Secure Your IT Infrastructure & Create Resiliency
IT infrastructure is the combination of hardware, software, communications, data centers/hosting services, and human resources that allows an organization to deliver information technology services to its constituent communities.
IT resiliency refers to an organization’s ability to avoid or minimize business disruption when the IT infrastructure is challenged by planned or unplanned events, such as the novel Coronavirus. IT resiliency is at the core of an effective IT strategy, designed to ensure organizations can quickly get back to business after something goes wrong, as well as how to protect your organization from threats in the first place.
Planned or unplanned events that could impede your ability to deliver optimal services may include: production and/or migration failure of systems and/or applications, turnover among key IT staff, man-made and natural disasters, cyberattacks, and malicious activities by known or unknown parties. Any of these events may disrupt or even paralyze an enterprise if proper planning and controls are not in place.
What Are Measures to Improve IT Infrastructure Resiliency?
Document and Test Your Business Continuity Plan
Business Continuity Plans (BCPs) are essential to successfully conduct business seamlessly when disruption strikes. Having a working BCP in place in advance of a disruptive event helps to lessen the impact on people, processes, and systems.
AAFCPAs’ Business & IT Consulting practice advises clients to first answer the questions: “What do we need most?”, “How long can we be without?”, and “How much data can we afford to lose?” The answers to these questions generate a Recovery Time Objective (RTO) and Recovery Point Objective (RPO). From there, a specific plan to address the needs of each service may be developed.
Document and Test Your IT Disaster Recovery Plan
An IT Disaster Recovery Plan (DRP) is a documented and tested process or set of procedures which ensures your organization can recover IT systems, services, and data following an event. DRPs should be tailored to your business size, industry, and specific IT infrastructure. The plan will be multi-discipline and include other departments outside of IT. A risk-based approach will drive answers to “How will we work?”, “Where will we work?”, “What is the impact to the business and our constituents?”, and “Who will communicate to our constituents?” Once crafted, periodic testing of the DRP should be executed as part of your BCP in order to support business operations.
Sound Backup and Recovery Strategy
Organizations must implement strategies that protect both their data and their ability to access it. These strategies are only a single component of a comprehensive BCP and broader DRP.
The Backup and Recovery Strategy should include routinely scheduled backups of your business’ critical systems. Routine is subjective and driven by RTO and RPO requirements specific to the environment being backed up and recovered.
Robust Risk Assessment
Understanding where risks exist in your technology enterprise is paramount to your ability to effectively manage them. Risks come in many forms and are as individual as your organization. Risks exist in aged technology; outdated solutions; access control deficiencies of incoming, existing and departed staff; inappropriately configured systems; poor password management practices; and a lack of employee training and awareness, to name but a few.
AAFCPAs advises clients to perform regular top down risk assessments as a solution to help identify, prioritize, and remediate deficiencies.
How Can AAFCPAs Help?
AAFCPAs recommends performing an IT Risks and Controls assessment first. Once completed, visibility to high risk concerns will be unveiled and then may be addressed. If cyber security is of strong concern, network penetration and cyber assessments may also be employed. If you host private and/or confidential information covered by HIPPA, GDPR, PCI, or other local, state, federal, or international governing requirements, these services should be considered.
AAFCPAs’ Business & IT Consulting practice advises clients on improving their IT Resiliency with recommendations that are right-sized and tailored to be appropriate given each client’s resources and specific IT infrastructure requirements.