How many times in recent months, or in recent memory, have you read reports about Web sites being compromised and hosted data lost or corrupted? All too many and all too often. Most of us assume that infiltration and destruction will happen to someone else, not us. As the online world embraces a new outlook of security first, you may be left behind as the most vulnerable Web site in your Internet neighborhood.
I teach several security related classes and one point I discuss is that security is not a final goal or endpoint; it is a process. Making your IT environment impenetrable and invincible is not part of the process; that is an impossible proposition. Rather, your goal is to make your IT environment harder to access than your neighbor's. Just think about it, if you have a house with a three-foot white picket fence while everyone else on the block has eight-foot wire fencing with three strands of barbed wire, where do you think an intruder is going to have the most success?
So, the race to remain secure is very much a "keeping up with the Joneses" kind of endeavor. But one thing you must not overlook is the real possibility that even with your best efforts, your "secured" system may be compromised. What are you going to do if your entire online resource repository is destroyed or altered beyond repair? Well, if you are prepared, it's just a matter of restoration from backup.
What I am proposing is nothing new. It's a basic IT administration and security concept: backups. Make sure you have a regular, complete and functional backup system for your public and private Web servers. The more your organization relies on your Web servers, the more extensive your backup mechanism should be. Ultimately, you want the ability to restore a system within 24 hours or whatever your Maximum Tolerable Downtime (MTD) is. Assuming your hardware is unaffected, starting form scratch you need to be able to re-build, re-store, and re-launch your entire online presence quickly. Have you considered making a drive image of your Web server? This could serve as a fast recovery mechanism. With a drive image, you can restore the overall system, including SIDs and digital certificates, in minutes. Then, restoring new and updated files from another backup source could have your Web server back online within hours.
Don't assume it will never happen to you. Assume it will, and establish a recovery plan to handle the catastrophe so that the worst thing you lose is a little face while keeping your job, customer base or organization intact.
About the author
James Michael Stewart is a partner and researcher for Itinfopros, a technology-focused writing and training organization.
For more information, visit these resources:
