Photo: emedicinehealth
Vaccinating against disasters
Why the start of the cold and flu season should motivate IT Security Officers to review their Disaster Recovery and remote access plans
There has been a great deal of publicity surrounding this year's cold and flu season. It has come to the public's attention again, following the recent start of the first vaccinations in a UK-wide program aimed at combating the spread of swine flu. The literature in airports, on TV and in magazines has been clear and concise; take simple, but effective and necessary, precautions against catching and spreading the seasonal bacterial and viral bugs to family, friends and co-workers.
Swine Flu aside, the garden variety cold bug will undoubtedly make its way into many offices and workspaces before too long, knocking out a decent percentage of employees. Even if flu doesn't, other natural events can play havoc with productivity. The now infamous snow storms that afflicted the UK in February 2009 remind us how businesses as well as communities can be affected without notice. In most of the south east – especially London - the road, rail, bus and underground service ground to a complete halt, resulting in road, school, and business closures - all of which conspired to prevent many companies' staff members from getting to and from work.
The key issue here is that while many IT issues can be prevented or resolved, other circumstances outside of anyone's control can and will prevent employees from being physically able to get to the office, and cause severe disruptions to the business in the process. Though many companies offer VPN access to a percentage of staff members who regularly travel or are based in remote areas, extreme weather events like the ones described here could result in a sizable rise in the number of employees needing to access a company's IT network and systems away from the workplace. Not only will organisations need to flex to accommodate such an increase in demand so as not to negatively impact productivity, but they will have to ensure that the provision of remote access to the network, doesn't compromise its security.
So in the spirit of the season, organisations and their IT security managers should look at the efficacy of their Disaster Recovery Plan, by answering these three questions.
• Do you have a remote access surge plan? Can the company rapidly increase the number of secure access points to its network for employees that find themselves unable to come to the office for extended, albeit temporary, periods of time? If the answer is no, it might be wise to come up with a "worst case scenario" strategy, with respect to how to build up capacity on short notice to help more staff members gain remote connectivity.
• Is the temporary access you provide these employees secure? It's important to ensure that employees working virtually due to unforeseen circumstances still have the same security protection as they would in the office without compromising the integrity of the IT network.
• Do you have help? Organisations should not have to go at it alone, but rather enlist their system integrators and product vendors to help make this happen. The best partners are the ones who have offerings that specifically meet this demand. They should also have an arsenal of best practices to provide companies with lessons learnt from others.
Of course, as with all disasters, planning ahead is a key part of the strategy for managing them. Solutions already exist to make it easy for employees to remain productive and, more importantly, securely connected, to the corporate network if a disaster has made it impractical or impossible to physically attend work.
For example, VASCO's solutions are designed to protect networks from intruders while enabling organisations to provide anytime, anywhere access to customers, partners, and mobile employees, reliably and cost-effectively. VASCO secures the corporate network by enforcing VASCO DIGIPASS strong authentication for remote access. This protection covers firewalls, RADIUS and Access Servers, VPN's, webmail, intranet, and extranet users Web and custom applications.
Having a workable Disaster Recovery Plan that can respond to all types of security and access issues – including those that come about from natural phenomenon or health epidemics – can be the difference between a business staying up and going down. No one can predict the future, but rest assured; it will hold unforeseen challenges and circumstances. Companies can stay ahead of the curve by developing strategies and identifying resources that can help adjust to situations beyond their control. For it's not a question of if such an issue will occur, but rather when.
Jan Valcke, President and COO of VASCO Data Security.
