Virtualization is changing both the business continuity and disaster recovery business and in many cases in a positive way. For instance with the entrance of Site Recovery Manager from VMware businesses can achieve what was once a very daunting task, backing up their critical data to an offsite or secondary location.

Taking into account that in the past it was necessary to purchase large amounts of hardware, not just for the main data center, but for the secondary fail-over site where the data is backed-up to.

This all added to increased costs of disaster recovery programs, and in many cases these solutions were out of reach for many companies due to the cost of additional electricity, hardware, and space.

With the help of server virtualization, and the added benefit of VMware’s Site Recovery Manager, many businesses are seeing an instant cost savings and ROI. They achieved this by utilizing virtualization to reduce the number of physical servers needed to run their business applications.

Almost instantly businesses found they had the hardware they needed to implement an offsite recovery system in a secondary location once they had reduced their need for as many physical servers.

The other added benefit to virtualization is the capability to test recovery plans, and recovery systems without affecting the production environment. In other words, no more costly down time for your systems while you are testing.

Here is a document on improving business continuity by utilizing VMware virtualization.

If you would like more information on business continuity or disaster recovery for your business please contact me here.

In San Francisco an IT administrator was arrested after locking the system to other administrators and refuses to give up the password.

The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code.

The system in question is a multi-million dollar computer system for San Francisco that handles sensitive data such as city payroll files, jail bookings, law enforcement documents, and official e-mail for San Francisco.

While the network is currently functioning, administrators have little to no access to the system.

There are those out there that would argue with me, (since we have before) but many would agree that this is a Computer Security and Business Continuity issue.

Computer Security 101, no one person should be able to access the system the way Terry Childs did and lock out other administrators to the degree that he has done.

I am not going to take a deep dive into computer security here now but I urge all IT security departments to review policies. Especially concerning the sharing of passwords, review permissions policies, and look at the scenario, can any one person in my IT department deny global access or lock up my system? Go here for more on Computer Security. Childs created a password that granted him exclusive access to the system.

Though no reason for the malicious insider attack to the system has yet been established it has been reported that mister Terry Childs was cited recently for poor performance.

Even though the system is up and running he could have just as easily brought down part of, if not the entire network and it is being estimated that the cost to repair the damage will be several million dollars.

In this day and age insider threat is very real, and your business continuity plan, and security policies should account for such possibilities of the rouge IT administrator.

For more on this story please see the sources below.

Source 1
Source 2