling out how an organisation will resume critical functions within a preset time after a disaster or disruption. The development of a BCP manual goes through five main phases:

1. Analysis - impact analysis, threat analysis, impact scenarios, recovery requirement documentation spelling out business and technical requirements for recovery within a preset time-frame.

2. Solution design - selecting the most cost-effective disaster recovery plan to meet the requirements: outlining the crisis command management structure, location of a secondary work site, data replication, application, software etc

3. Implementation – execution of design elements

4. Testing and organisation acceptance – Conducted annually or bi-annually, testing may include: crisis command team call-out testing, technical swing test from primary to secondary work locations and vice versa, application test, business process test. The purpose of testing is to determine whether the business continuity solution satisfies the organisation's recovery requirements.

 5. Maintenance activities include confirmation of information in the manual, testing and verification of technical solutions established for recovery operations and documented recovery procedures. Typically this is done annually or bi-annually.

 

TYPES OF RECOVERIES

Cold DR - There can be two functioning centers which have extra furniture and structured cabling. If a center in one of the cities closes down then operations can be shifted to the functioning call center in the other city. Computers can be set up and the WAN link redirected. This could take a few days.

Warm DR - Along with furniture and cabling there are also computers set up. In case of any emergency the necessary applications can be installed on the computers and the WAN link redirected. This would take up to 24 hours.

Hot DR - The costliest option, but also the most prepared choice. Here the center is online and ready for agents to move in, in case of an emergency.

For example, there could be two functioning centers in different cities with additional provisions to accommodate more if the need arises. So if one of the call centers has to close for a while then the agents from here can be flown to the call center in the other city where the traffic has been redirected.

When a business cannot tolerate any downtime in the functioning of its operations, this is the best option. In the case of Hot DR , the s ystem configuration, database and content changes at the Recovery Site are continuously synchronized to mirror the outsourcing company's mission-critical production environments. The speed of recovery is instantaneous as the Recovery Site is in active mode at all times with a fully redundant configuration. 

 

BUSINESS CONTINUITY PLAN DOCUMENT

The BCP document is a living document that needs to be kept up-to-date and this process ensures its effectiveness. After each quarterly test a new version needs to be created and updated. At anytime you should only have one document with all of the changes and updates appended. If the document is well constructed the organisation should be able to use external resources that do not have intrinsic knowledge of your current network to recover your system. This can only be achieved once the BCP document has matured and it is recommended to attempt such a recovery after the first three DR tests. The reason for this document is to reduce the risk of not being able to restore because process has not been documented.

Getting senior management to buy in is most probably the hardest part of DR. For this reason it is important to start with the directive and management buy in. The way that most IT professionals get DR motivations approved is through the financial department. DR should not be the responsibility of the IT professional but should be a directive delegated to the IT professional and this mandate then allows the IT professional to implement the directive. It is necessary for the DR plan to form part of organisation's security policy.

Please note that no matter how large or how small the organisation DR is always applicable. Management support is vital and for this reason education about the DR process would be relayed both to management and to staff by the responsible department and DR team.

 

PLAN FOR EACH DEPARTMENT

Most organisations have many departments; this may necessitate a plan for each department as a full plan can be incomplete because the correct process was not followed. The recommendation is that if the departments are larger than 50 users then it may be necessary for individual plans to be rendered for each department that will be incorporated into an enterprise plan. The best way to get a decision on this is to consult the head of each department and for the IT professional to explain the DR planning process to the respective head. This will build awareness and will help in the process of establishing plans for respective departments.

Compliance

Security Brigade's Application Testing service can meet the requirements of many standards and guidelines in relation to information security. Our Application Testing team has working knowledge of the following standards and attempt to exceedingly meet thier requirements.

  • PCI
    The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.

  • ISACA
    ISACA was established in 1967 and has become a pace-setting global organisation for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.

  • CHECK
    The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.

  • BS7799
    BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. The BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

  • HIPPA
    The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Administrative Simplification (AS) provisions of HIPPA, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

Copyright 2006 Security Brigade