Recent natural disasters such as the Queensland floods and Cyclone Yasi mean now is the time to look at ways of avoiding ICT and staff issues in the event of a crisis, Brisbane City Council IT experts argue.
According to the council's ICT risk, security and compliance manager, John Harrison, disaster recovery plans can be helped by having capability objectives, such as remote access for staff, well ahead of time.
“This comes into play when roads are washed away and buildings inaccessible because all of a sudden you have a whole organisation who needs to work somewhere else,” said Harrison. “That can be challenging to do that for a whole group but with smartphones using the Apple iOS and Android, staff will be at least be able to access emails and other work interfaces.”
The council's enterprise security architecture evangelist, Trent Prasser, said some controls, such as acessing the company network, would need to be relaxed if organisations were to continue operating during a disaster.
“If we’re talking about people’s work places being uninhabitable, than reduce secuirty controls and bring access control down to normal,” he said.
Prasser said the use of social media during disasters to inform staff of situations was useful. He cited the Queensland Police as a good example of an organisation that posted constant Cyclone Yasi updates to its Facebook and Twitter profiles.
“When you find yourself in a [disaster] event, that’s not the time to think about the company use of social media,” he said. “The infrastucture of Facebook and Twitter is very far away so it won’t have an impact. No one would debate that those sites are good at pushing your message out there to people.”
Prasser also suggested organisations use a public Cloud infrastructure as it can span multiple continents and offer high availabilty. “Using the Cloud is practical but you need to sort out privacy and compliance issues first so you can run functions in the Cloud. If you have those approvals in advance, you don’t need to be running around getting them in a disaster recovery situation.”
Summing up disaster management, Prasser said companies should take advantage of the current situation ,review disaster recovery plans and make improvements where necessary.
Hamish Barwick travelled to AusCERT 2011 as a guest of AusCERT
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU