Cloud Based Business Continuity - Murat Lostar @ ISACA EUROCACS 2013

390 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
390
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Cloud Based Business Continuity Speaker Murat LostarCEOLostar Information SecurityAfter completing this session, you will be able to:• Appreciate the basics of business continuity and its IT footprint• Implement fundamental cloud approaches• Recognise the role of IT and business continuity in choosing cloud solutions• Craft strong open source cloud solutions that can be used for recovery• Understand example continuity crises including successful as well as weak Approaches
  • Protect: Environment failures, hardware failures, operations errors, malicious attacks, natural disasters
  • SaaS – You are already on the cloud for primary (check your prividers’ resiilience)PaaS – Good integration, ensure redundancyIaaS – Easiest to implement for traditional data center DR solutionDaaS – Important add-on for user layer INCLUDES THICK RICH APPLICATOINS allow BYOD (Bring your own device)
  • http://www.ciphercloud.com/
  • Cloud Based Business Continuity - Murat Lostar @ ISACA EUROCACS 2013

    1. 1. Cloud Based Business Continuity Murat Lostar
    2. 2. Continuity of • Storage • Database – SQL – NoSQL • Application • Desktop • Network People? • Business • IT • Customers • Environment
    3. 3. Out of scope • Overall reliability of cloud • Decision to move “the primary” on to the cloud • Private cloud • Personal backup/DR in cloud
    4. 4. Business Continuity vs IT Continuity • Business Continuity: capability of the organization to continue delivery of products or services at acceptable predefined levels following disruptive incident (Source: ISO 22301) Is about prevention – not just a cure • Focused on critical business processes – not on particular assets or enablers like IT systems • ICT Continuity: capability of the organization to plan for and respond to incident and disruptions in order to continue ICT services at an acceptable predefined level (Source: BS 25777)
    5. 5. Definitions • (BCP / ICT Continuity) • DR • RTO • RPO • Cold standby (backups) • Warm standby (disks) • Hot standby (servers)
    6. 6. Principles of ICT Continuity • Protect • Detect • React • Recover • Operate • Return (Local / Primary site) (Manual or Cloud automation tools) (Local + cloud) (Primary site) (Plan before disaster!)
    7. 7. Cloud based delivery • SaaS – Software as a service (e.g. Salesforce, gmail, GoToMeeting, Mailchimp) • PaaS – Platform as a service (e.g. Heroku, Force.com, Google App Engine) • IaaS – Infrastructure as a service (e.g. AWS, Microsoft Windows Azure) • DaaS – Desktop as a service (e.g. Dell, Citrix, Deskstone) • …
    8. 8. Why prefer cloud for DR/BCP? • Cost: No Disaster -> Minimal costs • Elastic (to different structures + changes) -> Cost Effective • Management Flexibility: No control <-> Full Control • World-class redundant facility • Up-to-date applications, defined by RTO, RPO • Cloud service provider support > local staff + travel (Source: Cloud Security Alliance)
    9. 9. Datacenter Infrastructure Components & Maintenance Production • Applications – License • Servers – OS + Hypervisor (License) • Storage – SAN – Primary Storage – Backup • Network – Router – Firewall • Disaster Recovery – Traditional • Same as production? – Cloud • Snapsot Storage only • Storage + DB and/or App
    10. 10. Cloud Strategies for Continuity • Use cloud services as backup (DR). • Use different cloud services for primary and DR. • Use the same (DR ready) cloud service for primary and DR.
    11. 11. DR Strategies on cloud • Backup & restore (encryption?) • Pilot Light – Running replicating database server (no app srv) • Fully working low capacity standby • Multi site hot standby
    12. 12. File Storage in cloud • Physical (periodical) physical shipment • iSCSI Based Archiving/Sync • Backup to cloud
    13. 13. Database in cloud • Offline file shipment • Backup & restore • Log shipment • DB Synchronization • Two phase commit
    14. 14. Applications in cloud • Release management • Cloud awareness in SDLC
    15. 15. Risks with Cloud BCP • Security and privacy! • Change management • Adaptation of new technologies • Connectivity requirements • Activation
    16. 16. A secure way to store data in cloud for DR • During normal operations – Encrypt and ship data to cloud • In case of disaster – Enable computing – Enter decryption key to servers & use • Return to normal – Destroy decryption key on servers • Change of provider – Destroy decryption key (& decommission service)
    17. 17. Is your cloud provider secure? Ask: • Certifications – SOC 1 Tyep 2 (SAS- 70) – ISO 27001 – PCI-DSS – Others (HIPAA, etc) • Physical – Two factor authentication – Log, aduit • HW, SW, Network – Change mgmt – COBIT
    18. 18. Will your cloud provider continue? Ask: • Level of redundancy – N + 50%? N + 1? N x 2? • Cloud DRP in the redundant locations/power feeds, circuits, networks • DR & BCP within contract • Steady state billing • Declared disaster billing • RPO, RTO options and costs • Regular DR tests
    19. 19. Cloud Based Continuity Testing • Remember KISS • Start small (unit testing) • Go big (with your own pace) • May aim full capacity & automatic failover – Include shutdown/disconnect primary site
    20. 20. Why not to prefer cloud for DR? • Data security/privacy concerns • Giving up too much control • Too much invested in current infra&staff • Cloud need to mature • Satisfied with existing infra Source: Enterprise Strategy Group, 2011
    21. 21. Standards and References • ISO 22301 • ISO 25777:2008 – Information and Communications Technology Continuity Management: Code of Practice • CloudSecurityAlliance.org • ISACA Journal 2011/2 • Wikipedia.org/wiki/Cloud_computing_archite cture
    22. 22. Thank You Murat Lostar • Linkedin.com/in/lostar • www.lostar.com

    ×