As state and local governments increasingly rely on cloud services, they have a responsibility to protect their data and ensure their systems are secure. This starts by understanding current practices and solutions are not always secure by default and developing best practices to mitigating new risks that may emerge in the future.
While many state and local governments are making progress to strengthen enterprise security, their efforts must focus not only on prevention, but also robust disaster recovery. By moving disaster recovery to the cloud, state and local governments can reduce time and lower cost to recovery while ensuring mission-critical applications and services are available when constituents need them most.
Last fall, ransomware on a web hosting provider forced the company to take its servers offline, causing several state and local government websites across the country to be inaccessible. The pandemic has also increased the threat landscape. Sixty-one percent of local governments have reported an increase in cyber threats since the beginning of the pandemic, according to recent research from the Center for Digital Government (CDG) and Amazon Web Services (AWS).
State and local government organizations can improve IT resilience with cloud-based disaster recovery while strengthening their overall security posture to combat ransomware threats.
Disaster recovery challenges in governmentState and local governments face several challenges when it comes to disaster recovery. Alex Berkov, manager of solutions architecture for CloudEndure Disaster Recovery, offered by AWS, a leading cloud-based disaster recovery and business continuity solution, says theres often confusion about what disaster recovery actually encompasses.
There is a lot of misconception around the difference between backup and disaster recovery. Often what customers call disaster recovery is actually backup, he says. State and local governments need to ensure security controls are also in place for backups as these backups can be impacted by ransomware.
Many organizations also cannot adequately test their environment, Berkov adds. They may not do frequent testing from their backups or they may rely on traditional disaster recovery solutions that require them to spend weekends in a physical data center to run tests. State and local agencies also might rely on a magnetic tape backup solution where they dump data out, back it up, and then save it on a physical tape.
All these processes are so labor- and time-intensive that organizations might only do them on an annual or infrequent basis, which leads to inadvertent security gaps. These security gaps are costly for government agencies and can lead them to pay ransom to help achieve business continuity for critical constituent services. In 2019, governments reported 163 ransomware events, with more than $1.8 million dollars in ransoms paid.2 In 2020, these figures only increased, as outside parties demanded an average payment of just over $570,000, with requested ransoms ranging from $2,500 to $5 million.
Garrett Pollard, a senior enterprise sales specialist for CloudEndure Disaster Recovery at AWS, says its critical for governments to have a comprehensive continuity strategy given ITs increasing value to the business.
IT supports so many different revenue streams that any downtime may pose a significant loss, Pollard says.
Its clear the traditional approach to disaster recovery doesnt give state and local governments the agility they need to quickly and effectively respond when security issues occur.
Optimizing operations with the cloudMoving disaster recovery to the cloud offers cost and operational benefits to state and local governments that can improve their resiliency.
With the cloud, agencies can access a cost-effective data storage solution for their backups instead of building their own solution on premises, says James Perry, solution architect security lead for WorldWide Public Sector, Education, and State and Local Government at AWS. Perry says with managed cloud services, state and local agencies can see more benefits. Cloud-based disaster recovery can also lower total cost of ownership.
Agencies can avoid performing the undifferentiated heavy lifting associated with racking and stacking equipment, hardware procurement processes, and so on, he says.
While agencies can save on technology costs, theres also the somewhat intangible costs associated with time to recovery. In 2020, state and local governments lost 773 days to downtime. In government, this could mean days, if not weeks, when constituent data is compromised or when constituent services and applications arent operating at their full capacity.
Moving to the cloud also allows agencies to take advantage of automation and reduce demands on IT staff. With the cloud, they gain access to advanced disaster recovery capabilities because cloud-based solutions can be more easily upgraded. Additionally, agencies can take advantage of artificial intelligence and machine learning capabilities to automate threat response.
It gives them the opportunity to focus the IT resources they have on more strategic initiatives, Perry says about cloud- based disaster recovery. Instead of them buying software, managing software inventories, and installing hardware, they can enhance their business applications and deliver value to citizens.
Berkov says moving disaster recovery to the cloud doesnt require massive IT effort for government agencies. Even those who operate in a largely on-premises or hybrid environment can seamlessly make this transition.
Its a very easy entry point for organizations that are either on-prem or hybrid, because it doesnt change how they operate their production infrastructure. They can maintain their production infrastructure, wherever it may be, and the solution can do all the replication, management, and orchestration of their resources, Berkov says.
Some organizations are already seeing improved operational impact from cloud-based disaster recovery. One state agency, for example, experienced a ransomware event that affected its entire on-premises infrastructure, including a database that contained all its employees password information. Backups for the agencys business-critical applications were also compromised during the event, leaving it without any backups from which to recover.
Rather than undergo a lengthy hardware procurement process and entirely rebuild its data center, the agency decided to shift its entire IT operation to the cloud. It was able to restore all of its mission-critical applications in a cloud environment in less than two weeks. The agency also has realized significant cost savings it is now running its IT operation at 40 percent of what it would cost to run it on premises.
Best practices for moving disaster recovery to the cloudDisaster recovery in the cloud addresses several key challenges for state and local agencies by providing a flexible, scalable solution that can reduce time and lower cost to recovery while helping to address budget constraints and minimize unintended security risks.
State and local agencies should consider the following as they transition to cloud-based disaster recovery and compare solutions.
Establish recovery time objectivesBefore a state or local agency enlists the services of a cloud provider, they should clearly map out and understand their disaster recovery needs, Pollard says.
Sit down and take a hard look at your business and establish what your recovery time objectives are for each application. Its a very common exercise where you take a step back, analyze the data, and see what the recovery times are so you can figure out which solution is the best fit, he says.
Plan for flexibility and scalabilityYou need to make sure the solution is effective not just for today, but can handle any future growth, Berkov says. The other thing you need to consider, particularly when it comes to ransomware, is the flexibility and insurance of having different recovery forms. That way, if you are hit by ransomware, your organization can go back to a previous point in time just as quickly as you can fail over.
He adds: The cloud really does, from a scalability perspective, give organizations the option to right-size their disaster recovery environment. You dont need to over- provision anything its scalable and its elastic you only use what you need.
Ensure data governance and compliance Whether an organization operates on premises or in the cloud, good data governance is critical to effective disaster recovery.
Its important for government organizations to have compliance across all of their workloads, which is why they should work with a cloud provider who has public sector expertise and a solid track record of managing these types of workloads.
Perry says some of the questions organizations should ask potential cloud providers include: How do you encrypt the data in transit? How do you encrypt it at rest? How can we make sure that only the right people have access to the data? Theyre [government agencies] often learning about how the cloud operates and all of the compliance benefits it provides. So, theres a learning process, and how to extend their governance processes, auditing, and monitoring [activities] to the cloud is part of that.
Test, test, testTesting is critical when it comes to disaster recovery.
You dont want to wait until an event happens before you test, Berkov says. The cloud opens up the ability for you to test on your own schedule at any time with really no impact. It also allows you to increase the frequency of those tests, so you can make sure that, as your environment changes, you can validate it and verify everything is running properly.
ConclusionFrom ransomware and malware to email phishing schemes and denial-of-service issues, security threats continue to impact state and local governments.
As these organizations try to build a more robust cybersecurity program, effective disaster recovery should be an integral component of their holistic cybersecurity strategy. The traditional approach to disaster recovery with backups from magnetic tape and a reliance on on-premises data centers can be costly and time consuming for state and local governments facing budget cuts and limited IT resources. Government organizations can leverage the cloud to modernize their disaster recovery program and make their IT operations more cost efficient. By doing so, they can improve business continuity and build their resilience.
The challenge state and local governments face is they often dont have IT staff or security experts to build disaster recovery processes internally and execute them in a consistent way on premises, Perry says. One of the greatest benefits of the cloud is that the services you need to combat ransomware whether its patch management, encryption, firewalls, or intrusion detection are provided as managed services in the cloud. Theyre integrated so you have a toolbox thats been built to work together to greatly simplify the IT complexities and challenges your organization faces.
Read more here:
Increasing Government Resilience with Cloud-Based Disaster Recovery - GovTech
- Box for Android - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- eUKhost - eNlight Cloud Hosting! - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing -- Oracle is Ready to Take You There - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- What is Cloud Computing? - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Webinar - Cloud Computing: Why You Should Care - 2010-10-14 - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- What is Cloud Hosting? - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing Misconceptions and Benefits - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Hosting and How it is Set to Change Internet Commerce - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Awesome Cloud Computing Explained with Animation - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Rackspace Cloud Race - UK cloud hosting - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Improved Cloud Service Delivery And Hosting | IBM - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Computing Explained - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Software companies turn to Savvis for cloud hosting and other SaaS services - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Sky News Tech Report on Cloud Computing - Macquarie Telecom Interview - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- BitNami Cloud Hosting Demo - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Fully managed Cloud Computing solution using your current IT infrastructure (Closed Caption) - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- Cloud Hosting Server Provisioning - Video [Last Updated On: February 26th, 2012] [Originally Added On: February 26th, 2012]
- iomart Hosting Provides Cloud Storage and Backup for new Branding Network [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Harris plans to stop offering remote cloud hosting [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- iomart Hosting provides cloud storage and backup for new UK branding network [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- DynamicOps Debuts "Fastest Path to Cloud" Seminar and Webinar [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Harris Corporation to Discontinue Cyber Hosting Operation; Will Continue Providing Advanced Cyber Security and Cloud ... [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Tutorial! Amazon Cloud Minecraft Server Hosting! - Video [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- MachPanel 4.3 - SaaS and Cloud Hosting Control Panel for Windows - Video [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- Webair Carrier Neutral Cloud: Open Network Access in the Cloud [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- iomart Hosting Takes UK Digital Media Agency Into the Cloud [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- FireHost Grows Executive Team on Heels of European Expansion; Appoints Jim Ciampaglio as Sr. Vice President of Global ... [Last Updated On: February 28th, 2012] [Originally Added On: February 28th, 2012]
- INetU Managed Hosting is SOC 2 and SOC 3 Compliant [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Web Host Webair Adds Carrier Neutral Cloud Services [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- FireHost Appoints Jim Ciampaglio as Sr. Vice President of Global Sales and Marketing [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- BitRock CEO on BitNami Cloud Hosting - Video [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Harris kills remote hosting service as customers shun cloud storage [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Understand Cloud computing in 60secs - Video [Last Updated On: February 29th, 2012] [Originally Added On: February 29th, 2012]
- Systech Integrators® Forms Strategic Relationship With Rackspace Hosting® to Offer Cloud Hosting Services for SAP® ... [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Dedicated & Cloud Hosting Provider Codero Names Industry Veteran Emil Sayegh, President & CEO [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Cloud Computing and Technology Mobility - Video [Last Updated On: March 1st, 2012] [Originally Added On: March 1st, 2012]
- Cloud Hosting Providers - Video [Last Updated On: March 3rd, 2012] [Originally Added On: March 3rd, 2012]
- Online Education Innovator Gives Virtual Internet Cloud Services an A+ [Last Updated On: March 3rd, 2012] [Originally Added On: March 3rd, 2012]
- SingleHop Introduces the Hosting Industry's First Customer Bill of Rights [Last Updated On: March 6th, 2012] [Originally Added On: March 6th, 2012]
- Cloud Services Provider Intermedia Launches Integrated Partner Program [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Cloud Services Provider Intermedia Now Offering Microsoft Office 365 [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Inside IT Cloud Computing Security - Video [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Lansing Cloud Host Introduces Faster ‘Storm SSD’ [Last Updated On: March 7th, 2012] [Originally Added On: March 7th, 2012]
- Leading Industry Analyst Firm positions Hosting.com as a Challenger in Managed Hosting Magic Quadrant [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- Hosting.com Positioned as Challenger in Managed Hosting in Gartner's Magic Quadrant [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- ServInt Announces the First Finalist for Its Inaugural Sextant Award, Recognizing the Most Effective Use of the ... [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- Leading Analyst Firm Recognizes Savvis as a Leader in Two Cloud-Focused Magic Quadrants [Last Updated On: March 8th, 2012] [Originally Added On: March 8th, 2012]
- UK Cloud Computing Company iomart Hosting Recruits Scotland Footballers to Kick off New Campaign [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- Rackspace Hosting Positioned as a Leader in the Leaders Quadrant of the Magic Quadrant for Managed Hosting Providers [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- 4t Networks Offers Red Hat Enterprise Linux 6 for Cloud Hosting [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- elchemyv2.wmv - Video [Last Updated On: March 9th, 2012] [Originally Added On: March 9th, 2012]
- Steve VanRoekel Keynote, NIST Cloud Computing Forum and Workshop IV - Video [Last Updated On: March 11th, 2012] [Originally Added On: March 11th, 2012]
- Hosting.com Enhances Backup Capabilities to Deliver Leading-Edge Data Recovery Solution for Businesses Any Size ... [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- Online Tech Hosts Webinar on Cloud Computing in EHR/RCM Systems [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- Hosting.com Enhances Backup & Data Recovery [Last Updated On: March 12th, 2012] [Originally Added On: March 12th, 2012]
- ServInt Introduces Its New Flex Line of High-Performance, Fully Managed Dedicated Servers [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- Telefonica targets LatAm with business cloud [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- TCWH Announces New InMotion Hosting Review 2012 [Last Updated On: March 14th, 2012] [Originally Added On: March 14th, 2012]
- Lokahi Expands Cloud Offering to Include Managed Security Services Through Partnership With StillSecure [Last Updated On: March 15th, 2012] [Originally Added On: March 15th, 2012]
- Eco Cloud Hosting IPv6 Ready with Web Application Firewall and Load Balancer - Video [Last Updated On: March 15th, 2012] [Originally Added On: March 15th, 2012]
- Private SharePoint Cloud Beats Other Cloud Hosting Options for Enterprises on Price, Practicality [Last Updated On: March 17th, 2012] [Originally Added On: March 17th, 2012]
- Private SharePoint Cloud Beats Other Cloud Hosting Options for Enterprises, Says AISN [Last Updated On: March 17th, 2012] [Originally Added On: March 17th, 2012]
- CaymanSecurity.com Introduces Secure Cloud Hosting Services [Last Updated On: March 19th, 2012] [Originally Added On: March 19th, 2012]
- Storm On Demand Introduces Windows Cloud Hosting [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Citrix Streamlines Delivery of Cloud-Hosted Apps and Desktops [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Cloud Computing Explained.mp4 - Video [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- AMD Opteron 3200 Chips Target Cloud, Web Hosting [Last Updated On: March 20th, 2012] [Originally Added On: March 20th, 2012]
- Understanding the Cloud Computing Stack: SaaS, PaaS and IaaS | CloudU - Video [Last Updated On: March 21st, 2012] [Originally Added On: March 21st, 2012]
- Racemi Joins Rackspace Cloud Tools Program [Last Updated On: March 22nd, 2012] [Originally Added On: March 22nd, 2012]
- iNetRadio Adds User Music Cloud Hosting [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- Managed Hosting Company, OneNeck IT Services, Selected by Southwest Home Builder for Cloud Services [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- What is Cloud Hosting? - Australian Cloud Hosting Providers - Video [Last Updated On: April 18th, 2012] [Originally Added On: April 18th, 2012]
- Courion Leverages NaviSite's Enterprise Cloud to Deliver Identity and Access Management Software-as-a-Service [Last Updated On: April 24th, 2012] [Originally Added On: April 24th, 2012]
- TLD Solutions Launches Next Generation "4GH" Web Hosting [Last Updated On: May 4th, 2012] [Originally Added On: May 4th, 2012]
- ElasticHosts unveils simple cloud web hosting for SMEs [Last Updated On: May 4th, 2012] [Originally Added On: May 4th, 2012]
- Rackspace Hosting 1Q net income up on higher sales [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- Infinitely Virtual Announces Support for Microsoft SQL Server 2012, Providing Cloud-Ready Hosting with Mission ... [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- Kore Domains Launches Revolutionary New "4GH" Web Hosting Solution [Last Updated On: May 8th, 2012] [Originally Added On: May 8th, 2012]
- 4GH Web Hosting Europa Launches 4GH Cloud Web Hosting Solution in European Data Center [Last Updated On: May 10th, 2012] [Originally Added On: May 10th, 2012]
- Hughes Cloud Services & Hosting Showcases Its Comprehensive Enterprise IT Offering At ... [Last Updated On: May 12th, 2012] [Originally Added On: May 12th, 2012]