Continuity and Disaster Recovery in Cloud Computing - Business Plan Example

Business Continuity and Disaster Recovery in Cloud Computing al Affiliation Business Continuity and Disaster Recovery in Cloud Computing Introduction Background of the Company BIG-CLOUD Company is a corporation looking forward to providing online storage space to store information, share media files such as movies, pictures, web files and other documents. From their prospects, the company seeks to provide sufficient storage for all to access. The company aims to promote cloud storage to everyone not necessarily a user of the service. The service is accessible from any device, location and at all times (Company, 2013). The company will be having various challenges due to the increased need for disk-based backups, affordability of the storage space, performance and reduction of data footprints, reliability of the system. Organization and users will tend to do frequent backups thus storage space issues may arise. From the rapid development of technology disruption of IT, infrastructure can result, thus posting ill effects to the company and its users. The issues of speed and urgency will arise, this calls for fast computing and decompression processors to process massive data per second. Another issue is data protection, which is the most sophisticated challenge, to which service utilization runs. The increase of unstructured data is a matter that makes the system vulnerable to flooding (Research, 2012). Threats to IT data center infrastructure Every data center infrastructure has dangers awaiting to hit back before anyone notices. At times, this risks are known and thus can be mitigated before they occur. The risks involved in data center infrastructure include the sole existence or the principal reason the business is in operation. They can be classified into digital( technical and accidental) and physical threats (natural and human related) (Snedaker, 2007). Power and network connectivity is a major threat to a data center infrastructure. For the increased reliance on Technology, most organizations are using electronic data entry, processing, and exchange of other transactions taking place. When power or network connectivity is disrupted, it can cause significant losses to its users. Ability to coordinate complex models of communications and workflows is another threat. If the system fails to coordinate the operations required, a risk factor is involved, and thus losses are imminent to such complex models. The challenge here is the systems ability to support complex processes and maintain its capacity to handle such process even when a disaster faces the system. The threat of natural disasters is also a possible factor that can cause problems. This risk is possible due to the increased intensity and frequency of such disasters. These hazards include locations prone to hurricanes and tsunamis. Internal security policies by the users form another threat. When users are utilizing their devices, the ability to counter risks due to increased reliance and use of third party programs and services. The users can increase the chances of risk the organization may face. Therefore, requiring a security audit policy and monitoring every item a user uploads and even monitor connections the users have posted that offer threat and violations of privacy. The threat from regulatory bodies to ensure security and reliability. Some of this bodies can push for systems that can force the organization to exit the business in case one fails to comply or even increase costs. The issue of data security and privacy concerns is a threat as information transmitted ((HHS), 2007). Among these threats, the digital threats are very imminent as they involve viruses, hacks, trojans, and worms. The effects contained can be devastating, and the only way to prevent this is the network systems security such as firewalls, OAuth APIs, Rest API among other monitored connectivity. The threat also extends to the operations and thus a diagnostics to such phishing and backdoors can be felt even when the threats are long gone. The resource contention that arises from overloads on the system and inter-server attacks or hyper jacking commonly known as escapes for inter allocated virtual spaces. Other physical threats include liquid leaks, moisture, excessive temperature, fire and smoke. These risks need to be safeguarded, and once the system is in contact with such threats, then it is vulnerable to failure. The personnel working around the systems as well need to be authorized. Threats can also arise from unauthorized personnel. Security measures in place can help reduce the risk by limiting the ability a personnel has and even double authorization of crucial access. All these threats have effects from the downtime of the system, theft of equipment and information, failure of the equipment as well as system flaws. The risks vary from human initiated to natural threats such as dust, gasses, liquids and digital implants. Business Continuity Plan BIG-CLOUD Co.: BUSINESS CONTINUITY PLAN DISASTER RECOVERY PLAN Plan Overview BIG-CLOUD Company has procedures that aim at mitigation of risks, provide a strategic plan for business continuity, and a plan to which disaster recovery will operate, for the information technology and communications infrastructure. The sections provide the details of the operations and the recommendation of responsible parties and stakeholders of the company. This plan is CONFIDENTIAL for it is the property of BIG-CLOUD Company. PLANS GOALS AND OBJECTIVES The primary objectives of the business continuity plan and disaster recovery plan include To mitigate risks and the impacts at the incidence of disaster to BIG-CLOUD stakeholders To provide the action plan that business interruption or impact of a disaster can be resolved within the shortest time and safeguarding the information stored (Snedaker, 2007). To provide a written guideline of responsibilities and operational procedures for operational efficiency at the incidence of a disaster. To ensure the safety of every BIG-CLOUD Company employee To enhance sustainability of operations at all levels of the company To embrace the Green Economy, adapting recommended best practices and ensuring compliance to all regulatory frameworks. BUSINES CONTINUITY PLAN This section will entail addressing the issues stated. The first step is to provide a risk assessment that will focus on the impact a disaster can have on the operations of the business. The business model of the BIG-CLOUD Company allows for the interdependence of system processes as data processes. The business continuity also aims at improving operational efficiency. The business continuity will follow the business continuity management provided by the British Standards (Institution, 2012) and additional procedures listed below Program Administration-0 The business continuity plan covers the aspects of operations, strategies to mitigate risk and to close at the disaster recovery plan. Business Continuity Organizational level The company has an organizational chart that describes organizational hierarchy and responsibilities attached. The business continuity and emergency response team are under the management, and above all other employees of the organization, as they will implement the plan. The organization chart as well manages the external relationships the company will have with its stakeholders. The support team, IT infrastructure team and the production and recovery team are among the key identifiable personnel groups. Business Impact Analysis This will utilize a sheet to develop results of the impact analysis, place, and time frames of recovery and business processes and then provide restoration point for data. The impact analysis is a routine check for the activities. Business Continuity Requirements and Strategies It involves all procedures operating within the organization for incidents of disaster and preventive measures. The workforce teams and other disaster support departments deploy on the execution of recovery strategies. The Automatic data backup triggers to minimize cases of data loss and for analysis to mitigate such causes in future. The automatic reallocation of servers to other server sites to operate as the active server in cases of adverse effects and longer recovery time is a precautionary measure. All resources for use and deployment is the responsibility the risk mitigation department and by logistics department for harmonization. Disaster Recovery Plan At the time of an incident, the protocols are as follows Detection of an event and reporting to the responsible personnel and head of business continuity for disaster preparation and counter measures Providing notification to all required personnel and alerting all stakeholders likely to be affected Activation of the continuity plan to ensure all procedures are followed Emergency operations department activation to help counter the effects and recover within the shortest time possible Situation Analysis and Damage Assessment and recommendation of action plans by key personnel on site Approval of the most appropriate action plan DISASTER OR EVENT CATEGORIZATION BIG-CLOUD Company recovery plan intends to address the following disaster types Physical Short-Term – included the events that can be solved within a day such as cooling and dust cleanup. Medium term – incorporates the events that take a period of one month or less to clean up such as physical replacement and upgrades. Long term – involves the activities that require planning, strict attention as well as reoccur once in a period of more than one month such as workforce planning, Advanced Security audits. Digital Short-Term - These are events that will require immediate attention and should be done with the shortest time possible, not more than one day such as Firewall Breach, System faults Medium term – This are those events that involve security upgrades, Firmware patches, Compression archives. Duration is a month or less Long-Term – These events can cause system vulnerability or total failure and require a contingency plan on standby. They include Digital Scanning, Firmware upgrades and recovery, System Backups. These events can cause system problems from digital imprints and signatures DISASTER RECOVERY TEAM The team shall involve all key personnel as required by BIG-CLOUD disaster recovery policies. The team includes the Operation leads and other required staff to facilitate the success of the catastrophe recovery. The System engineers must be at the position in the event of a disaster. Security personnel will be necessary to lock down the building and provide a safety protocol among other countermeasures deemed necessary. All other staff members are expected to remain calm and continue with operations unless stated otherwise. EMERGENCY CONTACT INFORMATION The emergency contacts include system administrator alerts available at the user interface for all users of the service. Any emergency contacts other than sensors go to the risk management office. Email contact hello@bigcloudco.com as well as dialing 0100100 or any responsible personnel. Information Control When using cloud-based backup, my organization would want to have full control on who accesses the information to avoid data manipulation and hijacking. The control, especially using third party backup system is crucial as to who has access to the information. The encryption keys should vary on each data set to avoid total control of any user information by the user. The control over data is moving across borders control I limited to handling and delivery of such information to the end user. The reason the control is limited is that once the information reaches the end user, the control of the use of such information is limited by written agreement on agreed terms of use. However, on a cloud-based storage one can restrict what one can do with such information; thus my organization still wants to retain control of stored information. The control my organization wants to have is the availability and security. In the occurrence of outages, data loss should be at the least level possible. This brings the issue of legal standards and data protection regulation and laws that may cause my company lose control. Pros of Cloud Based Backup Cost efficiency is gained from the use of cloud-based computing as it reduces capital investment in creating an in-house infrastructure. The flexibility of service as it offers scalable terms such as only paying for what you need and is adjustable. Reduction in compliance concerns as they are provided for by cloud computing service providers. System integration is capable and simplified and the ability to quickly tune to fit desired results. Safe backup in cases of local disaster such as theft or fires as well as accessibility from multiple devices. Cons of Cloud Based Backup Security issues such as thee the privacy of the information (Asprey, 2011). Outages and technical glitches such as those experienced by Amazon Web Service in April 2011 and even uptime problems may arise. The element of virtual memory or space means that the data is stored on shared infrastructure, which can cause constraints on the usage of such services. Reliability on a stable internet connection, thus unstable connections causing problems by using such services. No guarantee of security and data backups In case of human error, the security of the information stored becomes inadequate. In the final statement, cloud computing relies on the choice of provider, as well as Information technology and the needs that one faces. The advantages out way the cons as the cons are reliant on the selections made. References (HHS), U. D. (2007). HIPAA Security Series Security Standards Organizational, Policies and Procedures and Documentation Requirements. 2 Paper 5. Retrieved 2015, from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/pprequirements.pdf Company, T. B. (2013). Home. Retrieved may 14, 2015, from The Big Cloud Company: http://www.bigcloudco.com/ Asprey, A. (2011, April 7). New Type of Cloud Emerges: Exploits as a service(EaaS). Retrieved May 14, 2015, from Trend Cloud Security Blog: http://blog.trendmicro.com/new-type-of-cloud-emerges-exploits-as-a-service-eaas/ Institution, B. S. (2012). Societal Security-Business Continuity Management Systems - Requirements. London: British Standards Institution. Research, F. (2012). Forrsights Hardware Survey Q3 2012. Retrieved May 14, 2015, from Forrester: https://www.forrester.com/Forrsights+Hardware+Survey+Q3+2012/-/E-SUS1631 Snedaker, S. (2007). Business Continuity & Disaster Recovery for IT Professionals (1st ed.). Syngress ISBN-10: 1-59749-172-34. pp: 17-30,34-40 Read More