Geographic Considerations – CompTIA Security+ SY0-501 – 5.6

Selecting the location of a disaster recovery site isn’t as simple as it may seem. In this video, you’ll learn about the challenges of geographic location, off-site backups, and issues with international data and travel.

<< Previous Video: Application Recovery Next: Continuity of Operations >>

Whenever you’re preparing for any kind of incident, you must take into consideration that the incident may disrupt everything in your particular building. You might have a fire, a flood, you might have a water pipe burst, or it may be a very large scale problem such as a hurricane, or a tornado. Because of that, having an off-site recovery option may be a very good plan. You can have a copy of your data stored somewhere other than in your building.

Some recovery sites can also host all of your applications in this other facility, so that you can get back up and running very quickly even if you no longer have a building to go to. It’s very common for many organizations to keep their backup data off-site. This is called vaulting, where you take all of your backup information and store it in an off-site vault. There’s also the concept of e-vaulting, where you simply send all of the data into the vault electronically. These vaults could be owned by your organization, but there’s many third party services that will also provide access to their vault for you to store your data.

We also have to think about how secure are these backups are going to be. Data loss of backup data is very common, and theft is an obvious concern. If somebody gains access to all of your backup data, they effectively have access to everything in your organization. And you may not have a choice as to how this backup data is stored. There are many compliance mandates that define exactly the way that your backup information should be handled.

Determining the location of where you store this information is another challenge. There’s a balancing act of being able to recover this information, but we also need accessibility to this information. If we have a large scale disaster that affects a large geographical area, it helps if our recovery site is outside of that particular area. But we also have to think about the travel for our support site. The farther away this data is, the more difficult it may be to recover that information.

You might also have unique business requirements. If you have specialized printers or have a need for a particular kind of bandwidth availability, then that may also help dictate exactly where this recovery site resides. You also have to think about the legal issues associated with the recovery location. There could be very different business regulations between different states, for example. And if this recovery site is located outside of your country, you have to make sure that all of your recovery personnel can travel internationally.

There are also legal questions about where the data resides. If you have data residing in a particular country, it tends to be subject to the laws of that particular country. This means that any legal monitoring or any court orders will be subject to the country where that data resides. You may be subject to compliance laws that requires that the data remain in your country, and you’re not allowed to store any data outside of your national borders.