The fire in Europe’s largest data center OVH in Strasbourg on March 10, 2021 has made us all aware that even the cloud has its availability limits.
Natural disasters, fires or human error can never be completely prevented, but it is possible to take appropriate measures in good time that can prevent a complete loss of data as suffered by some customers of the provider of the French cloud provider OVH. First, a brief review for a current occasion.
WHAT IS KNOWN ABOUT THE INCIDENT ON MARCH 10th 2021 AT CLOUD PROVIDER OVH?
- According to the company, the fire completely destroyed one of the four data centers and partially destroyed another one.
- Data from 12000 to 16000 customers was affected (plus that of their customers).
- On the morning of the fire, 3.6 million web pages of 464,000 domain names temporarily went offline (according to the British data collector Netcraft).
WHAT IMPACT CAN A COMPLETE LOSS OF DATA HAVE ON A COMPANY?
- In the event of an irretrievable loss of data (no backup available) or an impairment of availability, there is an acute need for action from a data protection perspective.
- Notification of a data breach to the authority and, if necessary, to the affected persons is necessary.
- Unforeseeable damage to the image is caused, which may result in loss of revenue and the tying up of resources in trouble shooting.
- Depending on which data is affected, there may be a severe loss of knowledge and documentation in the company, which in turn may have legal and monetary consequences.
- Our concern is to inform our customers and to suggest solutions on how to approach the topic of data security in general and in particular when outsourcing to a cloud provider.
From our perspective as risk management experts, the most important rule is:
UNDERSTAND THE COMPANY AND ITS RISK ACCEPTANCE
OUR RECOMMENDATION ///
We recommend every company to deal intensively with this topic, because the effects can be painful and an investment in the area of information security saved at one end can become expensive at the other end. It is therefore worth taking a closer look at some points in good time.
How can you answer the question of an effectively implemented risk management system for yourself? Have you established one in the company? Do you know which information and IT systems could cause the greatest damage to the company in the event of a loss of confidentiality, integrity or availability? How much damage can the company withstand?
If you do not yet have any or only insufficient answers to these questions, we strongly recommend that you address these issues as part of a Business Impact Analysis (BIA). This will provide you with the basis for a backup and restore strategy that is tailored to your company’s needs. In the next step, you can take care of the design of the technical and organizational measures.
Regardless, it is recommended to ALWAYS have a data backup in a different location than just on a cloud server. Another location also means that the data is not in the room/house next door, but there is a geographical separation between the servers used. This should be true for at least the most critical data in the company.
With the Risk Management Software CRISAM® the relevant questions for the risk assessments are already stored in the system. The advantage is that with CRISAM® you have an integrated Risk Management System that combines different disciplines and methods and you can check against the state of the art. This makes it easier for the users, to control the process and especially to evaluate and combine risks.
Do you need advice or have questions about this topic? We are here for you!
ABOUT THE AUTHOR
Markus Müller has successfully built up risk and compliance management projects internationally and in practically all industries over the last 12 years. Starting as a consultant and today managing director of one of the leading software vendors (CALPANA business consulting GmbH) for Integrated Risk Management solutions (CRISAM®), Markus Müller is familiar with every problem that an organization may face when implementing an ISMS.
Weitere Themen ///
THE ISMS AS A SUCCESS FACTOR FOR SECURE OT OPERATIONS
The current events around the COVID crisis or the almost daily new news about "hacked" companies show us all how important the secure operation of (critical) infrastructures is.
HOW TO GET CALMLY THROUGH THE IDW PS 340 N.F. AUDIT
A revised auditing standard was published on January 1, 2021. How do you get calm through the IDW PS 340 n.F. audit with CRISAM®? Take advantage of this opportunity and expand the capabilities of your corporate planning...
Content Release March 2021
Comprehensive innovation in the CRISAM® Knowledge Packs in the area of ISMS, SCADE, KRITIS, B3S, VDA-TISAX and Legal Essentials.
REVIEW OF THE FIRST CRISAM® COMMUNITY TALK
Tuesday, 2/23/2021 was the day. The first CRISAM® Community Talk took place online and the turnout was fantastic. Numerous participants from a wide range of industries took a day to exchange ideas among Risk Management experts.
CRISAM® Process Model
CRISAM® is based on a 6-step process model that provides a holistic view of your risk management.