What happens to a company’s data in the case of a disaster such as 9/11 or Hurricane Sandy? How can a company recover from a disaster and continue their business uninterrupted? It’s a complicated challenge – and one many security professionals and risk management professionals must consider. Companies like Recovery Point provide resources to help a company survive a catastrophic event and keep its computer programs and business processes running. Their customers include large, well-known companies and the government.
“When big disasters happen, people begin rethinking what they need to protect against,” says Dick Fordham, Director of Marketing and Strategy, Recovery Point. “We try to imagine the worst that can happen, and put in place adequate measures to provide the security in those areas.”
Recovery Point is a national provider of integrated business continuity and disaster recovery systems. The company stores copies of its customers’ critical enterprise data on its servers in multiple locations. Recovery Point enables customers to bring their systems and networks back up and let employees continue working despite any damage from the disaster. “We’re not a big company – about 150 employees – but we can service the biggest clients because we provide a high degree of personalised service,” says Fordham.
There is also a 45,000-square-foot
Client data storage and backup
Recovery Point’s flagship facility is located on a 17-acre private campus in Germantown, Maryland; about 30 miles northwest of Washington, D.C. There is also a 45,000-square-foot facility in Gaithersburg, Maryland, where clients’ data can be stored up to 30 days on disk and up to seven years on tape in high-end, secure vaults. There are also two 100-seat work areas where displaced workers from customer companies can continue to perform their duties – one in Gaithersburg and another one in Kenosha, Wisconsin. Recovery Point is also a tenant in a data centre in Mt. Prospect, Illinois, providing an additional, redundant location to store data in case of a disaster.
Recovery Point offers cloud backup strategies to handle data from major computer systems used by large companies; whether it’s mainframe computers, AIX operating systems or iSeries. In addition to providing recovery services in case of a disaster, the company works with companies daily to test and maintain their systems and to provide proof-of-concept demonstrations.
Concentric circles of security
Security is a large part of the services Recovery Point provides. The company leverages the most secure approaches and technologies to ensure that customers’ data is protected, including the familiar “concentric circles of security” approach familiar to most security practitioners. At the centre of the circle is the data of customer companies, what Fordham calls ‘the crown jewels.’ Recovery Point uses a combination of cyber, network and physical security to protect a customer’s data assets. “If their data is gone or corrupted, their business is gone or corrupted,” says Fordham.
Location of the data centre(s) is the first stage of protecting the backup data. Recovery Point is located outside urban areas, away from likely terrorist threats, in an area that is not prone to hurricane or tornado activity. The ‘geographically stable’ area is above the 100-year floodplain. At the perimeter, there is no signage identifying the company or its mission. An anti-ram barrier topped with a 10-foot personnel security fence encircles the campus. At the gate, visitors must be validated remotely or by authorised badge and security code. Inside the perimeter, there are hydraulic anti-vehicle barriers that can resist a 30-tonne truck going 50 miles per hour. Bollards at four-foot intervals keep vehicles away from the building.
Visitors require access badges
Inside, visitors require access badges and receptionists at multiple sign-in desks are located behind ballistic-rated bullet-proof glass. Badges allow access only to the specific areas a visitor needs, whether it is the location where their data is stored, temporary work areas, meeting rooms or overnight sleeping quarters. Two-factor authentication includes iris-scan, fingerprint and voice recognition biometrics.
Data security process
Independent certification, including auditing of processes and physical boundaries around the data, meets standards such as the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorisation Management Program (FedRAMP).
The network and power must also be stable and Recovery Point has Uptime Institute Tier 3 certification, which includes redundant, switchable systems. There is an A side and B side to each system; if one side is ‘down’ for maintenance or a malfunction, the other side is fully functional to ensure uninterrupted service.
“Customers have already had one disaster,” says Fordham. “We make it as painless as possible for them not to worry about their data, to make them feel secure. In a disaster there are other things to worry about, such as their home and families. We want security you can see and security you can feel.”