companyzone companyzone

Cyber risk, blackout fears make comprehensive DR and BC plans crucial


Johannesburg, 13 Apr 2023
Casper Van Der Walt, Chief Cloud Officer, CipherWave Business Solutions.
Casper Van Der Walt, Chief Cloud Officer, CipherWave Business Solutions.

South African businesses face significantly increased risk, therefore they need to move beyond basic backups to develop broad and comprehensive business continuity and disaster recovery plans and processes.

This is according to Casper Van Der Walt, Chief Cloud Officer at CipherWave Business Solutions, who says the looming threat of a national grid failure is just one of many risks facing local businesses today. 

“In a national grid failure, organisations need to have a detailed plan for how and where staff will work, and how they will get systems up and running. But cyber attacks present an even greater risk to business continuity, because ransomware attacks occur more regularly than load-shedding. There are also other business disruptive events, such as natural disasters and insider activity, that could take a business’s systems down,” he says.

Van Der Walt says business continuity risk is also growing due to computing power increases, which allow exploits to occur more often. In addition, the work-from-anywhere trend complicates business recovery and continuity after a disruptive event, he notes.

Beyond backups

Van Der Walt says many organisations believe that simply having offsite backups will allow them to recover after a disruptive event.

“Backups are just part of broader disaster recovery and business continuity. Backups are a failsafe to recover from accidental deletion, and also possibly from ransomware. But backups may involve massive volumes of data, stored offshore, all of which has to be brought back in-country and reinstalled onto systems before the organisation can resume operations,” he says.

“Business continuity is broader – it classifies and provisions the systems and data you need to run the business immediately after a disruptive event. It also covers people and processes to ensure you can resume business as usual as quickly as possible. It’s no use having systems back up and running if your staff cannot access them from home and you cannot communicate with suppliers and partners, for example,” he says.

Citing the example of a customer with a four-hour recovery time objective (RTO) whose systems were taken down by a disruptive event, Van der Walt says the company had expected its two off-site backups to enable disaster recovery. However, one of those backups was unavailable, and one was offshore in a low-cost archive environment. Restoring that data could have taken over two weeks. 

CipherWave was able to help the customer restore the data and get back up and running in two-and-a-half days. However, Van Der Walt notes that if the backup had been in a properly architected disaster recovery environment in the public cloud, this could have been a matter of minutes instead of days.

“For business continuity, the business must be able to deliver services during a disruptive event. You need someone in charge who makes the right decisions – and you need to work off a plan, because people tend to panic in a crisis. Because no two disruptive events will be exactly the same, you need to plan for everything, carry out risk assessments all the time and continuously adjust the plan. It is also important to assess the plan and test procedures every three months,” he advises.

A comprehensive disaster recovery and business continuity plan should cover factors such as providing backup power for remote staff, appointing a core team to keep mission-critical services and systems running, and syndicated DR seats where key staff can go to function.

Offering backup and disaster recovery as a service, CipherWave is a trusted partner helping leading South African businesses mitigate the risk of downtime and business interruption. CipherWave delivers secure traditional and cloud-based DR, customisable DR plans and no-impact DR testing backed by 24/7 support.

Offering on-site, private and public cloud backup and DR across three major hypervisors, CipherWave manages 25 customer environments in private clouds, 130 in the public cloud and 15 in multicloud environments. “We back up around 1.9 Petabytes of data daily to public and private clouds, and 4 Petabytes a day in customers’ own environments. Our RTOs vary depending on the technologies and environments, but they are between two to five minutes in a public cloud, with an overall average across all environments of 15 minutes to four hours,” says Van Der Walt.

CipherWave and its network of partners also assist with arranging syndicated DR seats, staff training, security and risk analysis. 

Share