I seriously doubt that there is a person reading this newsletter who doesn't know of the devastation caused by Hurricane Katrina. Vast areas of the southern coast of the United States have been destroyed. People's lives are in ruins, and how long it will take to recover is still unknown.
The human suffering and loss of life is heart wrenching, to put it mildly, and although I have a difficult time thinking about protecting computer systems in the wake of such disaster, such protection is in fact the focus of this newsletter. Therefore I think it's appropriate to revisit disaster recovery in terms of information security and computer networks.
Katrina brings to light the fact that you and your business can be displaced not just temporarily, but for significant periods of time. A robust disaster recovery plan is paramount. Katrina shows us that in addition to thinking about system and communication failure, you should also consider the possibility that your premises might be destroyed and rendered unusable either temporarily or permanently. You need to think about system recovery, but you also need to consider hardware replacement or recovery, relocating available personnel in new office space, and replacing communication systems.
Data backup strategies can include offsite storage by either physically transporting media somewhere or by using a backup system that transmits data over a communication link. Either way, you should probably use an offsite backup location that's in a completely different geographic area.
You should also consider maintaining live backup Web sites, mail servers, and DNS systems that are ready to go. If you plan these right, they'll kick into action immediately as soon as anything at your main site goes down.
To get in touch with key employees after a disaster, you might need conventional-phone alternatives such as cell phones and Voice over IP (VoIP) tools. However, if cell towers and other communication lines fail, then those technologies will also be useless. You could consider getting satellite phones if your business needs justify the cost.
You'll also need a quick exit strategy. If you must evacuate the area, what will you take, aside from obvious essentials? You could gather disk drives that contain mission-critical data and other devices if you have time. One easy way to help protect hardware and documents you might need to take with you or leave behind is to waterproof them by using a product such as Space Bags (see URL below). Having a big safe or vault to store hardware might be a good idea too. After all, if the building collapses, Space Bags won't be much help.
In addition, you might consider the fact that you might have to leave a lot of data behind. If it's sensitive information, then it should be encrypted in case the hardware falls into the wrong hands in your absence. You probably won't have time to start encrypting data during a crisis, so you need to have such a process in place beforehand.
Those are a few ideas that might help you review your disaster recovery plans. As I've written before, you need to be ready to take action quickly on short notice and be ready to recover quickly from events that strike with little or no advance warning. A comprehensive disaster response and recovery plan is part of good business security.
You can find more information about disaster recovery for OSs, databases, email systems, and more in numerous articles on our Web site.