What you will learn in this tip: Discover what a human-made disaster is, what can cause this type of outage, how it can impact IT disaster recovery planning, and how it can be prevented.
When one mentions disaster recovery, physical damage comes to mind, and it's usually caused by weather-related events or some other physical aspect. However, I want to address other causes of disruptions, those caused by people.
For the benefit of this tip, “human-prompted” events are not terrorist actions, since they intentionally cause physical damage yet are started by individuals; what I want to focus on are issues with operations, connectivity and data delivery, or storage. Some of these can easily be remedied by installing off-the-shelf software products.
The following are the most common human-made disasters:
Consider enforcing a “secure desktop” policy in the office to control what types of devices and websites can be utilized by office computers. The degree of enforcement is depends on how open or restrictive you wish to be, but understand that once the door is open, you may be inviting software you do not want into your environment. Also consider that each time one synchronizes a personal device such as a Blackberry or iPod, whatever you may have downloaded onto the device is connected to your computer. Some applications may not be as innocent as you expect. Do your employees use Facebook or access private email in the office? That may be a potential shelter for malicious code.
Some vulnerabilities cannot be seen, either: Nasty programming could be embedded within innocent software programs. This means that any storage mechanism that connects via a USB port is a potential threat to your computer environment. How do you combat this? You need to restrict access to the USB port. Some organizations go even further and restrict the use of CDs, but that is a decision left up to your organization.
Security and wireless networks
A password can help secure a wireless network, but make sure it is not easy for an intruder to figure out. Some organizations have multiple wireless networks that allow visitors access to the internet but not the corporate network itself. Also, be careful about using the public Wi-Fi connections that are available at some businesses. Fellow users sitting next to you may be trying to attack your wireless computer. It is also possible that some fairly sophisticated computer maven could be transferring data to your laptop, and from there to your network.
Make sure that the uninterruptible power supply (UPS) equipment is adequate for the load it is expected to address. Many organizations upgrade their data centers but don’t consider whether their UPS equipment can handle a new setup. An electrical engineer will be able to determine the demand on the UPS and how much service time you could get from the UPS. There is also UPS monitoring equipment that can be installed and will notify users in case of a problem.
If you have a generator, ensure it is tested more than once per year and that it can supply enough power to run your data center. Make sure the generator can start automatically when there is a problem, unless you have staff on site that can start the equipment.
Let’s now concentrate on the network. Is your organization one that has adapted Voice over Internet Protocol (VoIP) for your phone system? If you did, then you know that voice communication utilizes the same network that has all your data flowing through it. When your network is interrupted so is your communication. Recently I visited an organization that had its customer support desk use VoIP technology. The idea was twofold, cost savings and having the capability of rerouting the calls if someone is away from the desk. The problem is they had experienced network outages of up to six hours and had no communication. An additional issue with VoIP is all the equipment utilizes power, so unless you have a UPS at each desk or connected to the generator a power failure means no communication. To reduce the likelihood of an outage, make sure power issues are addressed and that the network is monitored. Remember your network now is the key both to data and voice communication.
Some potential key network issues may be solved by just looking at the wiring in the LAN room or under the floor tiles. If it looks like a bowl of pasta, how will a technician be able to follow a connection to check it? A neat, well-labeled cable configuration will prevent long outages.
You should also consider what is located near the data center. I have seen locations that are directly below a cafeteria where hot foods are prepared. Should a fire erupt in the cafeteria or food preparation area there is a good chance the fire—or attempts to extinguish it—will cause damage to the nearby data center.
Unless you can set up an environment totally devoid of human intervention, you should anticipate the potential for human-made disasters. There is no completely failsafe system—just think of how many times you have heard: “The outage was caused by human error.”
About this author: Harvey Betan is a certified business continuity planning consultant with experience in disaster recovery in both technology and business functions. He migrated to business continuity after the restoration of a large insurance company with a major presence in the World Trade Center on Sept. 11. His career has spanned a dozen years in business continuity after a 15-year career as a senior manager in information technology for the financial, insurance and nonprofit sectors.