How BCDR Fits Into a Cyber Resilience Strategy
The term “cyber resilience” refers to a business’s ability to continuously deliver on its intended outcome despite adverse cyber events. In other words, cyber resilience allows businesses to continue normal operations in the event of a cyberattack. Managed service providers (MSPs) use information security and business continuity and disaster recovery (BCDR) technologies and organizational resilience practices to help their clients achieve cyber resilience.
To start, it is important to note that cyber resilience does not start with BCDR (or any other technology). According to Datto CISO Ryan Weeks, there are three pillars of cyber resilience: People, Process, and Technology. “It’s incredibly important to think of it that way because you really need all three to achieve cyber resilience,” he said. “Focus on People and Process first. Technology should be driven by the needs of those people and processes.”
With that said, let’s look at how BCDR technology fits into a business’s cyber resilience strategy. BCDR serves two key purposes in ensuring cyber resilience: minimizing business downtime and restoring data to a point in time before an attack.
Minimizing Business Downtime
To minimize business downtime, BCDR solutions use snapshots and virtualization to enable fast recovery of business operations. Here’s how it works. The BCDR solution takes periodic, time-stamped snapshots (backup images) of physical or virtual servers, which are stored locally and replicated to the cloud.
In the event that a primary server is compromised in an attack, a clean backup image can be mounted as a virtual machine on the backup device or in the cloud. This enables normal business operations to continue (on the virtual machine) while the primary server is being restored. This is commonly referred to as “failover.”
Point-in-Time Restore
Point-in-time rollback or restore gives MSPs the ability to “turn back the clock” to a time before cyberattack, like ransomware, occurred. In other words, you can restore systems to the state they were in immediately before the attack, ensuring minimal data loss. Remember that clean snapshot from the section above? That same snapshot is used to restore data.
When the restore is complete, operations are returned to the primary server. To ensure that no data is lost in this process, the BCDR solution merges the up-to-date data (on the virtual machine) with the newly restored data set (on the primary server). Then, operations are returned to the primary server and the recovery VM is decommissioned. This process is often referred to as “failback.”
MSP Tech Day: Cyber Resilience
At our MSP Technology Day on March 18, 2021, we discussed cyber resilience and how to protect your business and clients in an increasingly complex threat landscape. If you missed the live event, check out the recording for actionable information on how to elevate your security posture from guest speakers, executive keynotes, a Q&A session, and product demos.