Homework answers / question archive / Business continuity plan to combat COVID19 pandemic from the network and system administration perspectives Based on the current COVID-19 situation, assuming you are in the roles of ICT department who are looking after the network and system administration of your organization/business

Business continuity plan to combat COVID19 pandemic from the network and system administration perspectives Based on the current COVID-19 situation, assuming you are in the roles of ICT department who are looking after the network and system administration of your organization/business

Writing

Share With

Business continuity plan to combat COVID19 pandemic from the network and system administration perspectives

Based on the current COVID-19 situation, assuming you are in the roles of ICT department who are looking after the network and system administration of your organization/business. Your team needs to design a business continuity plan for your company/organization to reduce as much as possible the COVID-19 negative effects on your business/organization.

Define environmental controls

Describe the components of redundancy planning

List disaster recovery procedures

Describe incident response procedures

Requirements:

User case: New Zealand based organization/business

Mini-research project with length of report 4000-5000 words with APA reference.
Other requirement: Formatting (1.5 spacing, 11 Times New Roman) and one extra page of outline (ie the content page, the structure/subsections of the report).

Marking Rubric (more detail in the attached file)
+ 40% for content (need to include at least Porter's value based analysis of organization structure/chart, users, their ICT needs for normal situation vs covid-19 pandemic based new needs)
+ 50% for COVID19 based BCP
+ 10% for writing style/communication/presentation

the assignment is about an user case: New Zealand based organization/business: an e-commerce company MightyApe
https://www.mightyape.co.nz/

MARKET PERSPECTIVE The Impact of COVID 19 on the New Zealand ICT Market Louise Francis Liam Landon Monica Collier Richard Xu Jefferson King Emily Lynch EXECUTIVE SNAPSHOT FIGURE 1 Executive Snapshot: Impact of COVID 19 in New Zealand Source: IDC, 2020 March 2020, IDC #AP45234120 Chayse Gorton NEW MARKET DEVELOPMENTS AND DYNAMICS Situation Overview On March 11, 2020, the World Health Organization (WHO) declared COVID-19 a pandemic. Barely two weeks later, The New Zealand Government declared a State of National Emergency on 25 March 2020. On March 26, New Zealand went to Level 4 lockdown. This came less than a week after the closure of New Zealand's borders to all non-resident travelers. The Government's action came sharply and swiftly. With only 48 hours-notice all but essential services businesses were faced with the daunting task of either going into hibernation, shifting their workforce to a work at home model or a combination of the two. This caught many businesses on the back-foot and almost overnight businesses had to redeploy entire workforces to a work at home environment with little time to prepare systems or services to accommodate the massive changes. However, technology is playing a big role in helping businesses operate, manage, and survive through one of the most economically devastating events New Zealand has experienced. Digital devices, cloud computing, collaboration tools and new workplace models adopted prior to the outbreak have enabled the speed of change to remote working and education in a way that would have not been possible five or so years ago. At the time of publishing, the short-term and long-term impacts of COVID-19 are still uncertain as the situation evolves. One thing is certain; the pandemic is forcing the local ICT industry to adapt and evolve at a pace that requires decisions to be made quickly and decisively. Table 1 provides a summary of IDC's evaluation of the impact on the New Zealand ICT market as at 1 April 2020. ©2020 IDC #AP45234120 2 Summary of Impact of COVID 19 on New Zealand's ICT Ecosystem Market COVID 19 Impact IDC Opinion Mobile Devices - Phones Highly Negative Negative impact on supply as regional manufacturing facilities close or operate at reduced capacity combined with reduced consumer demand. Tablets & Laptops Slightly Negative Negative impact on supply alongside with some reduction in demand due to brick and mortar lockdowns, but growth will return as schooling and office supplies are considered essential services and online deliveries are already available for delivery or business and personal devices. The Ministry of Education is also purchasing and supplying 17,000 laptops and chromebooks out to students for online learning in Q2. Peripherals (i.e. Monitors) Negative Negative impact on supply rather than demand as consumers working from home for extended periods invest in home office equipment. This spike in demand will be shortlived and demand will decline mid-late 2020. Applications Neutral Only be slightly impacted but demand for collaboration tools will see a substantial increase, boosting the applications market to neutral growth rates. Application Development & Deployment Negative Deployment and custom development of software will be most impacted large development projects are put on hold or cancelled. Projects will be targeted at business continuity. System Infrastructure Negative Will be impacted in the short term as onsite consultants/contractors are needed. Increased investment will occur around the integration of core existing enterprise software with collaboration platforms deployed under urgency. SaaS Positive Demand for cloud software, especially collaboration and resource management tools, has significantly increased due to the current inability to send in consultants for onpremise deployment. Hardware Software IT Services and Public Cloud Managed Services Negative Contracts coming up for renewal in 2020 will undergo scrutiny, simplification and testing for resiliency and customers under financial duress will undertake emergency reviews and exit clauses triggered will drive down spending. Project Oriented Highly Negative Will be impacted hard as non-essential projects are put on hold. Later in 2020 areas of growth will be consulting (enabling business continuity and crisis management), integration, cloud migration and network consulting related services. Support Services Negative Supply chain constraints will put pressure on the hardware deploy and support market but, this will be tempered by a shift towards online education and training. Cloud (Infrastructure as a Service) Positive Organisations will increasingly turn to IaaS to help ensure business continuity. Hardware constraints and remote working will help to promote IaaS investment. Enterprise Services Neutral Enterprise spend will be affected the least. Enterprises will still require connectivity and there will be opportunities collaboration and conferencing. Small Business Negative The most heavily impacted segment. Some SMBs will increase connectivity as they create an online presence and work from home, tempered by SMB closures. Telecommunications ©2020 IDC #AP45234120 3 Consumer Negative There will be increased demand for high quality fixed connection drive by home working, learning and entertainment. Downward pressure from big mobile roaming and handset revenue drops. Impact on the Telecommunications Market As essential services, telecommunications retailers and network providers can continue operations in lockdown. This ensures they can offer connectivity and communications services to New Zealanders. However, it may impact the ways in which some New Zealanders are able to connect. Some connection installs will be delayed in the short term unless it is a contactless installation. Fixed wireless will also increase in the short term due to its contactless install process. Other key areas IDC has identified as impacting the New Zealand market include; • Chorus notes a substantial increase in internet traffic. In lock down, people are working and completing classes from home. We are watching more streaming video and game-playing in lieu of going out. Chorus says it is ‘comfortably’ managing the demand for data. The larger broadband retailers have lifted data caps, enabling everyone to have unlimited broadband. The retailers won't disconnect households for non-payment for 6 months. This will mean deferral of some revenue collection. That’s better than churning a customer. Once lost, the customer has around 100 broadband providers to choose from, when ready to reconnect. • The potential impact on mobile networks is a little more worrisome. All three mobile network operators observed considerable congestion on their voice networks post lockdown announcements. IDC expects the mobile network operators won’t have a huge amount ‘headroom’ to manage fixed wireless broadband data traffic increases. Congestion could drive some users to an alternative technology. This would be a boon to Chorus and the LFCs. For mobile users, little impact is expected in the short term. In the mid-term, IDC expects small revenue impacts. Families with several prepay mobiles (e.g. kids) may defer top ups while kids aren’t at school or going out of the home on their own. These consumers will use OTT apps over Wi-Fi. Forecast Impacts COVID-19 has widespread implications for the outlook of the New Zealand telecommunications industry. • Uptake of telecommunications services is inherently tied to changes in the demographics in society. Population growth is a key driver of mobile connection growth, in what is a mostly saturated market. Most of New Zealand’s population growth is a result of positive net migration. With New Zealand’s border closed for the foreseeable future, population growth is expected to slow. This will have a negative impact on the growth of mobile connections. It will also reduce the growth in households, a key driver for broadband connectivity. Household growth will also slow due to reduced investment in construction and New Zealand’s nationwide lockdown. This will negatively impact growth in broadband connections. Additionally, the number of businesses in New Zealand will decline in the short term, as seen during the Global Financial Crisis (GFC) before returning to slow growth. This will reduce the number of business mobile and broadband connections in New Zealand • Mobile roaming (combined inbound and outbound) makes up approximately 4% of total postpaid mobile revenue in New Zealand. With New Zealand’s border closed and the ©2020 IDC #AP45234120 4 government expecting international travel to be curtailed for at least the next 12 months, IDC expects roaming revenue to decline to almost zero in the short to medium term. • The move from telcos in New Zealand to remove overage fees for customers will see a slight reduction in average revenue per user (ARPU) for customers on these plans. However, most households in New Zealand are on unlimited data plans so this impact is expected to be limited. On the other hand, household broadband needs will increase due to higher data throughput requirements from working and studying at home as well as online entertainment during the lockdown period. This will lead to a slight lift in ARPUs as households move to higher speed fibre plans, such as gigabit fibre. • Fixed wireless will see a boost in connections in the short term due to the ease of install and increased Spark Jump connections. However, some customers are likely to churn from fixed wireless to fibre once they can get it installed. This is because there will be some latent demand for high quality broadband connections. These households will want to secure a more reliable, uncapped broadband connection to meet requirements for working and studying from home. There will be less growth in standard fibre connections in the short term during alert level 4, as home installs are limited to those without any broadband connection or with an inadequate connection for home working. There will also be a hiatus in the government funded UFB build. However, there will be a short-term increase in ADSL and VDSL connections as Chorus & the LFCs offer free connectivity to households the Ministry of Education has identified as containing students with no connectivity . However, once the alert level reduces again the latent demand for fibre connectivity will be fulfilled. • Revenue from the sale of handsets, will decline. This will be due to a combination of supply constraints and reduced demand due to low consumer and business spending. This is a major source of revenue for the telcos and is a channel for customer acquisition. Purchasing a new phone can be a reconsideration point for a consumer’s mobile provider. This may result in a slight decline in customer churn. • Unified Communications & Collaboration services will see revenue growth. With the increase in people working from home, the use of collaboration tools has skyrocketed. Businesses that previously did not use video conferencing solutions will now adopt these services. Optimistic Scenario The New Zealand Government’s strategy to eliminate the virus is successful. After the four-week lockdown in New Zealand the domestic economy starts to return to a new domestic normal by late Q2. The economic recession is ‘V’ shaped, with a sharp downturn followed by a sharp recovery. International trade is still severely limited for the next 12-18 months, until a successful vaccine or treatment is developed, and New Zealand borders begin to reopen. The negative impact on telecommunications revenue is limited to 2020 and recovers by mid-2021. Probable Scenario The New Zealand Government’s strategy to eliminate the virus is successful, but it takes longer than the four-week lockdown, extending towards late Q3. Parts of New Zealand will remain in lockdown onand-off for some time until the Government determines the virus has been contained and the curve flattened. The economic recession is ‘U’ shaped, with a slightly longer downturn followed by a slower recovery. The domestic economy returns to relative normalcy in by the end of 2020, but international ©2020 IDC #AP45234120 5 trade is still severely limited for the next 12-18 months until a successful vaccine or treatment is developed. The reduction in telecommunications revenue extends through 2021, recovering from 2022 onwards. Pessimistic Scenario The New Zealand Government’s strategy to eliminate the virus is protracted or, in a worst-case scenario, is unsuccessful. New Zealand remains in lockdown for prolonged periods of time and the domestic economy does not return to normal until early to mid-2021. The economic recession is ‘L’ shaped, with a sharp decline followed by an elongated and slow recovery period. Along with international trade, the domestic economy may return to normal once a vaccine or treatment is developed and deployed in 1218 months. However, due to the extended downturn many businesses will have become unviable, unemployment is high, and the economy takes several years to recover. Telecommunications revenue is reduced severely for the medium-term beyond 2021. Opportunities and Challenges The largest opportunity and challenge will be the 5G network rollout progress. Progress could grind to a halt if field engineers become ill or if there are challenges managing COVID-19 health and safety aspects as normal work practices are curtailed. Supply chain issues for network infrastructure may be a challenge if offshore providers’ production is curtailed for extended periods, sparse supply channels slow delivery of equipment or limited supplies are diverted to larger more profitable markets. The demand for remote working, and potential for innovation in robotics, automated deliveries and contactless services, could drive demand for 5G use cases and connectivity. At the same time operators should be highly motivated to increase the pace of 5G rollouts. Their biggest opportunities lie in finding and monetising specific enterprise use cases with their launch customers. Impact of the IT Services and Public Cloud Market New Zealand organisations immediate reaction to COVID-19 has been to minimise the financial impact by rationalising services, reducing delivery of service costs and diverting spending to tools and services that facilitate the rapid changes required. While IDC is already forecasting IT services spending will follow other markets move into negative growth territory, many traditional IT services contracts are multi-year agreements. In a country dominated by SMBs it will be the smaller IT services providers that will be hurt the most especially those that run a low-cost contract-based structure and do not have strong partner ecosystems. Therefore, unless a customer's existing contracts are up for review and renewal in 2020, the impact could spread beyond 2021, dampening some, but not all, of the impact on IT service providers (ITSPs) and their partner ecosystem. With the extreme speed and impact of the lockdown, IDC also expects some businesses will seek urgent contract reviews to meet their new needs and, where businesses are facing severe financial consequences, exit strategies for all but essential services. ITSPs must be prepared to work with customers to ensure their IT services portfolio is still the right fit. They must help customers who are under financial stress. For example, by offering contract flexibility, 'pausing' the contract, or offering alternative payment terms and models. The lockdown and the period after the most stringent working restrictions are lifted, create working conditions that will make executing on existing contracts, particularly for on premise teams, ©2020 IDC #AP45234120 6 challenging for IT services providers. This will be particularly acute in the project-oriented market, and the support services market, where IDC is expecting the biggest declines in spending will occur, unless they are related to cloud migration, collaboration solution integration and network resiliency projects. The network performance issues will be assessed, and questions will be asked, about where the network begins and ends., Globally, IDC has already started to observe larger organisations affected by COVID-19 begin to delay scheduled spending on IT services. IDC is seeing this happen in New Zealand. For example, on March 30, the Ministry of Business, Innovation and Employment (MBIE) release a notice to its providers that agencies with active tenders would be reviewing existing plans and the likely impacts would be extension of time to respond to open tenders, reconsidering timing for approaching the market, and/or undertaking emergency procurements (Source: COVID-19 Notice to Suppliers, MBIE, 2020). Public Cloud: Infrastructure as a Service (IaaS) IDC expects the current COVID-19 situation to have an overall positive impact on the public cloud market as New Zealand organisations move quickly to ensure they can operate and deliver, from anywhere, at any time, while reducing business risk. IDC expects that local cloud services providers will be proactively working with customers seeking to urgently migrate services to the cloud as IT departments are curtailed or delivery from offshore providers is no longer tenable. In healthcare in particular, cloud solutions will play a key role in New Zealand providers in identifying virus transmission patterns, effectiveness of the Government's mitigation and lockdown directives and whether it is viable or premature to reduce alert levels. In the long-term IDC expects IaaS spending to increase, focusing first on the quickly reconfiguring and provisioning platforms for technologies required for a longer period of employees working remotely of the businesses, which is likely to continue into the forseeable future. Once these areas are addressed businesses will move their focus to business continuity, resilience and addressing the risk on on-prem infrastructure as their core platform. COVID-19 is also expected to create infrastructure supply chain constraints that will put pressure on organisations with plans to deploy its own infrastructure or private cloud models. Optimistic Scenario The COVID-19 outbreak is limited to 2020H1. During this period there is a reduction in spending on IT services, however, this reduction is constrained to 2020H1. Throughout this period, critical IT services contracts continue to be executed with minimal disruptions. Spending on public cloud services will accelerate strongly as businesses seek to reduce costs and deploy solutions quickly. While some may pause public cloud deployment, most will continue with deployment plans in 2020H1, further bolstered by a new wave of organisations rushing to adopt cloud services. Large scale projects will go into hibernation, but few will be completely abandoned, resulting in a return to spending growth in the second half of 2020 and early into 2021. Projects that were planned prior to the COVID-19 lockdown will undergo rigorous reviews. Many will be re-tendered or replaced with projects more relevant to the changed markets and opportunities for growth. Probable Scenario The COVID-19 outbreak lasts through to 2020H2 and into early 2021. There is a much deeper reduction in spending on IT services spending, particularly around project-based services and deployment services, in all but the most critical areas. As restrictions are relaxed businesses will ©2020 IDC #AP45234120 7 review their IT services portfolio and ecosystems, with the intention to rationalise and simplify IT environments for greater resiliency. Once the New Zealand lockdown is lifted and the country returns to the Level 2 restrictions businesses in a position to resume operations will cautiously return to public cloud deployment plans focusing on the core essential services and critical infrastructure. Projects that go ahead will be challenged by periodic disruptions associated with onsite execution and continuing restrictions on workforce conditions. IT services contract renewals will be deferred until early 2021, and many large-scale resource heavy projects leveraging external support may be postponed indefinitely. During this period, public cloud services continue to be adopted for specific functions. Pessimistic Scenario The COVID-19 outbreak continues into 2021, and most projects that were put on hold in 2020 are either cancelled or drastically downsized. New initiatives will also be put on hold as organisations redirect spending to internal rebuilds and employee retention programmes. IT services providers which are unable to recognise and adapt to their customers' rapidly changing needs will be faced with the decision of whether to downsize, form new partnerships or reduce their portfolio of offerings to focus on the most profitable service offerings. Those ITSPs without an offering in areas customers will focus, such as collaboration services/integration, cloud migration/brokerage and business continuity and risk management, will likely cease trading by the end of 2020. Opportunities and Challenges IDC believes that COVID-19 creates an opportunity for IT services providers to differentiate themselves on capabilities, resiliency, customer engagement, contract fulfilment and trustworthiness. IDC has identified the following key challenges for New Zealand's ITSP market; • ITSP resilience will come under scrutiny: Organisations that manage IT internally will be watching how IT services providers cope during the outbreak to determine whether to move to an IT service management (ITSM) model or retain services inhouse. Those providers that maintain customer engagement and business continuity throughout the pandemic will be the ones that survive, if not thrive after the pandemic restrictions are lifted. • New areas of growth will emerge: IT Services that will lead regrowth in the months after the pandemic has passed will be collaboration services, business continuity and crisis management consulting, cloud migration and network management services. Integration services will get a reboot as businesses seek to integrate technologies rapidly deployed prior to and during the lockdown. • Pandemic restrictions on offshore services and the insource / outsource model will become more polarised as customer experiences reshape views about the delivery risk: ITSPs workforce are not only curtailed by the New Zealand lockdown, but also by restrictions imposed in offshore markets where partners - such as call centres - fulfil local services. For example, lockdowns in India, Philippines and Malaysia will not only affect delivery during the lockdown, but customers will review the offshore resilience of their outsourcing partners, post crisis. Customers will also realise how leveraged the provider call centres are and this will create greater operational costs driving the potential for a focus on AI based solutions. • Traditional face to face IT education and training (ITE): Because of the New Zealand lockdown spending on these services will be the first area of IT services to feel the impact of COVID-19. However, this will be mitigated by the growth of online and digital training modules. ©2020 IDC #AP45234120 8 Employers may also use the lockdown period to help employees take on online training or development for redeployment into new roles when the lockdown ends or to help in personal skills development as part of employee's wellbeing. • Business continuity and crisis risk management: Early indications are that very few businesses have a business continuity plan in place that accounts for pandemics. In previous events where business continuity has been tested, there has been an upswing in investment around business continuity and risk management strategy development. ? Security services for remote working: The security issues that will emerge and face deeper interrogation over the next six months will be identity (resulting in an acceleration of investment in identity access management), home security and remote working solutions. The massive shift to working at home in a short space of time has exposed a number of security weaknesses for organisations that will need to be addressed urgently. Security solutions will be sought, even before the crisis has lifted, to overcome security issues related to mobility including mobile device management, collaborations tools and data, VPNs, and end-point encryption. There will also be an increased need for collaboration tools, requiring associated services, to minimise business disruption. • Delays and cancellations in the hardware deploy and support (HWDS) market. COVID-19 is causing hardware and infrastructure supply chain constraints and many customers will either delay deployments or even cancel projects, electing to move to cloud infrastructure and device as a service option. The New Zealand government publicly warned government agencies they are likely to face delays in acquiring new IT hardware. However, the government has also taken steps to minimise hardware deployment disruptions, such as, announcing that it will extend the IT hardware procurement contract which is due to expire in September. • Organisations which migrated to the cloud solutions quickly during the lockdown period will seek to strengthen cloud management and integration with core services. These customers will be seeking to engage with cloud service providers for a longer term more robust cloud strategy when business resumes to relatively normal conditions. Accelerated adoption of the cloud will put pressure on IaaS providers to ensure that they hold the capacity to deliver to the increased market demands. The service providers themselves will lean more towards global solutions such as IaaS and SaaS. Impact on the Software Market Despite the COVID-19 lockdown severely impacting New Zealand businesses, IDC expects the local software market to be quite resilient in part due to the country’s high maturity in the adoption of software as a service (SaaS) and a strong local independent software vendor (ISV) ecosystem. Software products, unlike hardware, are also often developed locally and many do not have a logistical component in delivery, which should soften the impact of COVID-19. IDC expects the small to medium business (SMB) segment to be negatively impacted to a greater degree than the enterprise segment. SMBs generally have less resources at their disposal and may need to rearrange their spending to support employees so they may still carry out business as usual from home. The New Zealand Government business/wage subsidy packages may help alleviate some of these difficulties, but the benefit provided will diminish if the crisis extends beyond 2020. On the other hand, the enterprise segment will likely be more resilient than SMBs. Large enterprise organisations are often further through their digital transformation (DX) journeys and as a result will be ©2020 IDC #AP45234120 9 better equipped to handle the varying working environments of employees, partners and clients alike. Companies in this segment will also have stronger collaboration and communication tools along with better support to working from home such as remote networks and VPNs. This said, IDC expects larger entities to be more conservative in their business strategies which would decrease purchasing sentiments amongst enterprises. To minimise risks, many New Zealand companies have reduced spending to core and system critical areas, focusing on trying to maintain usual business practices. This will negatively impact some parts of the software market more than others. For example, spending on pilots for transformative technologies which are resource heavy to implement, will be deferred, but probably not cancelled. Those contracts and projects that are deferred there will be an acceleration to get to the business outcomes associated with the issues which arose during the crisis or anticipated in the recovery phase. On the other hand, IDC expects investment in collaboration and productivity software, customer engagement and network management software tools. These will be at the centre of growth opportunities for software vendors and partners as businesses adapt to employees, partners and clients all working from home. Applications are the easiest category of software to deploy; this category includes collaboration and communication tools. This category of software is expected to perform at an unchanged level throughout the lockdown period as companies increase their adoption rates of collaboration and support software. Application Development and Deployment and Systems Infrastructure Software markets are expected to decline as deployment of software in these markets often require expert knowledge on the ground at the time of deployment or hardware support, neither of which is possible during the lockdown. Software in these categories are also often deployed to improve business practices for DX purposes. This is something that has taken a backseat in favour of software/solutions which better support business-as-usual during times where employees are working remotely. Public Cloud: Software as a Service (SaaS) The SaaS market will experience strong growth as organisations act under urgency to enable application access for remote workers . Collaborative SaaS solutions were already experiencing rapid increases in adoption, prior to the COVID-19 pandemic. IDC expects this growth will accelerate into 2021. Industry specific or short-term solutions will also be a big driver behind the growth of SaaS. Optimistic Scenario The COVID-19 outbreak is limited to 2020H1, and the market begins to recover over 2020H2. During the outbreak period, there is a significant increase in adoption of quick to implement software products addressing urgent areas such as collaboration tools to support remote workers and enabling quick deployment of telehealth. There will also be investment in analytics as part of the COVID-19 response and mobile apps for quick access to information. In this scenario the market fully recovers by 2020Q3 and returns to a sufficiently stable, business as usual capacity, with a resumption of many of the deferred software deployments by the end of 2020. Probable Scenario The COVID-19 outbreak continues through to late 2020H2, and the market only begins to recover over 2021H1. During the outbreak period, the market remains stable as despite an increase in adoption of collaboration tools in order to support employees working from home and mobile apps for consumers. ©2020 IDC #AP45234120 10 Deployment of analytics solutions will continue in pockets as the healthcare sector and government ramps up analysis of data to curtail the spread of the virus, such as the custom development of contact tracking solutions and analytics. However, most of the software market will experience a decline as organisations employ conservative business strategies during the lockdown period. The market fully recovers by mid-2021 and starts the journey back to business as usual. Pessimistic Scenario The COVID-19 outbreak continues well into 2021 with the possibility of a second wave of infections, and the market only begins to recover late 2021/early 2022. During the outbreak period, the market initially remains stable, despite an increase in adoption of collaboration tools in order to support employees working from home. But it begins to decline significantly as those solutions reach saturation and businesses in shutdown are unable to resource more sophisticated and permanent solutions. The rest of the market begins to decline at an increased rate as organisations employ conservative business strategies during the lockdown period, which eventually leads to substantial job losses, more business closures (particularly amongst SMBs) and a protracted L shaped recession. The market is severely affected and only begins its return to usual from 2022. Opportunities and Challenges The COVID-19 outbreak acts as a strong disruptor to the New Zealand software market. Software vendors with collaboration, communication and resource management tools can vastly increase their customer-base in the market, of which most are expected to remain contracted as clients well past the lockdown and outbreak. The more interactive and innovative the solution, the more popular it will be with clients that wish to simulate its office working environment as much as possible using strong communication and resource management software. This provides the opportunity for smaller vendors with transformative solutions to shine in a top-heavy market. As remote working becomes the norm and businesses ramp up workspace transformation, SaaS solutions will increase in popularity, with end-users who are digitally mature leading the way for those which still rely on traditional on-premise licensing models of software deployment. As a result, endusers good at adapting to change, likely further along in their DX journey with a culture of common remote working already in place, will thrive in this environment relative to their peers. If vendors position themselves correctly during this time, the software market and overall digital maturity across the New Zealand business landscape should both experience significant growth. On the other hand, if the outbreak continues to extend, budgets will be curtailed and upgraded deferred for a much longer period. Although IDC expects only minor negative impact to the software market in the short term, businesses will already be devising long term strategies to deal with the possibility of an extended lockdown and recessionary period. IDC expects there will be a lack of willingness for companies to grow digitally, shifting software and services spend into business maintenance, shutting down all but vital spending activity. Therefore, any of the opportunities for the New Zealand software market over the next 6-12 months will revolve around mitigation and solving of immediate business, government and healthcare sector challenges associated with the COVID 19 pandemic. For example; • Collaboration applications will experience massive growth: It will not only be about video conferencing applications. Telehealth applications will also see substantial investment as remote consultations become the norm and temporary stop gap solutions quickly implemented ©2020 IDC #AP45234120 11 prior to and during the lockdown, are upgraded to more robust integrated solutions. Zoom is one solution that is being used by health providers which is supported by Telehealth Leadership Group (TLG) as an interim solution. • Big Data and analytics around people movements using mobile devices: Big data and analytics, often combined with other technology such as internet of things (IoT), artificial intelligence (AI) and mobile network traffic data, is becoming a big area of focus, particularly for government agencies and healthcare providers. For example, the Ministry of Health and the University of Otago released a report in March, Supporting the COVID-19 pandemic response: Surveillance and Outbreak Analytics, emphasised the important role of analytics in New Zealand's COVID-19 response planning. There is also growing demand for contact tracing solutions which will incorporate analytics around the use of mobile device data, instead of relying on patients recall of movements prior to and after transmission. • Explosion of COVID-19 related mobile applications: As New Zealand went into COVID-19 lockdown, a number of local specific mobile apps have come online. These include a virtual queue app which Foodstuffs is trialing a text-to-queue service at New World Kumeu and Pak'nSave Royal Oak, an app from Auckland Transport that shows when approaching public transport is effectively full based on coronavirus distancing rules, and Hawke's Bay ISV Webfox's app to help with contact tracing, the 'Covid-19 Register'. • Local recovery through economic and business support of local ISVs: As the New Zealand government seeks to rebuild the economy, one of the areas that will be targeted are local tech companies and their role in the 'new' digital economy. Already New Zealand ISVs are developing tools for use in the fight against COVID-19 such as a tool developed by 1000minds which is being used for clinician decision-making, and trialing in Italian hospitals, with plans to roll out in New Zealand next across intensive-care units. • IDC expects PaaS solutions to be utilised as a tool that can help organisations increase their speed to recovery. PaaS provides a way for organisations to increase their speed to market for new applications as the infrastructure layer and management is abstracted, and pre-built application components, e.g. code libraries, are accessible. PaaS also streamlines the associated application management once it is up and running. This means that an organisations application strategy, whatever this looks like post COVID-19, can be pursued with less internal resources. This will be attractive for businesses who cut staff resources due to COVID-19 and will contribute to the PaaS market continuing to grow throughout the COVID-19 outbreak. Impact on the Devices and Hardware Markets IDC estimates that, according to the IDC Worldwide Quarterly Personal Computing Device Tracker, overall personal computing device shipments will decline in 2020. The lead times on physical product have already doubled. These imply a greater focus on shipping rather than air freight which could potentially be tied to CSR / environmental messaging. The Impacts of COVID-19 are expected to dampen growth in New Zealand. As a smaller economy dependent on SMBs, exports and tourism, the economic damage of the current pandemic is predicted to strongly affect demand for devices. This coupled with supply disruptions, component shortages, factory shutdowns, and New Zealand likely not being a supply chain priority, means that New Zealand's devices market is expected to be negatively impacted by the effects of COVID-19. Additionally, vendor activity with unveiling of new ©2020 IDC #AP45234120 12 models and planned product launches later in the year will be disrupted in the medium- and even the longer-term. Other key trends include: • Home office set-ups created a short-term spike in sales: Prior to the lockdown, many retail stores saw flurries of purchasing of monitors, PCs, and tablets in preparation for forced work at home scenarios for businesses and students. This may well continue when the lockdown ends if businesses are still recommending people work from home, or if there are expectations of a second wave of COVID-19 cases. This may cause boosts through the online retail and e-tail channels with people wanting to avoid going into brick and mortar stores. • Online sales of essential technology eases sales pressures: As of 31st March, the New Zealand Government announced the option for non-essential businesses and consumers to order 'essential' tech online, such as laptops and tablet devices for remote learning and working. These are available from key retailers including Noel Leeming, The Warehouse, and PB Tech. Outside of devices necessary for work/study at home scenarios, economic uncertainty and low consumer and business sentiment will likely limit spending. • Online education initiative launched in April: Ahead of the announcement of the nationwide lockdown, the New Zealand government worked with schools to source devices for low-decile areas in anticipation of widespread school closures. As well as working with the telco industry for the provision of home internet for families without connectivity, the government is also prioritising laptop and tablet deliveries for students not able to access devices at home. In some cases, students can borrow devices belonging to their school for the duration of the shutdown. The Ministry of Education announced April 8 that it will supply 17,000 laptops and chromebooks for students without e-learning devices. This will likely drive up education buying in the short term, as schools tap into government funding to expand their fleets of devices to cope with new levels of demand for at-home learning. Optimistic Scenario COVID-19 will cause short-term damage to shipments and purchases of devices. However, the virus and economic damage will be quickly contained, and consumer markets will recover by late 2020. Commercial markets will be slightly slower to recover as some small businesses struggle to stay afloat. Boosts provided by remote working purchasing will offset declines leading to minor declines in shipments. Some shortages occur through 2020, but disruptions to Asia Pacific (APAC) supply chains and manufacturing are quickly resolved as key distribution countries such as China and Hong Kong manage their outbreaks and recover quickly. Probable Scenario A global economic recession will extend to consumer markets into mid-2021. Commercial markets will sustain more significant damage, with recovery delayed into 2022. New Zealand’s economy, which is heavily SMB, exports, and tourism driven means local impacts will lag recovery of global markets. Production is impacted across Asia Pacific, with manufacturing hubs across numerous countries key to component manufacture being impacted. Many units destined for New Zealand are shipped through China and Hong Kong. While these countries are being to recover from earlier COVID-19 outbreaks, other links in the supply chain (such as India, key in component manufacturing and some shipping) will created a protracted supply challenge for New Zealand customers. Reduced freight frequency between New Zealand and supply chain partners will also negatively affect supply. This will cause supply chain disruption in New Zealand throughout 2020 and well into 2021. ©2020 IDC #AP45234120 13 Pessimistic Scenario COVID-19 will severely damage the global and local economy, causing a sustained global recession as recurring outbreaks result in intermittent and unpredictable lockdowns and manufacturing closures. Unemployment and business uncertainty will rise and many companies, particularly in the SMB sector will close permanently, unable to sustain the stress of multiple market closures. Damage to device shipments and demand will extend until 2023/2024 when commercial markets finally begin the road to recovery. New Zealand business spending will not be able to bounce back to pre-COVID-19 levels until the economy stabilises and business/investor confidence returns to normal. Consumer markets will be faster to recover, returning to normal levels by 2023. Hardware shortages will occur due to prolonged impacts to worldwide supply and production. As a smaller market, New Zealand is unlikely to be a supply chain priority, causing further issues on the supply side as supply chains break down. Opportunities and Challenges Opportunities for the tablet, PC, and monitor markets lie in the boost in devices required for working remotely. • • • • Remote working forced many workers and students to purchase monitors and laptops in order to maintain productivity at home. Tablet devices such as Microsoft's Surface Pro range are alternatives for companies unable to deploy laptops and have long been popular as cost-effective devices for education. However, the challenge remains sourcing devices now that lockdown has commenced, and with supply chain disruptions to markets across APAC. Lower consumer and business spending contributing to heavily reduced demand will be the main challenge for the smartphone market, particularly in high-end devices. Consumers and businesses will be looking to hang on to what disposable income they have at this time – both will be reluctant to invest in a new device and will rather want to extend their refresh cycles as long as possible. This reduction in spending extends to New Zealand's 5G-enabled devices. Supply constraints on devices being shipped into New Zealand and low demand for expensive new phone purchases will present a wider challenge to New Zealand's 5G roll-out. Opportunity for devices with specifications modified to optimise gaming experiences. Although more expensive, gaming-branded or -specified devices may see greater popularity as those in lockdown or self-isolation spend more time on gaming. AR/VR-based entertainment is also a likely area of growth, as movement, large scale events and travel is restricted for sustained periods of time. New hardware and innovations will emerge from this crisis, as economies adjust to new ways of working. Contactless payment and delivery technologies will naturally see significant growth and investment. Devices that support facial recognition/gesture controls over thumbprint/physical controls are predicted to take off, as the trend towards 'contactless' technology is promoted due to virus transmission concerns. In terms of services specific to devices, IDC also expects to see the development of enterprise mobility and device management markets. This comes as fleets of devices are deployed to teams, and entire businesses, working remotely. ADVICE FOR THE TECHNOLOGY SUPPLIER • Empathy and support for your customers must be your top priority: This is not the time to be tone deaf and be seen as profiteering from COVID-19. COVID-19 is first a human issue, and the services industry will be judged in part on how it protects people: its employees, its clients’ employees, and the communities they live in. ©2020 IDC #AP45234120 14 • Take a community collaboration approach: A successful reboot of New Zealand's economy and getting businesses back on their feet quickly will rely on the local ICT ecosystem coming together with industry and public sector organisations to solve the big problems and remove roadblocks to recovery. Recognise that innovation opportunities are everywhere, and competition is often relative to a specific economic climate. Businesses must adapt their approach to competition, understanding there is a time to compete and there is a time to collaborate. • Develop ecosystem focused engagement models: The opportunity in the recovery phase will need to be ecosystem focused in terms engagement models and there will be new ways of looking at customer value (and risk) and prioritisation. Digital will accelerate and the board functions must change to be more responsive and dynamic in terms of capabilities. • Risk mitigation should be a top priority for every business: Ensure that your customers' have the tools and capabilities to allow their business to flex dependent on market conditions and fluctuations. Many business's risk management and contingency planning only covers short term disruption – COVID 19 has already proven that this is woefully inadequate - it must span quarters as opposed to a month-long event. • Look forward, not backwards: Your customers' priorities at the start of March 2020 will have vastly changed by the start of April. The future of work, team collaboration solutions, cloud migration, virtual customer engagement and post crisis integration must be incorporated into your growth strategy. • Help your customers identify where their priorities should be focused to get them back on their feet as quickly as possible. Where should they be redirecting spending to ensure business continuity over the coming months? • Don't complicate things for customers. Now is not the time for complex, expensive or long run activity. Getting your customers back on their feet quickly and providing them with the tools to rebuild should be first on the list of things to do. • Bolster your hybrid cloud migration capabilities or partner if this is not an area of expertise: Businesses who had not moved to public cloud prior to the COVID-19 lockdown, will likely be taking steps towards moving at least some workloads to cloud platforms to ensure business continuity and resiliency is maintained in future business crises. LEARN MORE Related Research ? The Impact of COVID-19 on the Australia and New Zealand Cloud Markets (forthcoming) ? Impact of COVID-19 on A/NZ Telecoms: Operators Act to Curtail Churn and Control Costs , IDC #AP46190020, April 2020. ? COVID-19 Will Forever Change Our Ways of Working, IDC # AP45981020, April 2020 ? Leading by Example: What Services Companies Should Do in the COVID-19 Crisis, IDC # US46164220, March 2020 ©2020 IDC #AP45234120 15 Synopsis This IDC Market Perspective takes a look at the impact of New Zealand's response to the COVID 19 crisis and the possible outcomes for the ICT market over the next year and beyond. While the is still a lot of uncertainty, indications of spending trends are already emerging as technology plays a role in the reaction to and economic recovery "Digital devices, cloud computing, collaboration tools and new workplace models adopted prior to the outbreak have enabled the speed of change to remote working and education in a way that would have not been possible five or so years ago", says IDC New Zealand Country Manager and Research Director, Louise Francis. "One thing that is certain, is that the pandemic it is forcing the local ICT industry to adapt and evolve at a pace that requires decisions to be made quickly and decisively." ©2020 IDC #AP45234120 16 About IDC International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make factbased decisions on technology purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. IDC New Zealand Level 11, 203 Queen Street Auckland, New Zealand 649.377.0370 Twitter: @IDC idc-community.com www.idc.com Copyright Notice This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit www.idc.com to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or web rights. Copyright 2020 IDC. Reproduction is forbidden unless authorized. All rights reserved. 13 chapter Business Continuity After completing this chapter you should be able to do the following: • Define environmental controls • Describe the components of redundancy planning • List disaster recovery procedures • Describe incident response procedures 439 440 Chapter 13 Business Continuity Today’s Attacks and Defenses The 2005 hurricane season was unparalleled, with storms occurring at more than twice the frequency and the severity of a typical season. During an average hurricane season, 10 storms are strong enough to earn names, yet in 2005 there were 27 named storms. Thirteen of these storms were classified as hurricanes. Three hurricanes reached the most devastating Category 5 status with wind speeds exceeding 155 MPH. Of all the 2005 storms, the most destructive was Hurricane Katrina, which lashed 75,000 square miles of the Gulf Coast of the U.S. on August 29, inflicting severe damage and loss of life through the Florida panhandle, Mississippi, Georgia, and Alabama. Over 1800 individuals lost their lives, and the economic impact exceeded 2 $00 billion. Over 3,000,000 homes and businesses were without phone service and power, over 1,000 wireless towers and 11,000 utility poles were knocked down, 2.8 million gallons of oil spilled, and 25 hospitals were closed. Over half a million individuals were forced to flee their homes, and it took more than 40,000 military personnel to assist in the recovery efforts. Hurricane Katrina also inflicted staggering losses to businesses that were forced to deal with damaged facilities and displaced employees. The businesses hit hardest included banks, insurance companies, health care organizations, oil and chemical companies, manufacturers, and government agencies. Katrina revealed that few organizations had disaster recovery plans in place, and even those that did were not prepared for the unprecedented challenges the storm presented. These challenges included total telephone and cell phone outages that made it impossible to locate missing personnel, no access to reliable transportation, a lack of electrical power or fuel for backup electricity generators, and even mail service interrupted for months. Several important disaster recovery lessons were learned from Hurricane Katrina. First, although disaster recovery often focuses on restoring technology, employees also play a critical role. During Katrina, a large number of employees were forced to leave the area, and many who remained could not reach their places of employment. Employees were more focused on the safety of themselves and their families than on helping their employer recover from the storm. It is recommended that a comprehensive disaster recovery plan should identify backup personnel. The plan should provide for the safety, transportation, and lodging of employees and their families. First aid and travel kits should be available, cash accounts with linked debit cards should be established, and travel and lodging agreements should be put into place with vendors near recovery locations. Another important lesson is to plan for travel obstacles. During and after Hurricane Katrina, travel became virtually impossible. Rental cars were unavailable, highways were closed, and gasoline ran out. It is recommended that all possible transportation scenarios be considered. Key team members, along with their families, should be deployed to Environmental Controls 441 remote recovery locations at the first sign of trouble. Employees need to be informed of evacuation routes and how to follow them safely. Also, alternate routes to recovery locations should be mapped in advance, contracts drawn up with area fuel vendors, and in some instances an extra supply of gas may need to be available onsite. Also, Katrina revealed that communication is vital to disaster recovery. Many businesses did not have a backup communication plan when telephones and cell phones were rendered useless. A strong disaster recovery plan should include an effective crisis and communication plan that is put into place far in advance of a disaster. Agencies such as fire and police departments and the Red Cross should be on a list of contacts along with important vendors, and the information should be reviewed several times a year to ensure that the contact information is accurate. Also, alternative communications such as extra cell phones and batteries, satellite phones, wireless cards for laptops, VPN, text messaging, and backup corporate e-mail addresses are important. Although Hurricane Katrina was a devastating natural disaster, the lessons that can be learned from it can help lessen the impact of future disasters. Business continuity can be defined as the ability of an organization to maintain its operations and services in the face of a disruptive event. This event could be as basic as an electrical outage or as catastrophic as a Category 5 hurricane. Although business continuity is a critical element for all organizations, it remains sadly lacking. Many organizations are either unprepared or have not tested their plans. Only 37 percent of treasury and finance professionals reported that their organization is well prepared to handle an event similar to Hurricane Katrina. Despite the fact that almost half of the respondents to a survey said their operations were impacted by Hurricane Katrina, only 24 percent said their business or organization had recently tested business continuity plans. And 50 percent had no plans to do so in the near future. In this chapter, you learn about the critical importance of business continuity. You first learn how to prevent disruptions through protecting resources with environmental controls. Then, you study redundancy planning and disaster recovery procedures. Finally, you see how incident response procedures are used when an unauthorized event such as a security breach occurs. Environmental Controls “An ounce of prevention is worth a pound of cure” is an old saying that emphasizes taking steps to avoid disruptions rather than trying to recover from them. Preventing disruptions or even attacks through environmental controls involves using fire suppression, proper shielding, and configuring HVAC systems. Fire Suppression Damage inflicted as a result of a fire continues to remain high. In the U.S., a victim dies every three hours and someone is injured every 37 minutes as a result of a fire. Most victims of fires die from smoke or toxic gases and not from burns. Businesses are not immune to the dangers associated with fires. Approximately 43 percent of businesses that had a fire never reopened, and 29 percent of those that did failed within three years. Fire suppression is an important concern for the safety of employees and business continuity. 13 442 Chapter 13 Business Continuity In order for a fire to occur, four entities must be present at the same time: • A type of fuel or combustible material • Sufficient oxygen to sustain the combustion • Enough heat to raise the material to its ignition temperature • A chemical reaction that is the fire itself The first three factors form a fire triangle, which is illustrated in Figure 13-1. To extinguish a fire, any one of these elements must be removed. Oxygen O2 Heat Chemical reaction OI L Fuel Figure 13-1 Fire triangle It is important to use the correct fire suppression system, not only to extinguish the fire but also minimize any residual damage. Using the incorrect system to suppress a fire can result in significant loss. Table 13-1 lists some incidents when the wrong system was used. Location Incident Comments Portland, OR art gallery Three automatic water sprinklers quickly extinguished a fire set by arson yet also soaked irreplaceable works of art and antique furniture. Total damage was estimated at $ 200,000, yet damaged artwork from the sprinklers accounted for $ 190,000 of that loss. Toronto piano builder A water sprinkler pipe burst. Many unique pianos were drenched and completely destroyed because a small amount of contact with water or excessive humidity can harm a piano; damages to the building and pianos were estimated at up to $ 1 million. Supercomputer in Maryland Firefighters sprayed a burning computer with dry chemicals that corroded its insides and destroyed the 4 $5 million computer. Table 13-1 Using incorrect fire suppression systems The National Weather Service was forced to use two backup computers with only 40 percent of the capacity, limiting hurricane predictions for two months. Environmental Controls 443 Fires are divided into five categories. Table 13-2 lists the types of fires, their typical fuel source, how they can be extinguished, and the types of handheld fire extinguishers that should be used. Combustible Materials Methods to Extinguish Type of Fire Extinguisher Needed Class of Fire Type of Fire Class A Common combustibles Wood, paper, textiles, and other ordinary combustibles Water, water-based chemical, foam, or multipurpose dry chemical Class A or Class ABC extinguisher Class B Combustible liquids Flammable liquids, oils, solvents, paint, and grease, for example Foam, dry chemical, or carbon dioxide to put out the fire by smothering it or cutting off the oxygen Class BC or Class ABC extinguisher Class C Electrical Live or energized electric wires or equipment Foam, dry chemical, or carbon dioxide to put out the fire by smothering it or cutting off the oxygen Class BC or Class ABC extinguisher Class D Combustible metals Magnesium, titanium, and potassium, for example Dry powder or other special sodium extinguishing agents Class D extinguisher Class K Cooking oils Vegetable oils, animal oils, or fats in cooking appliances Special extinguisher converts oils to noncombustible soaps Wet chemical extinguisher Table 13-2 Fire types 13 Class K fires are actually a subset of Class B. In Europe and Australia, Class K is known as Class F. In a server closet or room that contains computer equipment, using a handheld fire extinguisher is not recommended because the chemical contents can contaminate electrical equipment. Instead, stationary fire suppression systems should be integrated into the building’s infrastructure and release the suppressant in the room. These systems can be classified as water sprinkler systems that spray the area with pressurized water, dry chemical systems that disperse a fine, dry powder over the fire, and clean agent systems that do not harm people, documents, or electrical equipment in the room. Table 13-3 lists the types of stationary fire suppression systems. 444 Chapter 13 Business Continuity Category Name Description Comments Water sprinkler system Wet pipe Water under pressure used in pipes in the ceiling Used in buildings with no risk of freezing Alternate Pipes filled with water or compressed air Can be used when environmental conditions dictate Dry pipe Pipes filled with pressurized water and water is held by control valve Used when water stored in pipes overhead is a risk Pre-action Like dry pipe but water is released into pipes when fire is sensed Used when water stored in pipes overhead is a risk Dry chemical system Dry chemicals Dry powder is sprayed onto the fire, inhibiting the chain reaction that causes combustion and putting the fire out Used frequently in industrial settings and in some kitchens Clean agent system Low pressure carbon dioxide (CO2) systems Chilled, liquid CO2 is stored and becomes a vapor when used that displaces oxygen to suppress the fire Used in areas of high voltage and electronic areas High pressure carbon dioxide (CO2) systems Like the low pressure CO2 systems, but used for small and localized applications Used in areas of high voltage and electronic areas FM 200 systems (Heptafluoropropane) Absorbs the heat energy from the surface of the burning material, which lowers its temperature below the ignition point and extinguishes the fire One of the least toxic vapor extinguishing agents currently used;can be used in computer rooms, vaults, phone buildings, mechanical rooms, museums, and other areas where people may be present Inergen systems A mix of nitrogen, argon, and carbon dioxide Used to suppress fires in sensitive areas such as telecommunications rooms, control rooms, and kitchens FE-13 systems Developed initially as a chemical refrigerant, FE-13 works like FM 200 systems Safer and more desirable if the area being protected has people in it Table 13-3 Stationary fire suppression systems Stationary fire suppression systems that used Halon gas were once very popular. However, Halon is dangerous to humans, can break down into other toxic chemicals, and harms the ozone layer. Halon production was banned in 1994. Environmental Controls 445 Electromagnetic Shielding Computer systems, cathode ray tube monitors, printers, and similar devices all emit electromagnetic fields that are produced by signals or the movement of data. Attackers could use sophisticated tools to pick up these electromagnetic fields and read the data that is producing them. Sometimes called Van Eck phreaking, it is a form of eavesdropping in which special equipment is used to pick up telecommunication signals or data within a computer device by monitoring the electromagnetic fields. It is not uncommon for electromagnetic fields to “leak” out from wired network cables, despite the fact that insulation and shielding that covers a copper cable are intended to prevent this. Two types of defenses are commonly referenced for shielding an electromagnetic field. One technology is a Faraday cage. A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field. A Faraday cage consists of a grounded finemesh copper screening as shown in Figure 13-2. Faraday cages are often used for testing in electronic labs. 13 Figure 13-2 Faraday cage In addition, the U.S. government has developed a classified standard intended to prevent attackers from picking up electromagnetic fields from government buildings. Known as Telecommunications Electronics Material Protected from Emanating Spurious Transmissions or TEMPEST, the exact details are a secret. What is known is that TEMPEST technologies are intended to “reduce the conducted and radiated emissions from within the sensitive environment to an undetectable level outside the shielded enclosure in uncontrolled areas.” TEMPEST uses special protective coatings on network cables and additional shielding in buildings. 446 Chapter 13 Business Continuity Not everyone is convinced that signals seeping out from a monitor or network cable can be captured and used. Some scientists claim that although viewing the contents of a computer screen from a distance is theoretically possible, it is very difficult to do, extremely costly, and impractical. A would-be spy must either be very close to the monitor with the right equipment or have a very sensitive and large antenna with favorable weather conditions. One magazine calculated that an antenna that could pick up signals from a computer monitor inside the White House would need to be 45 feet tall, 30 feet wide, extend into the air 30 feet, and be mounted on top of a truck parked on Pennsylvania Avenue. HVAC Data centers, or rooms that house computer systems and network equipment, typically have special cooling requirements. First, additional cooling is necessary due to the number of systems generating heat in a confined area. Second, data centers need more precise cooling. Electronic equipment radiates a drier heat than the human body, so the cooling requires different settings than in an office area. The control and maintenance of heating, ventilation, and air conditioning (HVAC) systems that provide and regulate heating and cooling is important for data centers. Temperatures and relative humidity (RH) levels that are too low or high, or that change abruptly, may result in unreliable components or even system failures. Controlling environmental factors can also reduce electrostatic discharge (ESD), the sudden flow of electric current between two objects, which can destroy electronic equipment. Another consideration regarding HVAC is the location of computer equipment outside of the data center. In buildings that have a false ceiling (also called a drop or suspended ceiling), there is a temptation to simply remove a ceiling tile, place equipment like a wireless access point (AP) in the space above the ceiling, and then replace the tile. However, this should not be done unless a special enclosure surrounds the AP and its antennas. The air-handling space above drop ceilings (and sometimes even between the walls and under structural floors) is used to circulate and otherwise handle air in a building. These spaces are called plenums. Placing an access point in a plenum can be a hazard. This is because if an electrical short in the access point were to cause a fire, it would generate smoke in the plenum that would be quickly circulated throughout the building. If it is required to place an AP in a plenum, it is important to put it within a plenum-rated enclosure to meet fire safety code requirements. Redundancy Planning One of the primary ways to ensure business continuity is to use redundancy planning, which involves building excess capacity in order to protect against failures. Redundancy planning can involve redundancy for servers, storage, networks, power, and even sites. Servers Because servers play such a key role in a network infrastructure, a crash of a single server that supports a critical application can have a significant impact. This single point of failure, where the loss of one entity would adversely affect the organization, has resulted in some organizations stockpiling spare parts to replace one that has failed (such as a server’s power supply) Redundancy Planning 447 or entire redundant servers as standbys. However, the time it takes to install a new part or add a new server to the network and then load software and backup data may be more than the organization can tolerate. A more common approach is for the organization to design the network infrastructure so that multiple servers are incorporated into the network yet appear to users and applications as a single computing resource. One way to do this is by using a server cluster. A server cluster is the combination of two or more servers that are interconnected to appear as one, as shown in Figure 13-3. Application Server 1 Server 2 Figure 13-3 Server cluster There are two types of server clusters. In an asymmetric server cluster, a standby server exists only to take over for another server in the event of its failure. The standby server performs no useful work other than to be ready in the event that it is needed. Asymmetric server clusters are used to provide high-availability applications that require a high level of read and write actions, such as databases, messaging systems, and file and print services. In a symmetric server cluster, every server in the cluster performs useful work. If one server fails, the remaining servers continue to perform their normal work as well as that of the failed server. Symmetric clusters are more cost-effective because they take advantage of all of the servers and none sit idle; however, if the servers are not powerful enough in the event of a failure, the additional load on the remaining servers could tax them or even cause them to fail. Symmetric server clusters are typically used in environments in which the primary server is for a particular set of applications. Symmetric clusters are frequently used for Web servers, media servers, and VPN servers. Storage Because most hard disk drives are mechanical devices, they often are the first component of a system to fail. Some organizations maintain a stockpile of hard drives as spare parts to replace those that fail. Yet how many spare hard drives should an organization keep on hand? A statistical value that is used to answer this question is mean time between failures (MTBF). MTBF refers to the average (mean) time until a component fails, cannot be repaired, and must be replaced. Calculating the MTBF involves taking the total time measured divided by the total number of failures observed. For example, if 15,400 hard drive units were run for 1,000 hours each and it resulted in 11 failures, the MTBF is (15,400 × 1,000) hours/11, or 1.4 million hours. This MTBF rating can be used to determine the number of spare hard drives that should be stored. If an organization had 1,000 hard drives operating continuously it could be expected that one would fail every 58 days, so 19 failures could be expected to occur in three years, and that would be the number of spare hard drives needed. 13 448 Chapter 13 Business Continuity The MTBF does not mean that a single hard drive is expected to last 1.4 million hours (159 years). MTBF is a statistical measure, and as such, cannot predict anything for a single unit. Instead of waiting for a hard drive to fail, a more proactive approach can be used. The ability to endure failures, known as fault tolerance, can keep systems available to an organization. Fault tolerance prevents a single problem from escalating into a major failure, and can often be achieved by maintaining redundancy. A system of hard drives based on redundancy can be achieved through using a technology known as RAID (Redundant Array of Independent Drives), which uses multiple hard disk drives for increased reliability and performance. RAID originally stood for Redundant Array of Inexpensive Disks. Originally there were five standard RAID configurations (called levels), and several additional levels have since evolved. These additional levels include “nested” levels and nonstandard levels that are proprietary to specific vendors. Nested RAIDs are usually described by combining the numbers indicating the RAID levels with a “+” in between, such as RAID Level 0+1. The most common levels of RAID are: • RAID Level 0 (striped disk array without fault tolerance)—RAID 0 technology is based on striping. Striping partitions the storage space of each hard drive into smaller sections (stripes), which can be as small as 512 bytes or as large as several megabytes. Data written to the stripes is alternated across the drives, as shown in Figure 13-4. Although RAID level 0 uses multiple drives, it is not fault tolerant: if one of the drives fails, all of the data on that drive is lost. Server RAID Controller A E I M B F J N C G K O D H L etc. Disk 1 Disk 2 Disk 3 Disk 4 Figure 13-4 RAID Level 0 Redundancy Planning 449 • RAID Level 1 (mirroring)—RAID Level 1 uses disk mirroring. Disk mirroring involves connecting multiple drives in the server to the same disk controller card. When a request is made to write data to the drive, the controller sends that request to each drive; when a read action is required, the data is read twice, once from each drive. By “mirroring” the action on the primary drive, the other drives become exact duplicates. In case the primary drive fails, the other drives take over with no loss of data. This is shown in Figure 13-5. A variation of RAID Level 1 is to include disk duplexing. Instead of having a single disk controller card that is attached to all hard drives, disk duplexing has separate cards for each disk. A single controller card failure only affects one drive. This additional redundancy protects against controller card failures. Server RAID Controller A B C D A B C D E F G H E F G H Disk 1 Disk 2 Disk 3 Disk 4 Mirroring Mirroring Figure 13-5 RAID Level 1 • RAID Level 5 (independent disks with distributed parity)—RAID Level 5 distributes parity data (a type of error checking) across all drives instead of using a separate drive to hold the parity error checking information. Data is always stored on one drive while its parity information is stored on another drive, as shown in Figure 13-6. Distributing parity across other disks provides an additional degree of protection. Server 13 RAID Controller A0 A1 A2 A3 4 Parity B0 B1 B2 3 Parity B4 C0 C1 2 Parity C3 C4 D0 1 Parity D2 D3 D4 0 Parity E1 E2 E3 E4 A Blocks B Blocks C Blocks D Blocks E Blocks Figure 13-6 RAID Level 5 • RAID 0+1 (high data transfer)—RAID 0+1 is a nested-level RAID. It acts as a mirrored array whose segments are RAID 0 arrays. RAID 0+1 can achieve high data transfer rates because there are multiple strip segments. RAID Level 0+1 is shown in Figure 13-7. 450 Chapter 13 Server Business Continuity RAID Controller A0 B0 C0 D0 A1 B1 C1 D1 Mirroring Striping A0 B0 C0 D0 A1 B1 C1 D1 Striping Figure 13-7 RAID Level 0+ 1 With nested RAID, the elements can be either individual disks or entire RAIDs. Table 13-4 summarizes the common levels of RAID. RAID Level Description Minimum Number of Drives Needed Typical Application Advantages Disadvantages RAID Level 0 Uses a striped disk array so that data is broken down into blocks and each block is written to a separate disk drive 2 Video production and editing Simple design, easy to implement Not fault-tolerant RAID Level 1 Data is written twice to separate drives 2 Financial Simplest RAID to implement Can slow down system if RAID controlling software is used instead of hardware RAID Level 5 Each entire data block is written on a data disk and parity for blocks in the same rank is generated and recorded on a separate disk 3 Database Most versatile RAID Can be difficult to rebuild in the event a disk fails 4 Imaging applications RAID Level 0+ 1 Table 13-4 A mirrored array whose segments are RAID 0 arrays Common RAID levels High input/ output rates Expensive Redundancy Planning 451 Networks Due to the critical nature of connectivity today, redundant networks may also be necessary. A redundant network “waits” in the background during normal operations and uses a replication scheme to keep its copy of the live network information current. In the event of a disaster, the redundant network automatically launches so that it is transparent to users. A redundant network ensures that network services are always accessible. Virtually all network components can be duplicated to provide a redundant network. Some manufacturers offer switches and routers that have a primary active port as well as a standby fail-over network port for physical redundancy. If a special packet is not detected in a specific time frame on the primary port, then the fail-over port automatically takes over. Also, multiple redundant switches and routers can be integrated into the network infrastructure. In addition, some organizations contract with more than one Internet Service Provider (ISP) for remote connectivity. In case the primary ISP is no longer available, the secondary ISP will be used. If network connectivity is essential, an organization can elect to use redundant fiber optic lines to the different ISPs, each of which takes a diverse path through an area. Power Maintaining electrical power is also essential when planning for redundancy. An uninterruptible power supply (UPS) is a device that maintains power to equipment in the event of an interruption in the primary electrical power source. There are two primary types of UPS. An off-line UPS is considered the least expensive and simplest solution. During normal operation the equipment being protected is served by the standard primary power source. The off-line UPS battery charger is also connected to the primary power source in order to charge its battery. If power is interrupted, the UPS will quickly (usually within a few milliseconds) begin supplying power to the equipment. When the primary power is restored, the UPS automatically switches back into standby mode. An on-line UPS is always running off its battery while the main power runs the battery charger. An advantage of an on-line UPS is that it is not affected by dips or sags in voltage. An on-line UPS can clean the electrical power before it reaches the server to ensure that a correct and constant level of power is delivered to the server. The UPS can also serve as a surge protector, which keeps intense spikes of electrical current, common during thunderstorms, from reaching systems. A UPS is more than just a large battery. UPS systems can also communicate with the network operating system on a server to ensure that an orderly shutdown occurs. Specifically, if the power goes down, a UPS can complete the following tasks: • Send a message to the network administrator’s computer, or page or telephone the network manager to indicate that the power has failed. • Notify all users that they must finish their work immediately and log off. • Prevent any new users from logging on. • Disconnect users and shut down the server. Because a UPS can only supply power for a limited amount of time, some organizations turn to using a backup generator to create power. Backup generators can be powered by diesel, 13 452 Chapter 13 Business Continuity natural gas, or propane gas to generate electricity. Unlike portable residential backup generators, commercial backup generators are permanently installed as part of the building’s power infrastructure. They also include automatic transfer switches that can detect in less than one second the loss of a building’s primary power and switch to the backup generator. Sites Just as redundancy can be planned for servers, storage, networks, and power, it can also be planned for the entire site itself. A major disaster such as a flood or hurricane can inflict such extensive damage to a building that it may require the organization to temporarily move to another location. Many organizations maintain redundant sites in case this occurs. There are three basic types of redundant sites: hot sites, cold sites, and warm sites. A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity. A hot site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link. Data backups of information can be quickly moved to the hot site, and in some instances the production site automatically synchronizes all of its data with the hot site so that all data is immediately accessible. If the organization’s data processing center becomes inoperable, it can move all data processing operations to a hot site typically within an hour. A cold site provides office space but the customer must provide and install all the equipment needed to continue operations. In addition, there are no backups of data immediately available at this site. A cold site is less expensive, but takes longer to get an enterprise in full operation after the disaster. A warm site has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data. This is much less expensive than constantly maintaining those connections as with a hot site; however, the amount of time needed to turn on the connections and install the backups can be as much as half a day or more. Businesses usually have an annual contract with a company that offers hot and cold site services with a monthly service charge. Some services also offer data backup services so that all company data is available regardless of whether a hot site or cold site is used. Disaster Recovery Procedures Whereas business continuity addresses anything that could affect the continuation of “business as usual,” disaster recovery is generally more narrowly focused and is considered a subset of business continuity. Disaster recovery is defined as the procedures and processes for restoring an organization’s IT operations following a disaster. Generally, disaster recovery focuses on restoring computing and technology resources to their former state. Disaster recovery procedures include planning, disaster exercises, and performing data backups. Planning A disaster recovery plan (DRP) is a written document that details the process for restoring IT resources following an event that causes a significant disruption in service. Comprehensive in its scope, a DRP is intended to be a detailed document that is updated regularly. Disaster Recovery Procedures 453 Updating the DRP is essential yet is frequently overlooked. One “current” DRP states that any computers damaged in a disaster should be replaced with “IBM-compatible personal computers that have 32 MB of RAM, a 1.0 GB hard drive, and a 28.8K modem”! There are a variety of different “schemes” or approaches to planning for a disaster. One approach is to define different levels of risk to the organization’s operations, based on the severity of the disaster. A sample scheme for an educational institution is outlined in Table 13-5. Risk Level Description Impact Areas Level 1 Central computing resources The Computer Services building and central computer room which houses the campus servers and routers, and serves as the primary hub for campus electronic and voice communications and connectivity Level 2 Campus network infrastructure and the telephone public exchange Central telephone services, 911 emergency services, network infrastructure and services, and cable plant Level 3 Risks specific to unique applications or functionality File and print services, student records, e-mail, Web, student residential network, technology enhanced classroom support, and student computer labs Table 13-5 Sample educational DRP approach All disaster recovery plans are different, but most address the common features included in the following typical outline: Unit 1: Purpose and Scope—The reason for the plan and what it encompasses is clearly outlined. Those incidences that require the plan to be enacted should also be listed. Topics found under Unit 1 are listed below: • Introduction • Objectives and constraints • Assumptions • Incidents requiring action • Contingencies • Physical safeguards • Types of computer service disruptions • Insurance considerations Unit 2: Recovery Team—The team that is responsible for the direction of the disaster recovery plan is clearly defined. It is important that each member knows his or her role in the plan and be adequately trained. This part of the plan is continually reviewed as employees leave the organization, home telephone or cell phone numbers change, or new members are added to the team. The Unit 2 DRP addresses the following: • Organization of the disaster/recovery team • Disaster/recovery team headquarters • Disaster recovery coordinator • Recovery team leaders and their responsibilities 13 454 Chapter 13 Business Continuity Unit 3: Preparing for a Disaster—A DRP lists the entities that could impact an organization and also the procedures and safeguards that should constantly be in force to reduce the risk of the disaster. Topics for Unit 3 include: • Physical/security risks • Environmental risks • Internal risks • External risks • Safeguards Unit 4: Emergency Procedures—The Emergency Procedures answers the question: What should happen when a disaster occurs? Unit 4 outlines the step-by-step procedures that should occur, including the following: • Disaster recovery team formation • Vendor contact list • Use of alternate sites • Off-site storage Unit 5: Restoration Procedures—After the initial response has put in place the procedures that allow the organization to continue functioning, how to fully recover from the disaster and return to normal business operations are addressed. This unit should cover: • Central facilities recovery plan • Systems and operations • Scope of limited operations at central site • Network communications • Microcomputer recovery plan It is important that a good DRP contains sufficient detail. An example is shown in Figure 13-8. COMMUNICATIONS ROOM The purpose of a communications room is to provide a central point of contact and coordination. This telephone equipment in this room will include: Three wired telephones Four full-charged cellular telephones One satellite telephone Media communications in this room will include: One television One standard radio One police radio One citizens band radio One DVD player/recorder This room should be isolated from other functional areas and only authorized personnel will be allowed to enter Figure 13-8 Sample excerpt from a DRP Disaster Recovery Procedures 455 Disaster Exercises Disaster exercises are designed to test the effectiveness of the DRP. Plans that may look solid “on paper” often make assumptions or omit key elements that can only be revealed with a mock disaster. The objectives of these disaster exercises are: • Test the efficiency of interdepartmental planning and coordination in managing a disaster • Test current procedures of the DRP • Determine the strengths and weaknesses in responses Disaster exercises are becoming increasingly common in testing different types of plans. Federal aviation regulations require all commercial U.S. airports to conduct a full-scale exercise at least once every three years. A recent full-scale simulated aircraft disaster was conducted to assess the capability of an international airport’s emergency management system by testing emergency responders and aid providers in a real-time, stress-filled environment in which personnel and equipment were actually mobilized and deployed. Over 700 participants, including 200 volunteers playing victims and family members, and 20 organizations participated. Data Backups An essential element in any DRP is data backups. A data backup is information copied to a different medium and stored at an offsite location so that it can be used in the event of a disaster. Although RAID is designed to provide protection if a single hard drive fails, RAID is of no help if a system is destroyed in a fire. When creating a data backup there are five basic questions that should be answered: 1. What information should be backed up? 2. How often should it be backed up? 3. What media should be used? 4. Where should the backup be stored? 5. What hardware or software should be used? One of the keys to backing up files is to know which files need to be backed up. Backup software can internally designate which files have already been backed up by setting an archive bit in the properties of the file. A file with the archive bit cleared (set to 0) indicates that the file has been backed up. Any time the contents of that file are changed, the archive bit is set (to 1), meaning that this modified file now needs to be backed up. The archive bit is illustrated in Figure 13-9. There are four basic types of backups: full backup, differential backup, incremental backup, and copy backup. These are summarized in Table 13-6. The archive bit is not always cleared after each type of backup; this provides additional flexibility regarding which files should be backed up. 13 456 Chapter 13 Business Continuity Monday 1. File changed, archive bit set Sales.xlsx Archive bit - 1 2. File backed up Tape backup Tuesday 1. File not changed Sales.xlsx Archive bit - 0 2. File not backed up Tape backup Sales.xlsx Wednesday 1. File changed, archive bit set Sales.xlsx Archive bit - 1 2. File backed up Tape backup Sales.xlsx 3. Archive bit cleared 3. Archive bit cleared Sales.xlsx Archive bit - 0 Sales.xlsx Archive bit - 0 Figure 13-9 Archive bit Archive Bit After Backup Type of Backup Description How Used Full backup Copies all files Part of regular backup schedule Cleared Differential backup Copies all files since last full backup Part of regular backup schedule Not cleared Incremental backup Copies all files changed since last full or incremental backup Part of regular backup schedule Cleared Copy backup Copies selected files Copies files to a new location Not cleared Table 13-6 Types of data backups Backing up to magnetic tape has been the mainstay of data backups for over 30 years. Magnetic tape cartridges can store up to 800 gigabytes of data and are relatively inexpensive. When using magnetic tape, a strategy for performing the backups is important. One widely used scheme is called a grandfather-father-son backup system. This system divides backups into three sets: a daily backup (son), a weekly backup (father), and a monthly backup (grandfather). During a typical month, a daily (son) backup is performed each Monday through Thursday. Disaster Recovery Procedures 457 Every Friday a weekly (father) backup is done instead of the daily backup. On the last day of the month, a monthly (grandfather) backup is performed. Grandfather-father-son backups are illustrated in Figure 13-10. Figure 13-10 Grandfather-father-son backup system Most organizations that use magnetic tape call for data to be backed up daily on an incremental basis. There should be one backup set for each day of the week, and a weekly full backup that is stored off site. Thus, at least four weekly backup files should be held in different offsite locations. The weekly backup files should be retained for at least two months. Recent events have heightened the importance of data backups. Natural disasters (such as Hurricane Katrina), terrorist attacks (such as the destruction of the World Trade Center), additional government reporting regulations (like Sarbanes-Oxley), along with increased data complexity have all made data backups more important than ever. Several new technologies have played key roles in making data backups easier to create and information easier to restore. Along with the new data backup technologies, two key elements of today’s data backups have become increasingly important. The first is known as the recovery point objective (RPO). This is defined as the maximum length of time that an organization can tolerate between backups. Simply put, RPO is the “age” of the data that an organization wants the ability to restore in the event of a disaster. For example, if an RPO is six hours, this means that an organization wants to be able to restore systems back to the state they were in no longer than six hours ago. In order to achieve this, it is necessary to make backups at least every six hours; any data created or modified between backups will be lost. 13 458 Chapter 13 Business Continuity Related to the RPO is the recovery time objective (RTO). The RTO is simply the length of time it will take to recover the data that has been backed up. An RTO of two hours means that data can be restored within that timeframe. Although backing up to magnetic tape has been the mainstay of data backups, the advantages of magnetic tape are far outweighed by its disadvantages. Because users cannot access the data while it is being backed up, finding a time when the system can be off-line long enough for backups is a continual problem. There are many instances in which a tape backup runs beyond a weekend into the workweek and impacts the productivity of employees. This also results in a longer RPO than many businesses are willing to tolerate, even when nightly incremental backups are performed. In addition, the RTO of magnetic tape is also relatively lengthy, particularly if only a single file or folder is to be restored. An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID configuration. This is known as disk to disk (D2D). D2D offers better RPO than tape because recording to hard disks is faster than recording to magnetic tape, and an excellent RTO. However, as with any hard drive, the D2D drive may be subject to failure or data corruption. In addition, some operating system file systems may not be as well suited for this type of backup because of data fragmentation and operating system limitations on the size and capacity of partitions. A solution that combines the best of magnetic tape and magnetic disk is disk to disk to tape (D2D2T). This technology uses the magnetic disk as a temporary storage area. Data is first written quickly to the magnetic disk system, so that the server does not have to be offline for an extended period of time (and thus D2D2T has an excellent RTO). Once the copying is completed, this data can be later transferred to magnetic tape. In short, D2D2T provides the convenience of D2D along with the security of writing to removable tape that can also be stored off the premises. Another new backup technology is known as continuous data protection (CDP). As its name implies, CDP performs continuous data backups that can be restored immediately, thus providing excellent RPO and RTO times. CDP maintains an historical record of all the changes made to data by constantly monitoring all writes to the hard drive. There are three different types of CDP, as shown in Table 13-7. Name Data Protected Comments Block-Level CDP Entire volumes All data in volume receives CDP protection, which may not always be necessary File-Level CDP Individual files Can select which files to include and exclude Application-Level CDP Individual application changes Protects changes to databases, e-mail messages, etc. Table 13-7 Continuous data protection types Some CDP products even let users restore their own documents. A user who accidentally deletes a file can search the CDP system by entering the document’s name and then view the results through an interface that looks like a Web search engine. Clicking on the desired file will restore it. For security purposes, users may only search for documents for which they have permissions. Incident Response Procedures 459 Table 13-8 summarizes the different data backup technologies available. Because one size does not fit all, it is important that the organization assess its RPO and RTO along with its overall data structure in order to reach the best decision on which technology or technologies to use. Backup Technology RPO RTO Cost Comments Magnetic tape Poor Poor Low Good for highcapacity backups Disk to disk (D2D) Good Excellent Moderate Hard drive may be subject to failure Excellent Moderate Good compromise of tape and D2D Excellent High For organizations that cannot afford any downtime Disk to disk to tape (D2D2T) Continuous data protection (CDP) Table 13-8 Good Excellent Data backup technologies Incident Response Procedures When an unauthorized incident occurs, such as an attacker penetrating network defenses, a response is required. These incident response procedures include using forensic science and properly responding to a computer forensics event. What Is Forensics? Forensics, also known as forensic science, is the application of science to questions that are of interest to the legal profession. Forensics is not limited to analyzing evidence from a murder scene. It can also be applied to technology. As computers are the foundation for communicating and recording information, a new area known as computer forensics can attempt to retrieve information—even if it has been altered or erased—that can be used in the pursuit of the attacker or criminal. Computer forensics is also used to limit damage and loss of control of data. Digital evidence can be retrieved from computers, cell phones, pagers, PDAs, digital cameras, and any device that has memory (such as RAM or ROM) or storage (such as a hard drive or CD-ROM). The importance of computer forensics is due in part to the following: • High amount of digital evidence—By some estimates, almost 95 percent of criminals leave behind digital evidence that can be retrieved through computer forensics. • Increased scrutiny by the legal profession—No longer do attorneys and judges freely accept computer evidence. Retrieving, transporting, and storing digital evidence is now held up to the same standards as physical evidence. • Higher level of computer skill by criminals—As criminals become increasingly sophisticated in their knowledge of computers and techniques such as encryption, it often requires a computer forensics expert to retrieve the evidence. 13 460 Chapter 13 Business Continuity Responding to a Computer Forensics Incident W...