What is disaster recovery as a service and how can it serve the health industry?
By Robert Barresi, Enterprise Architect
Disasters happen. Organizations must be prepared by having disaster recovery plans in place. Having a plan in place, however, is not enough if the plan has not been adequately provisioned, configured, and tested before disaster strikes. In this two-part article series, we will look at disaster recovery as a service (DRaaS) and how it can help agencies advancing their missions even during times of disruption. In the next installment, we will explore why health agencies should invest in DRaaS and describe Octo’s approach to DRaaS in health.
What is disaster recovery as a service (DRaaS)?
DRaaS is a cloud service model that allows an organization to replicate its data to a secondary site that includes cloud-based information technology (IT) infrastructure (IaaS). DRaaS provides disaster recovery operations, orchestration, and functionality via a software-as-a-service (SaaS) solution. In a disaster event, normal operations continue via the secondary site, which reduces and/or removes the organization’s responsibility for managing the disaster recovery process, resources, and ownership. Instead, the service provider manages this effort.
How does DRaaS tie into cloud and cybersecurity?
DRaaS and cybersecurity work together to protect data in the cloud. Security and IT professionals must employ a holistic approach by combining their strategies to develop a secure and compliant design. A key step in developing a secure DRaaS model is to identify a variety of security events that could lead to disasters for your organization. Oftentimes, people do not plan for or prepare for security events with the same sense of urgency that they prepare for physical disasters, leaving them vulnerable to even more harmful consequences due to data loss, downtime, and damage to organizational reputation.
By identifying potential security events early, health organization teams can integrate preventative processes and restoration activities into their DRaaS model from the start. This approach boosts an organization’s resiliency and adaptiveness to regain control and resume operations following a disaster event. This approach also leads to a proactive cultural awareness to take security events seriously and respond appropriately to avoid and/or mitigate effects.
Multiple layers of cybersecurity to defend against attacks can and should be used to protect your health data and infrastructure based on your own’s organization’s goals and needs and regardless of whether you are trying to protect your primary data center network or your DRaaS site.
What are some examples of cybersecurity measures that can be implemented to defend against attacks?
Here are some examples of layers of cybersecurity that should be considered to defend against attacks:
Endpoint Protection: Endpoint detection detects malware and prevents it from executing in your environment. A current trend is to use Artificial Intelligence (AI) and Machine Learning (ML) models to develop predictive analysis of malicious ware attacks based on anomalies or suspicious activities.
Next Generation Firewalls: Next generation firewalls (NGFs) offer protection against unknown or unauthorized access by an originating request. Deep Learning relies on NGFs to learn the application requests, determine whether they are valid or suspicious, and perform intelligent responses before allowing the requested activity through the gate.
Phishing and E-mail Protection: Phishing attacks through emails can be prevented through deep learning modalities that identify false or highly suspicious emails and route them away from a user’s primary inbox.
Mobile Protection: Mobile app control offers a whitelist or blacklist of apps on a mobile device, which can prevent malicious ware and provide web protection.
System Protection: Protecting a system using hyperconverged technologies (all-in-one) systems can harden infrastructure, prevent attacks, and reduce the risk of security breaches to managed and unmanaged systems.
Security Encryption: Security encryption in all areas and flow of data via encryption, both in-flight and at rest, delivers continuous validation of users and applications, ensuring security of workflows.
Web Protection: Using web URL filtering, SSL Certifications, and authentication at the web layer provides protection against unwanted DDoS attacks.
DRaaS can fill a vital role for agencies and organizations by providing a secure, cloud-based secondary site to store data and run applications necessary to keep operations going and missions advancing, even in the face of a health agency disaster. For more information about how Octo integrates DRaaS into cybersecurity and how it could benefit your organization, contact us to start a discussion.