National Preparedness Month – Why?
Every year, Ready.gov uses the month of September as an opportunity to promote preparedness through public involvement. In support of this initiative, each week this month AllConnected will be discussing key ways you can better prepare yourself, your family, and the community in the event of a disaster.
AllConnected Core Value: Preparedness
Preparedness is a mindset and state that ensures we are ready for the unexpected when our families and clients need us.
Week 4 of 4 | Get Involved | 9.24.2019
During the first 3 weeks of September, we’ve provided some reminders that can help organizations to better prepare for potential disasters. Being an organization focused on Professional IT Services and IT Infrastructure, myself, our CTO, and our Director of Disaster Recovery Services have discussed 3 steps to prepare your IT infrastructure for disasters:
1. Know Your Risks
2. Develop a Plan
3. Practice Your Plan
These same steps apply to each of us personally, to our families, and to our communities. While there is much we can do in advance to Prepare IT for Survival, protecting and ensuring readiness of our People is most important. During this 4th week of September, Ready.gov encourages each of us personally to get involved in your community’s Preparedness efforts, including Community Emergency Response Teams (CERT) and/or the Great California ShakeOut.
As We Look Ahead:
The month of October is Cybersecurity Awareness Month. It is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. During the month of October, we’ll share additional reminders on how you can Own IT, Secure IT, and Protect IT.
- Specifically on October 17th we are reminded of the need to #BeReady for earthquakes with the Great California ShakeOut. Your company, or you individually can register here, where as of 9.25.2019, over 49.2 million have already registered to participate.
- We invite you to register for a Webinar we will be conducting at 11:00am PST on Thursday, November 14th, led by our CEO and CTO: Advanced Malware Protection with Cisco Umbrella. The Webinar will be focused on a toolset to block a broad spectrum of malicious domains, IPs, URLs, and files being used in today’s attacks. Register here.
- We’d also like to invite qualified guests to our final event of the year, the pre-screening of Star Wars: The Rise of Skywalker, which will be held the day before the official release. This special screening will be precluded by a vendor fair featuring proven solutions that can reduce the Risk in your organization and ensure you are Prepared for the unexpected. Visit our news page in the coming weeks for more information.
And last, for the month of October, AllConnected and Cisco will be offering (5) Proof of Concept deployments of the Cisco Umbrella Cloud-native Security platform, at no cost to qualified organizations. If your organization is interested, or would like more information, click here.
Stay diligent and #BeReady,
Week 3 of 4 | Practice Your Plan | 9.17.2019
Last week we outlined how to Prepare or Develop a Plan specific to IT Recovery. This week we’ll outline the next critical step: Practice the Plan.
To illustrate why it’s so important to practice the plan, picture the following: You’re working in the office, it’s mid-morning, you’ve had your coffee or tea and just as you’re getting into the groove of things, all of a sudden smoke fills the room. As the fire alarms pierce your ears, you try to make sense of what’s happening. You need act quickly. But what do you do? It’s hard to think with the alarms and the smoke compromising your visibility and starting to fill your lungs. There’s an Evacuation Plan, but wait, you’ve never actually participated in a practice drill. So, where do you go? Which exit is the closest? What if it’s inaccessible? What’s “Plan B”? You’re used to taking the Elevators, but where’s the stairwell access in reference to your cubicle?
During a Disaster Event like the one described, something as routine and normal as walking in and out of a building that you’ve done dozens of times, all of sudden can become confusing and chaotic. Whether at work, school, or at home, we should all prepare for and practice before disaster strikes. In principle, this applies just as well to IT Disaster Events.
How to Practice Your Plan
After you’ve created a DR Plan for your most Critical Apps, you need to Test Your Plan. In other words, perform a Practice Drill. Run the Failovers to your DR environment and try logging into your Critical Apps to perform day to day functions. The Test will reveal major gaps and weaknesses and it’ll separate theory from reality. But that’s a good thing. Perhaps you forgot to replicate a key VM, like a secondary domain controller that also happens to have other key roles. Maybe you missed a Reporting server that your Critical App makes calls to. Or you need to make changes to your firewall rules to allow traffic between separate networks. Or perhaps your Citrix storefront no longer works because your DNS name in DR doesn’t’ match the Production DNS name.
Start with just your IT team to work out the major kinks. Then, invite your Power Users to the DR Test, the ones who know the Critical Applications the best. That will reveal some more gaps.
As part of this Iterative DR Test Process, create a Findings and Recommendations Document. Note the expected result in your DR Plan vs the Actual Result. Address the issues. Then Test again. Once you have a mature IT DR Plan, you can schedule regular “Practice Drills” so that you can figuratively “walk blindfolded” and still find the exits and stairway in the midst of all the chaos.
1. Develop a Plan
2. Test the Plan
3. Recover Successfully!
DRaaS Director, AllConnected
Week 2 of 4 | Develop a Plan | 9.10.2019
“A goal without a plan is just a wish.” – Antoine de Saint-Exupéry
Proper IT Disaster recovery planning rests on 3 pillars, Design, Preparation, and Verification.
Focus on the disaster recovery design that fits the applications, starting with the most critical apps to the organization. By focusing on the design needed for the most critical application, many organizations find that the solution that works for the highest priority applications leads them to solutions for the lower priority applications. This application focus also makes it possible to show results and move forward to preparation.
The scope of work for the design phase should include meeting with the application vendor to determine the steps they are aware of that need to be done in the event of a disaster, such as mapping applications to server dependencies, determining a method for end users to access the application during both a DR test and an actual DR event, as well as addressing the performance characteristics of the application and deciding if the expectation will be that the DR site will run at 100% of the production capabilities. The design doesn’t have to be perfect, it just has to be realistic and have support from the application vendor.
This is where the technical validity of the design starts to be proven. For some organizations, preparing for a disaster recovery event or even a test involves a proof of concept, for others it could be assessing the production environment to determine if perhaps a change could be made that would increase the flexibility and portability of the production environment. An example of this would be utilizing virtual servers instead of physical, reducing dependencies on physical SAN LUN’s, perhaps even migrating to newer resiliency technologies that include an offsite option, such as Microsoft SQL AlwaysOn.
The steps for preparation are unique in many ways because of the variety of applications that are involved, but they should fundamentally address issues that make testing the plan difficult or impossible. And again, by focusing on the most important application, the preparation pillar does not have to be too daunting and should allow the process to move to the next pillar, verification.
Next week’s article will go into depth on how to perform proper verification of a IT Disaster Plan, but I include the step here because the verification of any plan will undoubtedly force changes to the design and preparation, really moving us in a logical circle that results in an improved IT Disaster Plan every time it is tested. Furthermore, our production environments are not static, so using verification as part of the development of an IT Disaster plan is a key method to capture production changes that may have been overlooked.
9.3.2019 | Know Your Risks
On November 8th, the Woolsey fire was ignited. It destroyed 1,643 structures, killed 3 people, and evacuations were unprecedented, with more than 295,000 leaving their 105,000 residences behind as they moved to safer areas. According to the LA Daily News, during this disaster, 17,582 customers lost power and thousands, including hundreds of businesses, lost Internet access.**
As the fire season approaches Southern California again, many remain worried, especially after a particularly wet season that leaves behind more growth that we had last year.
Regardless of where we live, recent disasters serve as a reminder to all of us that it’s important to be prepared. Disasters Don’t Plan Ahead and they can come at any time. Our risks in the Greater LA aren’t limited to fires, there are earthquakes, flooding, toxic spills, active shooters, terrorism, cyber terrorism, ransomware, identify theft, or it can be as simple as a power failure or a gas leak.
They affect your county, city, home, and family. An old proverb says ‘shrewd is the one who sees the danger and conceals himself from it. Indeed, being prepared can make all the difference when it comes to your next meal, your health, and even your life.
Over the next few weeks, our team will be sharing some thoughts, experiences, and resources that have personally helped me, my family, our company, and our community to take steps to better prepare for the unexpected. If your organization is planning any activities during the month of September to raise awareness on how your people can personally prepare, please let me know.
If you haven’t started yet, we’ve pulled together various resources from Ready.gov, FEMA, CERT, NIST, and other disaster preparedness information that could help you raise awareness with your employees and their families.
For the first week of September, the message for National Preparedness Month is: Know Your Risks. All of us do well to spend time researching and thinking about the most common risks to our families, our employees, and our businesses.
Gonzales, Ruby; Cain, Josh (November 14, 2018). “Woolsey fire death toll increases to 3, body found in charred Agoura Hills home”. San Gabriel Valley Newspapers. Retrieved November 14, 2018 – via The Mercury News.