Businesses must put emergency plans in place so that workforce continuity is ensured when disaster strikes

18 February 2010

There is only one certainty when it comes to disaster: uncertainty. Disaster can arrive in many forms, humanitarian, environmental, even terrorism, and it’s impossible to predict. But it’s not impossible to plan for.

Disasters can occur at anytime, so it’s vital to prepare today for what tomorrow might bring. And that means that in order to ensure IT security, businesses must put emergency plans in place so that workforce continuity is ensured when the time arises.

But before any solution is implemented, two key planning considerations must be addressed. Firstly, emergency continuity planning won’t be effective unless employees have access to the applications that allow normal operations, as well as to the data that is the backbone of everyday work. Secondly, provisions must be put in place to account for infrastructural damage to phones and other hardware that may impede the very access to applications and data mentioned above.

There are measures required to ensure that users have access to both the applications and data they need in times of emergency.

Whatever the disaster, security preparedness has to address three key areas of IT infrastructure: data, network and people.

Data

Files are scattered anywhere from desktop computers to USB sticks and from laptops to emails, so data is often stashed in many different locations. But wherever it’s stored, access to that data and applications must be maintained during an emergency situation.

Organisations can take a dual approach to ensuring that employees have access to data and applications in an emergency. The first approach relies on portable data and applications stored on a USB stick or laptop. The second approach relies on employees remotely accessing data and applications via a secure network.

Portable data and applications stored on laptops or USB sticks are convenient to use but require specific data protection mechanisms in the form of encryption and pre-boot authentication that verify that the person accessing the portable device is authorised to do so.

A second approach that organisations can adopt in order to ensure workforce continuity is ensuring that employees can access data and applications over a secure network such as VPN. In this case, employees remotely access the applications and data they require.

A simple and effective method to ensure that employees can access protected mobile devices such as laptops or USB memory sticks, or remotely access stored data via VPN or secure network, is multifactor authentication. Multi-factor authentication, or strong authentication, involves the use of more than one element to identify users accessing private networks and applications. Strong authentication combines “something you have” - such as a physical token – with “something you know” – a password for example - in order to verify a user’s identity.

Network Security

Another security flashpoint that needs to be addressed is the connection between the endpoint and the organisation’s data hosting facility since in most cases, application and network resources are key to getting work done. Not all employees have corporate laptops with which to remotely access corporate applications and data. And from a cost-benefit perspective it is unrealistic to expect businesses to equip employees with company laptops, just in case of an emergency situation.

In a disaster scenario, the simplest solution would be to allow employees to log on from a home PC, but this type of uncontrolled end-point poses security threats in the form of ID fraud, malware and man in the middle attacks which would be unacceptable to corporate IT infrastructure.

One way to get around this quandary is to create a ‘sandbox’ or clean and safe environment from which network and company resources can be accessed. An innovative solution that ensures secure access from a clean end-point environment is by provisioning a virtual desktop. A virtual desktop uses the employee’s home computer as a terminal with which to access a trusted hosted virtual desktop which offers employees a complete working environment that consists of their own personal applications and data. Access to the hosted virtual desktop is via a network connection that is secured with strong authentication.

People

Up until now, we’ve discussed how organisations can ensure that employees have access to applications and data either by using portable devices, by remotely accessing corporate resources or by creating virtual desktop environments.

But another aspect of emergency planning relates to people and the effects that a disaster would have on staff and their ability to work. Take swine flu for example. While provisions may be in place to enable staff to work from afar, these won’t help if staff are unable to work as a result of illness. In such a situation, organisation may need to rapidly bring onboard temporary employees. And this immediately brings security issues into play once more.

So how can the working practices of temporary staff be secured too? To cope with this type of scenario, organisations could use one of the methods described above to ensure secure access to applications and data – with one caveat: unlike the situations described above, which deal with employees who already have been provisioned with strong authentication for secure access, in the current scenario, the organisations would need to rapidly provision strong authentication for a large number of new temporary employees and handle this sudden surge in demand on IT systems without compromising security policy.

This type of scenario would require an authentication method that does not necessarily rely on the provisioning and deployment of hardware tokens. Moreover, the IT systems required would need to be able to handle the sudden surge in new employees in terms of licensing, provisioning and enrolment.

SafeNet’s software authentication solutions and token management system support such scenarios by enabling organisations to issue software authenticators to new employees and support them through a web-based self-service method, with provisioning conducted over the web. When posed with the rapid recruit of a large number of temporary employees, software authenticators provide the required security precautions, but save organisations the operational logistics involved in deploying hardware tokens.

IT Preparedness: The Decision

Data, networks and people: addressing the security of these crucial organisational and IT elements in advance, goes a long way to ensuring work continuity in emergency situations.

SafeNet’s data and network security solutions allow IT departments to pre-empt damaging scenarios that are liable to arise in times of crisis. By utilising SafeNet’s wide range of smart card and one-time-password (OTP) hardware and software authentication solutions, as well as enterprise-grade authentication management platforms, organisations can ensure that in times of disaster employees have secure access to the data and applications that they need in order to carry on working.

All of SafeNet’s solutions are highly interoperable with data protection and virtualisation partners such as Citrix, VMware and Becrypt, so the only consideration that needs to be taken into account is what authentication method will work most effectively to ensure that businesses continue to operate with as little down-time as possible.