It was discovered in a recent government audit of the U.S. Postal Service that the agency lost sensitive data after the device containing both the original and backup copies of the information suffered a hardware failure. The machine that crashed contained the database for the Computer Incident Response Team, which was "used to record and monitor computer incidents." The database was lost in April after an unspecified malfunction occurred. The information was considered essential, meaning it was necessary to the maintenance of daily operations.
"…[T]he Postal Service did not ensure all database backups were being stored on separate hardware," stated the audit report. 'Specifically, the CIRT database was lost due to a hardware failure and the data was not recovered due to the absence of a backup on a separate piece of hardware."
Currently, the security standards for the Postal Service do not require separate devices for storing backup and original files to maintain information resources. Ironically, the USPS was given an award by CSO Magazine earlier this year for innovative use of online security. The award was accepted by the CIRT's Information Systems Security Manager Andrew Kotynski.
Disaster recovery: More important than you think
While it may seem like what happened to the USPS was just an embarrassing oversight, hundreds of companies make the same mistake each year. Even if duplicate copies of information aren't stored together, they can still be lost if the appropriate disaster recovery and business continuity policies aren't implemented. A recent survey conducted by Forrester found that 33 percent of companies have declared a disaster in the last five years. Four years ago, that number was 20 percent. The study also found that the downtime caused by disasters can be extremely expensive, with respondents reporting costs of up to $3.5 million.
When putting disaster recovery and business continuity plans in place, it is important for organizations to consider where documents and important information are currently stored and how employees access them. For critical information that is used frequently and by many different people, cloud storage services are the best choice.
Using content management systems and cloud-based solutions allow companies to store important data in an easily accessible place that will stay safe during a disaster and keep business running as usual. Employing managed services also lets small- and medium-sized businesses enjoy the same benefits as large companies while having lower costs and the security of a fully redundant, reliable data center.