How to ensure a secure disaster recovery operation
As if recovering from a disaster isn’t pressing enough, organizations also need to be mindful of potential security breaches when they are most vulnerable.
Disaster recovery is a complex and multifaceted operation, and your DR team members are likely already spreading themselves thin trying to ensure a speedy and complete recovery. That’s why it’s important to ensure that system and data security is always maintained, especially during a DR operation.
The best way to maintain a secure disaster recovery process is to have good security practices already baked into existing technologies and processes, recommended Ned Bellavance, director of cloud solutions at IT service management company Anexinet. “The data and applications running in your DR location should be following the same guidance and security protocols as your production facilities,” he said.
Bellavance noted that several key security items should be considered when developing secure disaster recovery operations. “First, any sensitive data should be encrypted at rest and in transit, including backup and replication data being sent to a secondary site,” he said. “Second, DR documentation should not include any passwords or secrets.” Such information should be stored securely with an off-site service that can be easily accessed in the event of a disaster. “Third, DR operators should follow the principle of least privilege,” Bellavance said. This means not giving operators more rights than they absolutely need to accomplish their tasks.