THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Harold Shannon, vice president of Technology, CoreCivicHarold Shannon was named vice president of Technology and chief information officer in April 2021. Previously, he served as managing director of Program Management at CoreCivic. Shannon joined CoreCivic in 2003 as a project manager in Technology. Since joining CoreCivic, Shannon has continued to serve in various leadership roles, including senior project manager, senior director of Program Management, and senior director of Enterprise, Resource, and Planning (ERP) Applications. Prior to joining CoreCivic, Shannon was a team lead and developer at Accenture, an international consulting firm. Shannon earned his bachelor's degree in computer information systems from Middle Tennessee State University and a master's of business administration from Belmont University. In 2015, Harold completed the Executive Leadership program at Belmont University.
As system disruptive activities continue to impact a business's ability to function, it is critical that organizations prioritize disaster management. Based on Accenture's State of Cybersecurity Resilience 2021 report, cybersecurity attacks have increased by 31 percent year over year. This increase—along with the war in Europe and increased telework for the America's job force—has shifted the focus on disaster recovery to ensure business continuity and protect companies' reputations. Management of your disaster plan can no longer only focus on what you control, but must be extended to your suppliers and partners. There are several methods to support your organization's disaster recovery management strategy, such as implementing a redundant scaled environment, testing this environment, and encouraging your organization to adopt a prepared mindset.
Disaster Recovery Planning (DRP) is the management of network, systems, and data in the event of a disaster. Disaster can include the destruction of any equipment, loss of data center, a cybersecurity incident, or any other disruptive event. Disaster recovery should include cybersecurity incidents because these events are becoming more frequent and destructive. Extending your disaster recovery plan to your suppliers and partners is necessary to ensure control.
A good disaster recovery plan includes detailed instructions on how to respond to an unplanned incident. This plan should include run books, a backup data center (on premise, off premise, and/or in the cloud), and policies and procedures. Additionally, communication plans are critical to your disaster recovery plan because key customers, suppliers, and partners may be impacted. Public companies may have a higher standard of communication because the Security and Exchange Commission (SEC) is requiring greater transparency in this area to protect shareholders value.
“The key to successful DRP is the recovery environment and your ability to scale full services. Many companies have a redundant data center (self-managed or co-location) in the case of a disruptive event”
The goal of DRP is to resume business as quickly as possible without any data loss while maintaining existing functionality. Each organization must validate its disaster recovery plan using table topic exercises, simulation testing (i.e., failover), and overall plan review. This validation should occur at least once a year because environments are constantly changing. The validation of your disaster recovery plan is a crucial step to ensure everyone knows his or her role in the event of a disaster.
Alternative Environment
The key to successful DRP is the recovery environment and your ability to scale full services. Many companies have a redundant data center (self-managed or co-location) in the case of a disruptive event. With the advent of Infrastructure, Platform, and Solution as a service, the cost of maintaining a backup environment has decreased substantially. These environments allow an organization to quickly scale its environment and respond appropriately with minimal effort. Additionally, when the redundant environment is in the cloud, an organization can better manage its cost by reducing its usage when this environment is not activated to the full business scale. This provides an added benefit: a redundant system with scale flexibility and cost management.
Third-Party Disaster Management
Third-party management is critical to a successful disaster recovery plan. According to a report by Ponemon Institute, 51 percent of businesses have suffered a data breach caused by a third party, with 44 percent suffering a breach within the previous 12 months. Seventy four percent of 44 percent of these organizations' data breaches were the result of giving too much privileged access to third parties (Meharchandani, 2021). Every organization should have a detailed risk plan on managing third-party access to and management of your data. It is critical that your organization outline specific data management and security requirements for every vendor based on risk and type of data. The Ponemon Institute report indicated 66 percent of its respondents had not implemented, at minimal, a privileged access management plan. Zero trust is a critical framework for not just managing internal access but external access as well.
DRP Change Management
There are three factors that can limit organizational focus on DRP: resources, cost, and mindsets. Many organizations may refuse their Technology department the needed resources required to plan, test, and support disaster recovery management ahead of an actual disaster. Organizational leaders' leery mindsets toward DRP may also be limited by their understanding of the risks and the criticality of technology to an organization. However, with the heightened cyber security scrutiny, this mindset is changing. Technology is no longer just a cost center—it is critical to every business function and provides a competitive advantage.
Summary
DRP should not be afterthought, but a best practice in today's business environment. Your organization must have the right planning, resources, and mindsets to face the challenges posed by this fast pace, at-risk environment.
Zig Ziglar once said, "If you aim at nothing, you will hit it every time."
With disaster management, I believe that you hit what you aim at and if you aim at nothing, you will be unprepared for your next disaster.
Read Also
