Welcome to the second installation of the DRT Dozen.
1) Another dirty secret of DR plans – too many of them ignore or underestimate the importance of security. A recent SANS Institute (www.sans.org) report provided some key recommendations for how to implement security successfully. Starting from an approach of Layered Security – it is a defensive strategy that uses multiple technologies to block access. The key is to understand that security isn’t just antivirus; in fact, antivirus isn’t even the first layer.
Network Controls: Firewalls, Intrusion Detection Systems, and DLP (Data Loss Prevention)
Antivirus: Polymorphic code (changes in the executable), and Hueristics (identifies hostile behavior of applications)
Reputation: Mathematical “fingerprint” of known good/bad/unknown, IP addresses or domains that deliver hostile content
Behavioral Analysis: Prevention is best, Detection is a must, baseline normal behavior in the network
Detection and Remediation: Find it, Fix it www.sans.edu/research/security-laboratory/article/sixtoplogcategories
a. There is a human element to security, train your employees to be security aware, help them identify risky sites and emails.
b. The bad guys aren’t taking a day off, they’re getting more clever with their tactics; that Nigerian prince isn’t trying to send you $50M dollars anymore.
c. Don’t assume that your company size or your role means you’re not a target:
i. From 2011-2012, targeted attacks on companies with <250 employees rose 72%
ii. While 29% targeted C-level and Sr. Management, 27% targeted R&D, and 24% targeted sales
2) Bitcoin offers us great examples of security and backup. In case you missed it, a $100 Million dollar (or more) heist just took place, but it is hardly the first (nor the last) http://www.cnbc.com/id/101252210. That was some pretty valuable data that was taken in a hack of an underground website, but I certainly feel bad for the guy that threw out a hard drive with £4.6 Million Pounds ($7.5 Million US) worth of Bitcoin code on it http://www.bbc.co.uk/news/technology-25138627. You know he’s a tech savvy guy when, at 1:40 in the interview, he knows the file isn’t stored at a central server.
Knowing is half the battle – I guess actually doing something about it must be the other half.
3) I’m a big fan of statistics, maybe it started with all the research I did in my college days, but I love to get a better understanding of what our customers and partners are experiencing. Statistics tell a collective story, and can help shed light on misconceptions and likewise help identify opportunities to make things better.
Earlier this week, during a Virtualization webcast we asked about DR plans.
· “Do you have a DR plan in place?” – 32% reported they didn’t have a DR plan in place.
· “Have you tested your DR plan?” – only half had even tested it, and only 24% found the DR plan was working as… you guessed it, planned.
· “Have you lost data that you thought you had protected?” – a frighteningly high response of 43% had lost some data, and 2% lost a lot of data that was supposed to be protected.
What this shows is that a lot of organizations are unprepared; even worse, many think that they are prepared, but their own results show otherwise. Let’s kick off 2014 with a fresh start, looking at our data as it should be treated – it is the most critical business asset we have (save of course, the people that work there). We can lose hard drives, switches can crash, storage arrays can fail, but if we have the data backed up and available either immediately or for a complete restore – we can be back up and running instead of closing shop permanently.
I’ll leave you with a few key items this month.
1) The 2014 Guide to Backup and Recovery Success, Video
2) Virtualization in the New Age, Webcast
Be safe and good to each other this holiday season, life is too short to stress the small stuff. Hug your spouse, kids, family, and friends, and let them know how they are important to you.
Update: Here is the link to The DRT Dozen - Part 1