Today, more than ever, companies want assurance that if a key facility goes down, mission critical operations don't cease and the data vital to supporting those operations doesn't disappear --- even for an instant. Backing up data no longer is as simple as downloading your hard drive to a floppy disk and dropping it in your desk. Remote, multiple, simultaneous redundancy of data backup, systems recovery and, occasionally, total business operations is now the focus of top corporate information officers. Companies that rely on continuous information access are developing plans and procedures to guarantee that their mission critical operations remain unbroken in the face of unexpected disruptions.

 

"Terrorism is not the only threat," said Sean Smith, Chairman & CEO of Coalition America, an Atlanta-based healthcare cost containment and claims processing company. "A breach in security, a loss of critical client data, a hacker, undetected virus or a natural disaster that cuts communications are all scenarios that put information-age organizations at risk."

 

The September 11 attacks simply gave impetus to a process that had already started to capture the attention of information-based businesses. According to Smith, companies like his are examining five key areas to ensure their business operations continue when faced with either an intentional or inadvertent threat to their information systems:

Network and data security - No system is secure unless it addresses the threat from its most trusted users. That is because the biggest risks are on the inside where access is easiest. Further, security problems typically result from people or process failures, so security must be multi-layered and self-checking.

At one top information security operation, an individual encounters four levels of physical security just to access its systems. First is a security guard checkpoint requiring sign-in and photo identification. Next comes a fingerprint scan followed by a key station requiring a PIN number.  Finally, its data access area is monitored 24/7 by security cameras.

 

Protecting from external threats is even more complex with the customary firewalls, virus detection systems, and encryption technologies. Yet, whatever technology can protect, technology can defeat. So, these systems must be continually updated based on the latest advancements and threats.

 

Data Recovery - If disaster does strike, the goal of recovery is to find and fix the problem swiftly, then get operations back to normal promptly. The key to successful recovery from any disaster is having a reliable copy of your critical data backed up offsite. 

 

If properly completed, the planning process has prepared all documents and plans while identifying and securing any additional equipment and supplies needed to mitigate the risks identified in the assessment.  Meanwhile, all personnel must be trained on their respective roles and responsibilities.

 

Then go one step further. Conduct regular drills and exercises to ensure the plans will work and provide a continual means to update the information to adjust for organizational changes.

 

Alternate site operations - Sometimes disaster is inevitable in spite of the best laid plans. Disasters such as hurricanes, fires, floods and earthquakes are inevitable and often unavoidable. As a result, more companies are creating off-site backup facilities that mirror their primary operation centers. For example, in Florida, a place where hurricanes visit, and California, home of the frequent earthquake, companies often have full-blown, moth-balled operations centers well away danger centers that can be open for business within hours. Key employees can be moved there quickly and stay on the job until normalcy returns.
 
Infrastructure Disruptions - The risk is not always company specific. The nation's telecommunications infrastructure is an inviting target for terrorists, hackers or other bad actors. Even if a business has done all it can to protect its own system, it can still be crippled by a disruption within the portals that carry its data traffic. As a result, many companies are contracting with secondary and tertiary portal providers in case their primary portals become inaccessible. Thus, if one portal closes, they can shift their systems instantly to a new ISP. Many companies have installed backup generators and other emergency systems to ensure that their business operations can surmount any but the most devastating disruption.

"Given the importance of information in today's global economy, extended downtime due to terrorism, disasters, hackers and other disruptions is something most enterprises cannot afford," said Smith. "As a result, business continuity planning is the top strategic concern for many companies in the post-9/11 environment."