The business impact of the recent earthquakes has prompted organisations to think about their disaster recovery plans, and The Ministry of Business, Innovation and Employment (MBIE) says there are a number of factors to consider.
Organisations need to know all types of data they have, and whether that information can be secure. Some storage solutions can be kept on-premise and off-site, but how much information is in those storage facilities may be too much.
"You should regularly make copies of data — known as backing up — in case original data is lost or stolen. It’s also vital for your disaster recovery. If you store data in the cloud, this should be done for you. If not, look at getting software that backs up data automatically, so you don’t need to think about it," the MBIE website says.
In addition, managed ICT & business continuity solutions provider Plan B states that having access to data from other locations is important, as was particularly demonstrated during the recent earthquakes.
"As with any unplanned outage, customers that had clear business continuity plans were able to get up and running more efficiently than those that did not," Plan B says.
The company put together a list of tips to consider when forming a disaster recovery plan, and data access was high on the list.
"To ensure access to critical systems, have a plan for accessing your data and server infrastructure from another location if your production equipment is affected by an outage," the company says.
The Ministry of Business, Innovation and Employment says that in the event of an IT breach, hack or natural disaster, most cloud data should, in theory, be safe. The Privacy Commissioner has released a number of factors when analysing cloud computing risk - particularly when choosing a cloud disaster recovery provider.
1. Understand your company's needs and work out your risks - Personal information on an unsecured server would be better protected by a cloud provider, particularly in the event of data loss or hacking.
2. Understand what information you'll be entrusting with cloud providers - if it is personal information, there is more risk involved.
3. The responsibility is ultimately on you - you are giving cloud providers trust and access to personal information. Ensure that your contract covers safe and secure storage of private information.
4. Ensure your provider offers data encryption and also use encryption on your end - this makes it less likely for data to be misused.
5. Analyse any prospective cloud providers - are they independently and regularly audited? What is their reputation like? If they are New-Zealand based, they may be signed up to the Institute of IT Professionals CloudCode.
6. Understand the contract - what happens to the data if the cloud provider is bought our or goes under? Will you be told in the event of a data breach?
7. Explain to clients what you're doing with personal information when giving it to cloud providers.
8 Work out where the data is hosted and what privacy laws apply - not all providers disclose their data centre locations, but ensure they comply with government requests, legal procedures and complaints procedures.
9. What happens if you switch providers? Will the company keep or delete the information?
10. Does your cloud provider pass data on to a third party? Some providers outsource their services. The security of the outsourced companies must be as robust as your own provider's policies.