Dolce Vita IT Solutions LLC provides small and mid-sized businesses with a proactive, professional, and cost-effective outsourced IT department. This is why business owners come to us for help, and their success is what we deliver.
Business Continuity and Disaster Recovery
Business continuity begins with analysis and planning. It should look at all key revenue generating systems, the location and purpose of essential data repositories, and examine how these systems are currently protected. Once this is understood, then planning and design can be executed to provide appropriate protection to these systems.
Analysis
Dolce Vita uses automated scans as well as client interviews to define the various systems which are in use, where various business data is stored, and how it is currently protected. This is a system-wide process which looks at both on-premise data and data stored in the the cloud. This process also works to define for each repository the Recovery Time Objective (RTO - how quickly must the repository be recovered), and the Recovery Point Objective (RTO - how much data in hours can the business afford to lose).
Planning and Design
Planning for business continuity places an emphasis on how critical certain repositories of data are and how likely they are to be damaged or destroyed.
Where is business data located?
Is most of the risk due to attackers (malicious actions) or business users (training issues)?
How many and which users have higher than read-only access to specific data?
Is the system relatively high-availability (i.e. phone system)?
Is the system accessible from outside?
Recovery Time Objective (RTO) - how quickly does the system or data need to be available?
Recovery Point Objective (RPO) - how many hours of data can the business lose? (Dictated in general terms by the frequency of the backups)
How long must backups be retained?
How frequently must recovery of backups be tested?
Who will manage the backups and their testing?
Who will be responsible to perform data recoveries?
Internet circuit - does this need to be redundant or to have automated failover? (What is the impact on cloud-based data repositories?
Manufacturing process, CNC machines, robotics - what are the impacts of wide power loss? Is there an on-premise generator or is a portable contracted?
Business Continuity Implementation
Once the design process is completed then the implementation can be completed:
The login to any business continuity system should be protected by multifactor authentication
Any business continuity solution should include offsite backup to separate the backup storage from the original data storage
In most cases backups should be encrypted both on-premise and in the cloud with the encryption passphrase not matching any other password or passphrase
data recovery configurations should meet the business requirements for recovery time (RTP), recovery point (RPO), and retention objectives
For internet circuit failover, this should be properly tested on a monthly basis to ensure automatic failover occurs
For internet circuit failover the business continuity plan should account for VPN’s which may drop (due to IP address change), and any inbound web or file transfer services which may fail (for the same reason).
It is strongly recommended to test each major component of business continuity to ensure documentation is updated and personnel are comfortable with recovery processes. The schedule for doing this is business dependent, but at least monthly is recommended.