Disaster Recovery

Disaster Recovery (DR) planning is much more than just developing a DR plan. Building your organisation’s maturity to successfully recover from a disaster scenario is an exercise in continuous improvement. Recently, IBRS hosted a webinar to address four IBRS advisory papers focusing on the steps needed to successfully plan for DR and build the maturity of the organisations DR planning processes. The end game; to improve the likelihood of mitigating an ICT disaster event to ensure business success. Disaster Recovery Must Work!

Conclusion:

Employee empowerment is the basic principle behind activity-based working (ABW). In order to make ABW work, a company’s culture needs to shift from command and control to trust, responsibility, and empowerment. As organisations plan their return-to-office strategy, an opportunity exists to decide if workplace defaults will continue, or the lessons learned from working through a pandemic will be incorporated to accommodate a more holistic approach to getting work done.

Conclusion:

As detailed in IBRS’s 2021 Trends report, the vaccine shot will not end sporadic lockdowns. Organisations should routinely review workplace safety plans and update them based on current public health guidelines. Protective measures should still be in place.

If not already established, organisations should set up a workplace COVID-19 working group, which should include ICT representation. The working group should ensure the company’s compliance with public health recommendations, plan education, and determine how digital services will support the plan.

The Australian context for workplace vaccination policies are complicated by different privacy, duty of care and other workplace and safety regulations. This paper provides an overview of the policies that may impact management decisions as of June 2021.

The Latest

28 March 2021: AWS has a history of periodically lowering the costs of storage. But even with this typical behaviour, its recent announcement of an elastic storage option that shaves 47% off current service prices is impressive. Or is it?

The first thing to realise is that the touted savings are not apples for apples. AWS’s new storage offering is cheaper because it resides in a single-zone, rather than being replicated across multiple zones. In short, the storage has a higher risk of being unavailable, or even being lost by an outright failure. 

Why it’s Important

AWS has not hidden this difference. It makes it clear that the lower cost comes from less redundancy. Yet this architectural nuance may be overlooked when looking at ways to optimise Cloud costs.

One of the major benefits of moving to Platform-as-a-Service offerings is the increased resilience and availability of the architecture. Cloud vendors, including AWS, do suffer periodic failures within zones. Examples include the AWS Sydney outage in early 2020 and the Sydney outage in 2016 which impacted banking and e-commerce services.  

But it is important to note that even though some of Australia’s top companies were effectively taken offline by the 2016 outage, others just sailed on as if little had happened. The difference is how these companies had leveraged the redundancies available within Cloud platforms. Those that saw little impact to operations when the AWS Sydney went down had selected redundancies in all aspects of their solutions.

Who’s impacted

  • Cloud architects
  • Cloud cost/contract specialists
  • Applications architects
  • Procurement leads

What’s Next?

The lesson from previous Australian AWS outages is that organisations need to carefully match the risk of specific application downtime. This new announcement shows that significant savings (in this case 47%) are possible by accepting a greater risk profile. However, while this may be attractive from a pure cost optimisation/procurement perspective, it also needs to be tempered with an analysis of the worst case scenario, such as multiple banks being unable to process credit card payments in supermarkets for an extended period.

Related IBRS Advisory

  1. VENDORiQ: AWS second data centre in Australia
  2. Post COVID-19: Four new BCP considerations
  3. Running IT-as-a-Service Part 55: IBRS Infrastructure Maturity Model

Conclusion

Many security incidents are having major impacts on organisations. In too many cases these are left to the information technology teams to handle.

Yet the group most responsible for an organisation’s continued survival and growth is the chief officer (CxO) group. Incident response therefore ultimately resides with this group. In order to develop the ability to handle a major attack on an organisation, it is imperative that the CxO group also become familiar with responding to cyber security events.

This can be done by running tabletop exercises that then become the basis for building more detailed plans around communications, crisis management, and the organisation’s preparedness.

Being prepared: IBRS has created a BCP checklist to help you create and/or update your business continuity plan.

This diagram is to be used in the following ways:

  • A checklist to ensure all BCP steps have been actioned and/or updated as required
  • An easy reminder to update key supporting documents to the BCP to remain current which include:
    • Enterprise risk frameworks
    • Business impact analysis documents
    • Evacuation and lockdown procedures
    • Recovery plans and testing of these plans
    • IT disaster recovery plans
    • Communication plans
    • Regular executive reporting