LEADO is a multinational, company based in Europe and produces materials for the construction industry.
IT Services are managed by Central IT and the business hosts all its applications/ IT services in its own data centre facility.
LEADO, as part of its IT Business Continuity Plan would like to define all critical IT disaster that they could face, and their possible mitigation strategies based on best industry practices. These best practice mitigation strategies could be based on technologies that are hosted at another on premise data centre (which itself is replicated across other regions of the country, continent and globally). These best practice mitigation strategies could also be based on available cloud technologies based on IaaS, SaaS or PaaS, etc. The mitigation strategies for each disaster event should be in the form of a list and not in long paragraphs. The possible mitigation strategies for each disaster event could be a combination of one or more of the following: Technology, Building, People and Process mitigation types or all of them.
This information should be presented in a table format and the content needs to follow a logical order and the content must be well researched and not be a collection of cliches or generic verbal. The audience is techie savvy and at senior level so no need to go into explaining the basics.
The structure of this paper should be:
b. Scope of the study
c. Objectives and Goals of the study
d. Detail of every IT disaster and its corresponding mitigation strategies based on best practices. This section should ideally be in a table format that runs across multiple pages.
The paper will address the following 4 categories of disasters:
1. Responding to loss of technology
2. Responding to loss of a building (office) and the data centre
3. Responding to loss of staff
4. Responding to loss of a supplier
Below I have listed just some of the disasters within each of the above 4 disaster categories. Please, expand on this list to ensure all common disasters impacting the organisations IT Services and Data Centre are covered and mitigation strategies are detailed.
1. Responding to loss of technology:
server hardware failure related
data loss related
virtualisation VMware platform related (LEADO’s current VMware platform is mirrored to a cold site, but it still leaves not much margin for contingency. recommend best practices for the ideal VMware DR environment setup/configuration to ensure maximum recovery of all virtual hosted machines, there applications and data).
Poorly configured infrastructure
Unpatched Security Vulnerabilities and Bugs
Web Application Attacks
DNS Infrastructure attacks
SSL-induced blind spots
Brute Force and weak authentication
Data backup related
2. Responding to loss of a building:
loss of data centre
loss of the entire office building housing IT staff
loss of power
loss of cooling
security breech (unauthorised access)
mechanical failure in data centre or the wider building
3. Responding to loss of staff:
loss of key IT personnel
loss of senior managers
loss of decision makers
No personnel due to a strike
understaffing due to transportation problems
travel restrictions due to a snowstorm
4. Responding to loss of a supplier:
loss of IT support service provider (in the case of LEADO they have multiple IT Service Helpdesks dotted around the world based on follow the sun, this needs to be factored in when discussing this disaster and mitigation strategies).
loss of application vendors
loss of hardware vendors