|
Recent natural disasters, terrorist activities, and the avian flu outbreak have pushed disaster recovery to the forefront for governments and enterprises. However, disaster recovery does not just refer to catastrophic events. It could be something as simple as a snow storm, power outage, local celebration, or another event that keeps your workers from getting into the office. No matter what instigates the business disruption or how extreme it is, the business impact remains the same. Disruptions to normal business operations often result in missed opportunities, lost revenue, and a damaged reputation.
Every enterprise's goal in disaster recovery is business continuity?to keep core business functions operating under all circumstances. That's more and more challenging, as business threats now derive from a broad range of internal and external factors, both natural and man-made. The expected response time to a business disruption has also accelerated?employees, partners, customers, and regulators expect immediate resolution.
Disaster recovery spans many sectors of an enterprise, both physical and digital. For many organizations, disaster recovery has meant establishing clear telephone and communication links and ensuring a data storage, back-up, and recovery plan is in place. One of the most critical aspects of a disaster recovery plan is enabling employees, partners, and other constituencies to work from home or other remote locations and access critical resources and data as if they were in the office. If a disaster recovery plan does not include remote access, "business as usual" is virtually impossible.
Remote access is key to disaster recovery because typical business disruptions keep employees and other users away from the office and the local area network (LAN). For example, in the case of a widespread health crisis such as avian flu, employees may be forced to stay home because of official quarantines and travel restrictions. For organizations with a remote access solution, however, isolated employees can work productively from home as if they were in the office.
One technology has emerged as the leading solution for remote access: SSL VPNs? virtual private networks utilizing secure sockets layer (SSL) security protocols. SSL VPNs are best suited for secure remote access during an emergency because they allow workers and partners to connect safely through the Internet to corporate network resources. This document explores best practices for disaster recovery and the role of SSL VPNs in that process.
Business drivers of disaster recovery planning An enterprise must anticipate and plan for potential disasters. You can't start from scratch on the day of a disaster. At that point, it's too late. During a disaster, the inability to operate normally or provide access to critical resources can hurt revenue, damage a company's reputation, or mar the corporate brand. This is why responsibility for the once-mundane matter of disaster planning has risen from middle management to the highest echelons of the corporate hierarchy. A strong disaster recovery plan requires the involvement and commitment of both technology and business sides of an organization.
Business drivers for disaster recovery planning include:
- Protecting the revenue stream: A business interruption can result in lost revenue, customers, and business opportunities. That hurts virtually every stakeholder?investors, customers, employees, and partners.
- Strengthening competitive positioning: With an effective disaster recovery plan, you can position your company as a reliable partner or vendor, providing your customers and partners with assurance that you will continue to operate even during a disaster.
- Maintaining productivity: No one can foresee the specifics of a disaster, but since virtually all businesses rely on information and the network, keeping access available?and workers productive?is crucial. Don't limit access to employees. Customers, suppliers, business partners, and other third parties also may need secure remote access to appropriate corporate resources during a business interruption.
- Assuring regulatory compliance: Regulatory requirements such as Sarbanes-Oxley, HIPAA, and Basel 2 don't go away just because of a disaster. Organizations worldwide must ensure secure, auditable access to key information assets to maintain compliance, even during business disruptions. These include Gramm-Leach-Bliley in the U.S., the European Union's Directive on Data Protection, and Japan's Personal Information Protection Act.
- Reducing risk and security threats. During a business disruption, your organization is vulnerable to hackers and other security threats.
|
