Disaster (Recovery) on my mind...
Given the weather we've had in the Northeast the past few days, I think the issue of Disaster Recovery (DR) is on more minds than a few weeks ago. It also got me thinking as to why DR and Identity Management are linked.
Specifically, governing access to the DR site, data, and infratsructure to be able to recover whatever was lost or went down. Granted the time frames are short, but a few hours to an insider is all that is needed to create some back doors in all of the mayhem and leave things exposed with little or no audit trail. I equate it to remembering to grab the last several years of tax returns on your way out of your house that is engulfed in flames or a tidal surge. Stuff happens and in the midst of the stress of survival (personal or business) we focus on the most important things and we don't sweat the little stuff (and by the way it's all little stuff).
So having identity based access controls in place long before a disaster happens is key because:
1. The controls are in place long before they need to be
2. You don't need to think through the process (technical and business) while things are going wrong and the world is screaming at you for everything STAT from email to pictures of the CxO's vacation
3. You are certain that only those people AND machines who should have access will have access and there is an audit trail to capture all activity
Long story short, get a solid DR provider, implement an Identity Based Access Control solution as part of the environment, and if you're going to nickel and dime on the cost, take the budget and use it for job placement services for you and your team. We all know there is never money to fund a 'what if', but we all find money when the doo doo hits the fan.
It's a lot better to have access to an entire hospital after an unplanned loss of limb than to realize you only have band aids to stop the bleeding.
identitystuff@gmail.com
Specifically, governing access to the DR site, data, and infratsructure to be able to recover whatever was lost or went down. Granted the time frames are short, but a few hours to an insider is all that is needed to create some back doors in all of the mayhem and leave things exposed with little or no audit trail. I equate it to remembering to grab the last several years of tax returns on your way out of your house that is engulfed in flames or a tidal surge. Stuff happens and in the midst of the stress of survival (personal or business) we focus on the most important things and we don't sweat the little stuff (and by the way it's all little stuff).
So having identity based access controls in place long before a disaster happens is key because:
1. The controls are in place long before they need to be
2. You don't need to think through the process (technical and business) while things are going wrong and the world is screaming at you for everything STAT from email to pictures of the CxO's vacation
3. You are certain that only those people AND machines who should have access will have access and there is an audit trail to capture all activity
Long story short, get a solid DR provider, implement an Identity Based Access Control solution as part of the environment, and if you're going to nickel and dime on the cost, take the budget and use it for job placement services for you and your team. We all know there is never money to fund a 'what if', but we all find money when the doo doo hits the fan.
It's a lot better to have access to an entire hospital after an unplanned loss of limb than to realize you only have band aids to stop the bleeding.
identitystuff@gmail.com
0 Comments:
Post a Comment
<< Home