January 28, 2023 | By Greg Dougherty
When it comes to cyberattacks, there is no “if”, so it’s only a matter of time before your organization falls victim to an attack. This is why developing a recovery plan is crucial for enterprises.
Cyberattacks are a very real threat to our confidential data today, and no one is completely immune. Not only is ransomware itself a concern, but the aftermath of an attack is arguably even more concerning. The operational downtime, costly mitigation and recovery of data, reputational damage, and legal consequences from a ransomware attack can wreak havoc on a business.
Further Reading: How the Threat of Ransomware Impacts YOUR Industry
The ability to react quickly to recover and maintain business continuity is the most critical aspect of cyberattack survival. Some things to consider as you work to secure your organization and establish a strong disaster recovery strategy include the following critical components:
Failback & Testing
When it comes to disaster recovery, people often focus on the ability to failover to the recovery site. The correct processes and procedures related to testing and failback post-disaster are often overlooked.
Before we can begin to discuss these, we must first understand the type of scenarios we’re trying to protect against. What are your immediate goals?
- The ability to failover your entire production site
- The ability to failover specific applications
- The ability to failover specific servers
Of course, everyone answers “all of the above”. The challenge is that the more specific the failover domain, the harder it is to accomplish from a network perspective. Keep in mind that each of these types of failover scenarios will require its own specific runbook related to failover, failback, and testing.
Why does a test require a runbook? Because these days applications are seldom standalone, they often speak to SaaS platforms, 3rd party vendors via APIs, and other internal apps. Booting up an application and testing it may result in poisoning production data in one of these other platforms.
Our recommendation for organizations who are just starting on their journey related to disaster recovery is to focus on the entire site failover scenario because, ironically enough, it is the easiest to architect and plan for.
Deeper Insights: 2022 Guide to Cyberattack Risk- Mitigation and Response
Networking
Networking is arguably the most important piece of the puzzle when it comes to implementing a successful disaster recovery strategy. Replicating data is the easy part – ensuring your applications are consumable to end-users the same way they are during normal times is more of a challenge.
If networking isn’t taken into consideration during your disaster recovery planning, your disaster recovery strategy is doing more harm than good. If you want your disaster recovery site to function and work exactly how it does in production, your internal networking (MPLS, SD-WAN, VPN), integrations with 3rd parties and hyperscalers, and external networking (DNS, BGP, proxies) for disaster recovery need to mirror the networking at production.
Dependencies
With disaster recovery, keep in mind your goal is application resilience, not just replicating workloads. In fact, people often default to replication as the de facto tool for all their disaster recovery goals, while sometimes there are better solutions. Dependencies are a great example of this. A dependency is any underlying system required for replicated servers to function properly. This typically includes systems related to networking, security, and authentication. For these applications, we want to ensure they’re already available and properly configured prior to failover. This generally involves running them “always-on” at the DR site, and either synchronizing them from within the application or via manual change control.
The issue of dependence can be more complex in a partial failover scenario. Take the example of a SQL server, which is shared across multiple applications. If you need to failover a specific application, do you failover the SQL server to the DR site? That will properly support the failed over server, but what happens when you need to failback and the other applications at production have been writing to the local server? Some solutions to this use-case could be creating individual SQL servers per application, so each can be failed over per application. Another solution is to create a SQL cluster between the production and DR site, so any changes at one are immediately replicated to the other and vice versa.
Runbooks
With disaster recovery, you need to have runbooks in place for every type of scenario, whether it’s full-site failover, partial failover, per-server failover, per-application failover, and even a runbook for testing. Be mindful of who has ownership of ensuring these are kept up to date? Who updates them post-testing to take into account lessons learned?
Security
Security is also crucial for a successful disaster recovery strategy. People sometimes don’t realize that when you engage in off-site backups or disaster recovery sites, you’re keeping a copy of your most crucial data at another location. The security of your disaster recovery environment must be as good, if not better, than it is at production. If it’s not, you’re exposing your data to potential threats and creating a new attack vector for cybercriminals.
You also need to take into consideration security integrations such as support for SPAN/NetFlow devices, hybrid infrastructure, and integrations with 3rd party MSSP & SOC services along with the tools they use.
What’s Next?
Once you’ve made these five considerations, you’re well on your way to a fully inclusive disaster recovery strategy. But does that mean your enterprise is fully immune to the many forms of ransomware targeting businesses today? Not quite.
Understanding the full scope of your enterprise protection against ransomware requires an in-depth look at what ransomware is and how it can affect your organization. Opti9 is here to help maintain your most crucial data and defend businesses like yours against cyber criminals. Download our helpful guide today for more information on ransomware and tips for your defense.