By Mike Talon
During the early years of the dot-com revolution, I investigated a data center for a mix of production and disaster recovery operations (production for one coast, DR for the other). Part of the security features of the facility included a "30-minute riot glass" in all the windows that showed the interior of the data center.
The theory behind the riot glass is that you can fire a high-caliber weapon at the glass for 30 minutes before it breaks. However, standard sheetrock and wood walls, which are easily breached, surrounded both the doors and the glass. The company I worked for decided to go with a different service provider, but this experience still provides a valuable lesson for DR professionals.
Many companies are creating massive security procedures and structures to surround—physically and digitally—all of their production operations. Honeypot systems, firewalls, VPN-control hardware and software, and a host of other digital techniques complement physical security measures. All of this security is great, but what about the DR site? Are we building bulletproof production sites but constructing the DR sites out of easily breakable materials?
An alarming number of companies don't take the DR site and data systems into consideration when designing security for data operations. Sure, data replication occurs over encrypted pipes, and tapes are moved between sites via secured and bonded transports, but physical and digital security measures are often completely overlooked once the data arrives at its destination.
A primary example is data systems on the DR site that aren't physically secured. In many cases, they're accessible by data center personnel or other persons who shouldn't have access to the equipment. While a limited amount of interaction may be required if the company can't place full-time staff at the data center, these employees often have way too much access—well beyond what they need to change tapes and administer physical resources.
Another common issue is that data systems at the DR site aren't properly set up with the same security infrastructure as the production systems. This includes networking technologies, such as NAT and IPSec. Some companies purposely neglect to set up identical infrastructures in an attempt to cut costs.
During normal operations, the systems aren't active at the DR site for anyone to attack. But if the failover systems kick off when no security experts are available, these systems will come up live and unsecured. Disasters of this magnitude can occur in the middle of the night when no one's around, so you shouldn't rely on the right personnel to be there to perform security operations. You need to properly secure your systems ahead of time.
The best course of action is to treat your DR site like your production facility and to secure it accordingly. Make sure that failover procedures for security operations are known and tested by all responsible staff, plus preinstall and preconfigure the necessary hardware and software. Failure to perform these operations could result in your systems being suddenly left wide open, even though the DR systems just saved the day.
Mike Talon is an IT consultant and freelance journalist who has worked for both traditional businesses and dot-com startups.