Easi was this year invited to participate to the Dell World event #DellTechTour In the hustling & bustling city of Las Vegas. Over the course of several engaging days, me and Georges Nicolacopoulos learned a lot during these days.
Among the myriad of topics covered, four key areas stood out as critical focus points to us:
- Cyber resilience & recovery
- Ai & Machine Learning
- Unstructured Data
- Data Center Challenges: Power usage & Cooling.
In this blog, we will explore the first key takeaways
Cyber Resilience & Recovery:
One of the major key takeaways @ Dell World event, was the increasing importance of Cyber Resilience and Cyber Recovery strategies.
This is also a major focus for Easi, we participated to several sessions to make sure we are up to date with the latest news.
With cyber attacks becoming more sophisticated, the focus on cyber resilience and recovery highlighted the critical role of technology in mitigating risks and ensuring the integrity of data and systems.
First it is important to understand the difference of nature between a disaster recovery strategy and a cyber recovery strategy. Disaster recovery strategy tend to focus on physical disasters such as fire & water damage, earth quakes, equipment failure etc. These type of disasters happen but are very rare in the real life world and are very clear for an organisation when they occur.
The disaster recovery strategies are rather straight forward which implies often the automatic/manual fail over to a secondary room or data center. When a good DR plan exists, which is up to date and regularly tested, the recovery time can be between minutes and 1 day.
A Cyber recovery disaster has a much larger impact on the organization as the outage is larger than a physical disaster. The production environment becomes essentially a crime scene and should be handled in such a way. When such an event occurs, an organisation is no longer sure of the trustworthiness of all the components in the IT Landscape. The components are not only the servers but also the end-clients, network devices etc. Even when a good CR plan exist, recovery time can take up to days, even weeks and months to become fully operational again.
To prepare your organisation for Cyber resilience & recovery, a Cyber Recovery DR strategy book should be created.
The Cyber Recovery Disaster strategy is not solely an IT project but is a collaboration between the CIO, CISO, IT department and business.These kind of projects require a thoughtful strategy to be followed before implementation. This goes much further then just offering/receiving a BOM (Bill of Material ), which is clearly the wrong way of approaching such a project.
- Inventory of the business critical applications and data and how to recover and access them
- Inventory of the network components, how to backup, recover and access them
- Inventory of the endpoints and how to recovery them and access them
- etc etc
The recovery strategy:
- Make sure a copy of the backup data exists in a secure vault with air gap and 4-eyes principal
- Clean room to restore the data and do a initial scan of the backup data
- Comprehensive network strategy to ensure business continuity , to ensure that applications can be reached and end-users can continue to work
The regulations regarding the protection and recovery of data becomes more and more strict.
One of these directives is the NIS2 directive that will touch several additional verticals such as Food - ICT Service Management, Public Administration and so on
There is a clear chapter that describes how organizations should handle backups on the website of Centre for Cyber Security Belgium
CCB – Cyber Fundamentals Protect (PR) Information Protection Processes and Procedures
We are sure you still will have a lot of questions, for the answers, please contact your DR & Backup Specialists
Read more on the following blog articles