React and Recover: How Agencies Can Mitigate Risk with Better Data Management Practices

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now

Presented by NetApp NetApp's logo

Presented by NetApp NetApp's logo

By NetApp

|

Threat vectors like human error, natural disaster, network failures and software vulnerabilities can stop government agencies in their tracks from effectively serving their citizens. While IT teams can’t necessarily predict these events or prevent them, a disaster recovery plan can help them prepare for the worst-case scenario.

If the last year and a half taught IT leaders anything, it’s that unprecedented events can happen at any time. Whether a global health crisis, a ransomware attack or a natural disaster, organizations must ensure they have the technical infrastructure in place to carry out operations amid these unexpected events. 

This sentiment rings especially true for government agencies. While many consumer-facing organizations can get away with a delay in service, the government isn’t afforded that luxury. Constituents rely on government organizations to serve their needs quickly and effectively — especially during a crisis. 

But we live in an imperfect world, and threat vectors like human error, natural disaster, network failures and software vulnerabilities can cause downtime across an enterprise, often preventing government organizations from effectively serving citizens. While IT teams can’t necessarily predict these events or prevent them, a disaster recovery plan can help them prepare for the worst-case scenario. 

Understanding the Importance of Disaster Recovery 

There’s never been a more critical time for agencies to prioritize disaster recovery initiatives. 

“In this day and age, with so many cyber and ransomware attacks, agencies need to make sure they have their data backed up and available,” says Jim Cosby, deputy chief technology officer for federal civilian and public sector partners at NetApp. 

Drawing on more than 30 years of technical experience, Cosby helps government customers understand where their data is and where it needs to be, by incorporating storage efficiency solutions to contain costs and reduce consumption of capacity. Over the course of his career, he has witnessed firsthand how these threats have evolved. The dark reality, he explains, is that today’s threat landscape is more dangerous and complex than it has ever been. 

“Today’s cyberattackers are hacking into your organization, encrypting not only your primary data, but also the backup copies of your data,” he explains. “In many cases, they then demand payments in cryptocurrency if you want to get your data back.” 

Take the 2017 WannaCry ransomware attack, for instance. The WannaCry cryptoworm inched its way into over 300,000 PCs, then charged victims $600 worth of bitcoin to return the stolen data. 

More recently, JBS, the world’s largest meat processing company, paid $11 million in ransom to cybercriminals after being forced to pause operations at 13 of its plants. 

These incidents could have been avoided, or at least easily mitigated, had users backed up their data. 

But for government agencies, there’s more at stake than meat or money. 

“In civilian government, this data and information that’s being stolen might be medical care or life-saving technology,” Cosby explains. “The Defense Health Agency, Department of Health and Human Services, Centers for Disease Control, Veterans Affairs — all of that is critical for life-saving care. You don’t want to lose that data because those are people’s lives on the line.” 

Agency Spotlight: DOD and VA Make Strides Toward Better Data Management 

A number of federal agencies have already successfully implemented these disaster recovery initiatives. 

The Department of Veterans Affairs, for example, recently adopted the VistA imaging system, which provides VA hospitals around the world with an enterprisewide paperless electronic health record. The system captures scanned documents, motion video and clinical images, and then incorporates them into the patient's electronic record. 

The program is powered by an object storage imaging technology that replicates VA patient data and provides this information to its network of providers. Now, when a veteran enters a VA hospital, providers and administrators are equipped with the information they need to quickly treat them. The VistA imaging system not only creates a seamless patient experience; it also offers a digital alternative to VA’s historically paper-driven record systems, ensuring patient data is accessible in the event of a disruption. 

Meanwhile, the Defense Department is also enhancing its data management capabilities, having deployed more than 1,000 systems in remote, tactical locations to capture, store and process data. 

“The data lives in everything from ships, aircraft and submarines to Humvees and military vehicles,” Cosby notes. “It is then replicated back to a central location so it can inform military leaders as they make larger decisions.”

The Key Ingredients for a Successful Disaster Recovery Plan 

To ensure continuity of operations amid these types of unprecedented events, agencies must develop a comprehensive disaster recovery plan. Cosby notes there are a few key steps every agency should follow to ensure long-term success. 

1. Assess and identify current operational components. How essential is one part of your operations versus another? Define critical parts of your operation and differentiate those from less essential components. What data and documentation are necessary to the continuity of your organizations? What information is less critical? 

2. Determine disaster scenarios and impact levels for each operational component. Develop an “if-then” scenario to determine the impact of a system disruption on each aspect of your operation. For example, “If system A shuts down, how will that impact systems B and C? What implications will these disruptions have for citizens? What about employees and partners?

3. Create a backup and recovery plan for each required component. 

4. Develop a communications strategy for each component and function. Disseminate information in an organized and controlled manner that helps people respond to the situation as opposed to causing panic or concern.   

5. Test your plans to make sure they work before implementing them across your organization. 

Of course, this disaster recovery plan may vary depending on the agency’s mission and existing processes.To effectively tailor this plan to meet these specific needs, IT leaders should ask the following questions: 

  • Where does the data reside today and where does it need to be?
  • How much data actually exists?
  • What time and budget constraints should be considered?
  • Is there technology in place to effectively manage and protect this data?
  • What security and compliance measures are being taken to protect sensitive data? 

“There’s a reason people are saying ‘data is the new oil,’ because it really is the thing that’s driving value for an organization,” Cosby says. “It doesn't matter what applications or servers you have, if you don't have data, you won’t have the tools you need to make informed decisions. That data is worth protecting.” 

Learn more about how NetApp’s Data Fabric can help your organization implement a successful disaster recovery plan. 

This content is made possible by our sponsor NetApp; it is not written by and does not necessarily reflect the views of NextGov’s editorial staff.

NEXT STORY: Tampa Taps 5G to Improve Public Safety

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.