Protección de Datos Continua

Continuous data protection (CDP), also called continuous backup or real-time backup, refers to backup of computer data by automatically saving a copy of every change made to that data, essentially capturing every version of the data that the user saves. It allows the user or administrator to restore data to any point in time.

CDP is a service that captures changes to data to a separate storage location. There are multiple methods for capturing the continuous changes involving different technologies that serve different needs. CDP-based solutions can provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mail boxes, messages, and database files and logs.

Differences from traditional backup

Continuous data protection is different from traditional backup in that you don't have to specify the point in time to which you would like to recover until you are ready to perform a restore. Traditional backups can only restore data to the point at which the backup was taken. With continuous data protection, there are no backup schedules. When data is written to disk, it is also asynchronously written to a second location, usually another computer over the network. This introduces some overhead to disk-write operations but eliminates the need for scheduled backups.

Continuous vs near continuous

Some solutions which are marketed as continuous data protection may only allow restores at fixed intervals such as 1 hour, or 24 hours. Such schemes are not universally recognised as true continuous data protection, as they do not provide the ability to restore to any point in time. Such solutions are often based on periodical snapshots. There is some debate in the industry as to whether the granularity of backup needs to be "every write" in order to be considered CDP or whether a solution which captures the data every few seconds is good enough. The latter is sometimes called near continuous backup. The debate hinges on the use of the term continuous: whether only the backup process needs to be continuous, which is sufficient to achieve the benefits cited above, or whether the ability to restore from the backup also has to be continuous. The Storage Networking Industry Association (SNIA) uses the "every write" definition.

Differences from RAID/replication/mirroring

Continuous data protection differs from RAID, replication, or mirroring in that these technologies only protect one—the most recent—copy of the data. If data becomes corrupted in a way that is not immediately detected, these technologies will simply protect the corrupted data.

Continuous data protection will protect against some effects of data corruption by allowing to restore a previous, uncorrupted version of the data. Transactions that took place between the corrupting event and the restoration will be lost, however. They could be recovered through other means, such as journaling.

Backup disk size

In some situations, continuous data protection will require less space on backup media (usually disk) than traditional backup. Most continuous data protection solutions save byte or block-level differences rather than file-level differences. This means that if you change one byte of a 100 GB file, only the changed byte or block is backed up. Traditional incremental and differential backups make copies of entire files.

• See also
• External links

Sitio de Respaldo

A backup site is a location where an organization can easily relocate following a disaster, such as fire, flood, terrorist threat or other disruptive event. This is an integral part of the disaster recovery plan and wider business continuity planning of an organization.

A backup site can be another location operated by the organization, or contracted via a company that specializes in disaster recovery services. In some cases, an organisation will have an agreement with a second organisation to operate a joint backup site.

There are three types of backup sites, including cold sites, warm sites, and hot sites. The differences between the types are determined by the costs and effort required to implement each. Another term used to describe a backup site is a work area recovery site.

References

Cold Sites

A cold site is the most inexpensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. The lack of hardware contributes to the minimal startup costs of the cold site, but requires additional time following the disaster to have the operation running at a capacity close to that prior to the disaster.

Hot Sites

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. Real time synchronization between the two sites may be used to completely mirror the data environment of the original site using wide area network links and specialized software. Following a disruption to the original site, the hot site exists so that the organization can relocate with minimal losses to normal operations. Ideally, a hot site will be up and running within a matter of hours or even less. Personnel may still have to be moved to the hot site so it is possible that the hot site may be operational from a data processing perspective before staff has relocated. The capacity of the hot site may or may not match the capacity of the original site depending on the organization's requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies and ecommerce providers

Warm Sites

A warm site is, quite logically, a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. Warm sites will have backups on hand, but they may not be complete and may be between several days and a week old. An example would be backup tapes sent to the warm site by courier.

Choosing

Choosing the type is mainly decided by an organisations cost vs. benefit strategy. Hot sites are traditionally more expensive than cold sites since much of the equipment the company needs has already been purchased and thus the operational costs are higher. However if the same organisation loses a substantial amount of revenue for each day they are inactive then it may be worth the cost. Another advantage of a hot site is that it can be used for operations prior to a disaster happening.

The advantages of a cold site are simple--cost. It requires much fewer resources to operate a cold site because no equipment has been bought prior to the disaster. The downside with a cold site is the potential cost that must be incurred in order to make the cold site effective. The costs of purchasing equipment on very short notice may be higher and the disaster may make the equipment difficult to obtain.

When contracting services from a commercial provider of backup site capability organisations should take note of contractual usage provision and invocation procedures, providers may sign up more than one organisation for a given site or facility, often depending on various service levels. This is a reasonable proposition as it is unlikely that all organisations using the service are likely to need it at the same time and it allows the provider to offer the service at an affordable cost. However, in a large scale incident that affects a wide area it is likely that these facilities will become over subscribed.

Gestión de riesgos

La Gestión de riesgos (traducción del inglés Risk management / Manejo de riesgos) es un enfoque estructurado para manejar la incertidumbre relativa a una amenaza, a través de una secuencia de actividades humanas que incluyen evaluación de riesgo, estrategias de desarrollo para manejarlo y mitigación del riesgo utilizando recursos gerenciales. Las estrategias incluyen transferir el riesgo a otra parte, evadir el riesgo, reducir los efectos negativos del riesgo y aceptar algunas o todas las consecuencias de un riesgo particular.

Algunas veces, el manejo de riesgos se centra en la contención de riesgo por causas físicas o legales (por ejemplo, desastres naturales o incendios, accidentes, muerte o demandas). Por otra parte, la gestión de riesgo financiero se enfoca en los riesgos que pueden ser manejados usando instrumentos financieros y comerciales.

El objetivo de la gestión de riesgos es reducir diferentes riesgos relativos a un ámbito preseleccionado a un nivel aceptado por la sociedad. Puede referirse a numerosos tipos de amenazas causadas por el medio ambiente, la tecnología, los seres humanos, las organizaciones y la política. Por otro lado, involucra todos los recursos disponibles por los seres humanos o, en particular, por una entidad de manejo de riesgos (persona, staff, organización).

Así, la administración de riesgo empresarial es un proceso realizado por el consejo directivo de una entidad, la administración y el personal de dicha entidad. Es aplicado en el establecimiento de estrategias de toda la empresa, diseñada para identificar eventos potenciales que puedan afectar a la entidad y administrar los riesgos para proporcionar una seguridad e integridad razonable referente al logro de objetivos.

La gestión de riesgos financieros ha cobrado una especial relevancia a nivel internacional, debido en parte a las crisis financieras de los años noventa. La gestión de riesgos financieros se ocupa de diversos tipos de riesgos financieros.

Strategies of a Disaster Recovery Plan

Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure. 

Contents

• 1 Introduction
• 2 Classification of Disasters
• 3 General steps to follow while creating BCP/DRP
• 4 Control measures in recovery plan
• 5 Strategies
• 6 See also
• 7 References
• 8 Further reading
• 9 External links

Strategies

Prior to selecting a disaster recovery strategy, a disaster recovery planner should refer to their organization's business continuity plan which should indicate the key metrics of recovery point objective (RPO) and recovery time objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.

Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions impractical.

The following is a list of the most common strategies for data protection.

• Backups made to tape and sent off-site at regular intervals (preferably daily)
• Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
• Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of storage area network (SAN) technology
• High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data

In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities.

In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster in the first place. 

These may include some of the following:

• Local mirrors of systems and/or data and use of disk protection technology such as RAID
• Surge protectors — to minimize the effect of power surges on delicate electronic equipment
• Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
• Fire preventions — alarms, fire extinguishers
• Anti-virus software and other security measures

See also

• Backup site
• Continuous data protection
• Remote backup service
• Secure virtual office
• Seven tiers of disaster recovery
• Virtual tape library
• Data recovery

Planificación de Continuidad del Negocio

Business Continuity Plan Writing Tutorial
Business continuity planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

In plain language, BCP is working out how to stay in business in the event of disaster. Incidents include local incidents like building fires, regional incidents like earthquakes, or national incidents like pandemic illnesses.

BCP may be a part of an organizational learning effort that helps reduce operational risk associated with lax information management controls. This process may be integrated with improving information security and corporate reputation risk management practices.

In December 2006, the British Standards Institution (BSI) released a new independent standard for BCP — BS 25999-1. Prior to the introduction of BS 25999, BCP professionals relied on BSI information security standard BS 7799, which only peripherally addressed BCP to improve an organization's information security compliance. BS 25999's applicability extends to organizations of all types, sizes, and missions whether governmental or private, profit or non-profit, large or small, or industry sector.

In 2007, the BSI published the second part, BS 25999-2 "Specification for Business Continuity Management", that specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS).

Contents

• 1 Introduction
• 2 Analysis
  
  
  
  • 2.1 Impact analysis (Business Impact Analysis, BIA)
  • 2.2 Threat analysis
  • 2.3 Definition of impact scenarios
  • 2.4 Recovery requirement documentation
• 3 Solution design
• 4 Implementation
• 5 Testing and organizational acceptance
• 6 Maintenance
  
  
  
  • 6.1 Information update and testing
  • 6.2 Testing and verification of technical solutions
  • 6.3 Testing and verification of organization recovery procedures
  • 6.4 Treatment of test failures
• 7 See also
• 8 References
  
  
  
  • 8.1 Notes
  • 8.2 Bibliography
• 9 Further reading
  
  
  
  • 9.1 International Organization for Standardization
  • 9.2 British Standards Institution
  • 9.3 Others
• 10 External links
  
  
  
  • 10.1 Standards organizations
  • 10.2 Competency certification ventures

A completed BCP cycle results in a formal printed manual available for reference before, during, and after disruptions. Its purpose is to reduce adverse stakeholder impacts determined by both the disruption's scope (who and what it affects to what extent) and duration (e.g., hours, days, months). Measurable business impact analysis (BIA) "zones" -- areas in which hazards and threats reside -- include civil, economic, natural, technical, secondary and subsequent.

For the purposes of this article, the term disaster will be used to represent natural disaster, human-made disaster, and disruptions.

Threat Analysis

After defining recovery requirements, documenting potential threats is recommended to detail a specific disaster’s unique recovery steps. Some common threats include the following:

• Disease [1]
• Earthquake [2]
• Fire
• Flood [3]
• Cyber attack
• Sabotage
• Hurricane [4]
• Utility outage [5]
• Terrorism [6]

All threats in the examples above share a common impact: the potential of damage to organizational infrastructure - except one (disease). The impact of diseases can be regarded as purely human, and may be alleviated with technical and business solutions. 

Testing and verification of technical solutions

As a part of ongoing maintenance, any specialized technical deployments must be checked for functionality. Some checks include:

• Virus definition distribution
• Application security and service patch distribution
• Hardware operability check
• Application operability check
• Data verification