As more public sector institutions work to embrace the digital age, applications that connect constituents to the vital services these organisations provide are more important than ever. Unfortunately, this also means they are more susceptible to attacks and present more problems if anything takes them offline. Whatever the cause of downtime – cyber-attacks, technology failures or human error – the negative effects remain the same – and as the recent cyber attack on Parliament shows, no one is safe. The expectation on public sector organisations to protect the data of those it serves is high – especially given the sensitive nature of the data collected by many of these organisations and any disruption in services can have a huge impact.
While this threat can be lessened by the implementation of a disaster recovery (DR) solution, more often it takes an instance of downtime to really reinforce the need for DR.
Adopting a full DR plan is more easily said than done. Here are three key components that can help you take the first step towards making this happen.
Downtime can be costly
A recent Gartner report determined that the average cost of downtime was typically $5,600 per minute, a cost that public sector institutions simply cannot afford. A report by Ponemon underlined that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. For the public sector, data breaches can be even more costly because of compliance regulations and the related fines.
It is clear that the cost of downtime has, and will, continue to increase exponentially. As the public sector moves closer to full digitalisation, applications will become more vital to the services they provide to constituents. And with budgets continually shrinking and compliance regulations tightening, downtime can be crippling.
Take, for example, the recent ransom ware attack that hit the NHS. One of the reasons this attack had such an impact on this institution was because of decreased budgets for IT upgrades. There is no guarantee that more funding would have prevented the attack, but it would have lessened the impact on staff and patients.
The power of replication
Replication is a key component of any good DR plan. If downtime strikes and data is lost or unreachable, a DR solution will enable the recovery of vital information because it will have been replicated to a secondary environment.
The key to minimizing the impact of downtime is speed – no questions asked. If services can resume as normal as soon as possible, it is likely that the disruption to a government organisation, and those that are affected by it, will be reduced. The best DR solutions enable organisations to get systems back up and running by reverting to the last un-corrupted version of company data, allowing normal service to resume in a matter of minutes, as opposed to hours or days.
It is also a necessity for organisations in the public sector to choose a provider that can offer support if the physical primary storage becomes compromised. Data isn’t just threatened by cyber-attacks, but also by hardware that is physically damaged. To be able to fully protect data, public sector institutions should opt for a service provider that offers off-site secondary replication, as this allows the user to restart systems, even in the rare event that the primary storage has been irreparably compromised.
Why managed disaster recovery is more than just software
DR varies in shape and size, but for the public sector, where IT department budgets are being cut and specific skillsets are dwindling, the best options may be outsourcing this responsibility to a service provider who offers disaster recovery as a service (DRaaS). Deploying a successful solution requires constant management, testing and maintenance to ensure it works effectively, which can be taken on by third party experts.
The first thing organisations in the public sector should do is look for a provider that can guarantee high levels of technical support. Downtime can occur at any time, and in the event of a problem, it is vital that a member of the support staff who are highly knowledgeable in this area is on hand. This means that a technical engineer should be available to oversee the recovery of all-important data, enabling the process to run smoothly, and make sure any negative consequences are successfully dealt with.
Another important factor for the public sector is working with a provider who can guarantee data is handled properly. Compliance regulations have never been tougher and the consequences for not being able to meet these regulations have never been greater. Keeping this in mind, organisations should choose to enlist a provider than can meet all business continuity and disaster recovery requirements, that has also been certified by the relevant governing bodies.
Organisations in the public sector that don’t invest in disaster recovery are toying with a whole host of consequences, least of which include huge financial penalties. It is also critical that the public sector institutions evaluate the levels of DR expertise they have in-house, and engage a service provider if necessary. By investing in a service, an organisation can be assured that its data is being managed and protected correctly at all times, as managed service providers must adhere to strict service levels. It is clear that while disaster recovery may often be classed as a ‘nice to have’ piece of IT infrastructure, when downtime strikes, it is an important and priceless resource.
By Jon Lucas, Director at Hyve Managed Hosting.