Thread | Brutkey

"Business Continuity Planning" isn't just about "US-EAST-1 went offline, how do we manage fail over and uptime". It also includes things like "this whole platform has been discontinued/gone bankrupt/KilledByGoogle/quintupled in price/been MegaBreached, how does my business/project survive?"

Jess👾

@JessTheUnstill@infosec.exchange

At the VERY least, do a periodic tabletop operation of "We no longer can use this core piece of cloud software/platform/infrastructure, what would be ways we could recover?"
Partial recovery in 14 days, full recovery in 30 days?
Welp, guess we just close down the company?
We keep around a small experimental environment on some other provider/a few VPS/some colo servers/some servers running in the closet that we could use as a foundation to scale up when required?"

Matthew Loxton
@mloxton@med-mastodon.com

@JessTheUnstill@infosec.exchange
You made me snort-laugh because my head is nodding along while my brain is laughing at how unlikely it is that anyone in the current crop of managers would ever do any level of BCP

Jess👾

@JessTheUnstill@infosec.exchange

At a previous company, we did actually do pretty good BCP - self hosted data centers, cold spares in a 3rd party data center, offline backups, the works. But then last I heard, they since went "Cloud First", sold all the data centers, moved it all to Azure and figured "YOLO, Microsoft would never hurt us".
@mloxton@med-mastodon.com