This content is part of the Essential Guide: Essential guide to business continuity and disaster recovery plans

Essential Guide

Browse Sections

Adding cybersecurity as a service to a BC/DR plan

Compare a traditional network perimeter configuration with cloud cybersecurity and see if this new kind of security platform can improve your business continuity.

There are ways to better integrate business continuity, disaster recovery and cybersecurity activities, and there...

are cloud-based, as-a-service offerings for DR.

Recognizing that cloud services addressing cybersecurity activities -- cybersecurity as a service -- are available, let's examine the value of integrating them with disaster recovery as a service and other business continuity-related offerings.

If you take all of your current cybersecurity preventive measures and mitigation offerings, bundle them, and make them available through a cloud-based service, that's essentially cybersecurity as a service (CSaaS). Your firewalls, proxy servers, intrusion detection and prevention systems (IDS/IPS), and other measures to protect your technology perimeter are now provided by someone else.

Network perimeter configuration
A typical network perimeter configuration

The setup in Figure 1 is a typical defense-in-depth network perimeter configuration. Before anything from the internet or a private network can be delivered to the data center and its various devices, it must pass through several systems that inspect the data and flag and capture anything suspicious.

By contrast, a cybersecurity-as-a-service configuration might look like Figure 2. Data is first routed to the CSaaS vendor, where it passes through similar defensive devices, and is then routed to the customer site. We have added another firewall inside the customer network perimeter for additional security.

Network perimeter configuration
A possible cybersecurity-as-a-service arrangement

The CSaaS vendor handles all cybersecurity threat detection and mitigation activities before data is delivered to the customer. While this is a very generic drawing, it shows how cybersecurity as a service factors into a customer's overall network and information systems protection strategy.

Examining cybersecurity-as-a-service vendors

If you are already using a disaster recovery as a service (DRaaS) product as part of your BC/DR plan, and you wish to add cybersecurity to that service, check first to see if your vendor also offers CSaaS. Perform the same due diligence on the vendor as you probably did when evaluating your DRaaS vendor.

Determine the total cost of ownership (TCO) of your current on-premises-based cybersecurity arrangement and compare it with the TCO for a CSaaS product. Remember the reasons you originally moved to a cloud-based service, such as to free up floor space, to fix costs, to reduce management involvement and to ease DR tests.

Next, examine the cybersecurity services provided by the CSaaS vendor. See if they offer any arrangements that provide additional security for your perimeter that you don't currently use. If some additional arrangements are available, and the cost is not prohibitive, that may become a deciding factor.

Speak to several of the vendor's customers to learn why they put their cybersecurity into the hands of a third party, as well as the results of that decision. See if they conduct periodic penetration tests and can also coordinate tests of the DR arrangements with cybersecurity services. This can improve your overall DR and cybersecurity posture, as you will have confidence that any potential cyber incidents can be addressed before they damage customer data and physical assets.

CSaaS and DRaaS

In Figure 2, we added another firewall inside the customer's perimeter. This is because we want to further reduce the possibility of malware or malicious code sneaking past the CSaaS vendor. With DRaaS, you can fail over critical systems to replicated devices in the DRaaS vendor's cloud. With cybersecurity as a service, you want to be assured that the vendor's security measures are stronger than your own.

This begs the question: Should cybersecurity protective measures be managed on site by your organization or by someone else? The reasons for having CSaaS and DRaaS are largely the same: to protect your business from unplanned events that could disrupt or destroy the business.

With cybersecurity as a service, you want to be assured that the vendor's security measures are stronger than your own.

A cybersecurity breach is also a potential business continuity and disaster recovery event, especially if the results prevent the business from operating normally. If devices are compromised, data is corrupted or stolen, or applications are corrupted, the business may fail unless it is prepared with a BC/DR plan to mitigate and recover from such events.

Cybersecurity-as-a-service products are yet another way to protect your IT infrastructure and your business. Coupled with DRaaS and similar cloud-based offerings, you may be able to make the business case for leveraging both services as part of your overall IT security and business continuity strategies.

Next Steps

BC, DR and cybersecurity should complement each other

Cybersecurity framework can strengthen DR planning

Cyberthreats among trends shaping business continuity

Dig Deeper on Cloud disaster recovery