Disaster Recovery – Who’s Job Is It?
With cyber threats on the rise, most companies understand the importance of disaster recovery.
According to one survey, 85% of companies have some sort of disaster recovery plan in place. This plan is a crucial tool for ensuring a company is prepared for a cyber incident. Creating, updating, and testing a disaster recovery plan (DRP) can be a time-intensive task. With other tasks and projects on the schedule, a disaster recovery plan can be easily pushed to the side.
To prevent this from happening, it’s crucial to consider who is responsible for disaster recovery.
The Bystander Effect
In an emergency situation, there is a phenomenon known as the bystander effect.
According to this phenomenon, the probability of getting help in an emergency decreases as the size of the crowd increases. At first, this may seem counterintuitive. With more people around, it stands to reason that there would be more people offering help. But, the bystander effect makes an important note about human nature. With more people around, individuals are more likely to assume someone else will help.
To combat the bystander effect, many emergency responders recommend pointing directly to someone in the crowd and giving them clear instructions. This assigns responsibility for a task to an individual rather than the crowd. When responsibility and directions are clear, most people are eager to help. When it comes to disaster recovery, the same approach should be utilized. A disaster recovery plan clearly defines the responsibilities and tasks of different employees and teams.
With this approach, people know what they need to do to help recover from the disaster event and return to normal business operations.
Creating a Disaster Recovery Plan
An effective disaster recovery plan spells out the roles and responsibilities of different individuals during and after a disaster incident.
While the execution of a disaster recovery plan is a shared responsibility, the disaster recovery plan itself should have an owner. By assigning the responsibility of the plan to an owner, the bystander effect can be avoided. Often, the responsibility of a disaster recovery plan will fall to someone within the IT department. But, depending on the size of your company and the workload of various departments, it may make more sense to assign the responsibility to someone else.
The owner of the disaster recovery plan should act as a facilitator.
In other words, it is not the DRP owner’s responsibility to create, update, and test the plan on their own.
Instead, it is their responsibility to ensure the plan is created, updated regularly, and routinely tested.
Other departments, employees, and stakeholders should be included when creating the disaster recovery plan. These teams and individuals can help identify the information different groups will need to know during a disaster and the most effective way of communicating with them.
Lastly, senior managers should be consulted before approving objectives surrounding overall strategy, budget, policy, and overcoming obstacles.
When creating a DRP, it is also important to consider the most critical business activities and the resources and data these activities require. Knowing this information, activities in the DRP can be prioritized to ensure essential business tasks can be resumed as quickly as possible. While it’s important to consider the most critical business activities in a DRP, it’s also critical to examine other business activities.
Knowing how long a team or department can go without certain data and access, without affecting business operations, will help to further prioritize activities in the DRP.
Disaster Recovery – Key Roles
While a variety of stakeholders should be consulted when creating a disaster recovery plan, there are three key roles that should be considered during a recovery.
These roles are: crisis management coordinators, business continuity planning managers, and recovery and impact assessment technicians.
Each role is defined in detail below.
- Crisis management coordinators manage the data recovery process after a disaster event.
These coordinators instigate the recovery plan and work with various individuals and groups to enact the plan. After a disaster event, crisis management coordinators complete the formal process of closing the crisis as well as completing the incident report. These coordinators instigate the recovery plan and work with various individuals and groups to enact the plan. After a disaster event, crisis management coordinators complete the formal process of closing the crisis as well as completing the incident report. - Business continuity planning managers focus on keeping operations running during a disaster event.
These managers consider the most critical technologies and business functions and work to ensure these critical business systems remain operational during a disaster. This role helps to ensure businesses can continue even while recovering from a disaster event. These managers consider the most critical technologies and business functions and work to ensure these critical business systems remain operational during a disaster. This role helps to ensure businesses can continue even while recovering from a disaster event. - Recovery and impact assessment technicians are the most involved role during a disaster event.
Members of this team perform activities to recover key assets and return business operations to normal. During a disaster recovery, this team focuses on performing data recovery on the network, server, database, storage, and ransomware.Members of this team perform activities to recover key assets and return business operations to normal. During a disaster recovery, this team focuses on performing data recovery on the network, server, database, storage, and ransomware.
Often, businesses will have at least four members associated with this role on this team to ensure adequate resources and expertise.
Disaster Recovery – Everyone’s Responsibility
When disaster strikes, it is everyone’s responsibility to return business operations to normal.
But, without a clear plan in place, the bystander effect can kick in, slowing the recovery process. To ensure a quick and effective disaster recovery, a disaster recovery plan is critical. This plan should describe the necessary activities to return business operations to normal and who is responsible for each activity. This plan should also address the key roles in a disaster recovery such as crisis management coordinators, business continuity planning managers, and recovery and impact assessment technicians.
People are more effective and productive when they have clear directions to follow, especially in a high-pressure situation like a cyber attack.
To ensure the disaster recovery plan is created, updated regularly, and tested, responsibility for scheduling these activities should be assigned to a disaster recovery plan owner. Creating a disaster recovery plan should be collaborative and involve teams and individuals throughout the organization.
But, clear roles should be assigned in the disaster recovery plan to ensure the bystander effect does not negatively impact your disaster recovery.
Narrowing the Focus: IAM in Disaster Recovery
While broad disaster recovery and business continuity efforts are vital, it’s equally critical to address the security and management of identities and access during these crises. This is where Identity and Access Management (IAM) resilience comes into play.
IAM resilience ensures that in the face of a disaster, your organization’s identity infrastructure remains secure, ensuring seamless access for legitimate users while thwarting potential threats. Our platform specializes in providing leading-edge IAM business continuity and disaster recovery solutions. We ensure that even in a crisis, you have robust control and security over who accesses your systems and how they access it.
Your Next Steps:
To help your organization further fortify its cyber resilience, we’ve prepared a comprehensive Free Okta DRP Guide.
This guide is tailor-made to introduce the intricate facets of IAM within the broader DRP context, ensuring you’re always a step ahead in your disaster readiness.
Click here to download your Free Okta DRP Guide and start your IAM resilience journey today.
Glossary:
Disaster Recovery Plan (DRP): A documented process or set of procedures to recover and protect a business’s IT infrastructure in the event of a disaster.
- Cyber Threats: Any potential malicious act that seeks to disrupt digital devices or networks, alter, destroy, steal, or gain unauthorized access to or make unauthorized use of an asset.
- Bystander Effect: A social psychological phenomenon wherein individuals are less likely to offer help to a victim when other people are present.
- Crisis Management Coordinators: Individuals who oversee the data recovery process after a disaster. Their primary role is to initiate the recovery plan and collaborate with various teams to enact the DRP.
- Business Continuity Planning Managers: These managers focus on ensuring that the most critical business systems remain operational during a crisis. Their aim is to minimize downtime and ensure essential business functions can continue in the face of disruptions.
- Recovery and Impact Assessment Technicians: A team responsible for restoring key digital assets during a disaster recovery phase. This includes networks, servers, databases, storage solutions, and addressing issues like ransomware attacks.
- Risk Management: The process of identifying, assessing, and controlling threats to an organization’s capital and earnings.
- Operations: Refers to the daily activities of a business that are related to producing and selling its products or services.
