"A cyber attack on an enterprise organisation will create a huge amount of disruption. The company’s reputation is on the line, which is why these organisations make such a significant investment into cyber protection. But no amount of security can guarantee protection against bad actors, so the question becomes: what sort of mitigation do you have when your system is eventually breached?”
The client had focused on cyber security projects targeted at prevention and breach detection for many years. They were also aware of the increased persistence of attacks across their own network, and also that of their peers and suppliers. However, it was not until a successful breach of the perimeter of a company within their vertical that highlighted the vulnerability of a prevention only strategy.
Post incident analysis resulted in an immediate increase of priority for a reliable and robust recovery strategy within their overall security programme and cyber resilience strategy. However, the need for a cyber recovery strategy was complicated by the scale of the company’s IT environment, which featured a mix of modern and legacy technologies, in-house technology teams, multiple service providers, and data and audit regulations—all of which needed to be accounted for by any potential recovery solution.
After extensive market research into the solutions and capabilities available, the client entered into discussions with Triangle—a leader in providing Cyber Recovery solutions to enterprise clients—for the design and delivery of a solution that would be compatible with the customers’ existing technology infrastructure.
To ensure the organisation could recover from a cyber breach with full confidence, Triangle delivered a comprehensive 3-phased approach.
Our cyber team supported the execution of an initial analysis and design to identify the critical data required to recover a minimum viable company (MVC) post-breach, as well as the service level requirements for speed of recovery. This phase also included the architecture and high-level design of the technology needed for two of the key components of a Cyber Recovery architecture: the isolated data vault and the clean room.
Triangle’s experts worked closely with Dell, as the technology provider to supply the necessary recovery infrastructure, including Dell’s Cyber Vault and Clean Room technologies.
With the design agreed, Triangle and Dell collaborated to build the Cyber Vault, Clean Room, and supporting infrastructure. Logical recovery runbooks were developed for each critical business service identified in Phase 1.
The platform’s security and recovery capabilities were verified through rigorous testing. The design also incorporated a forward view of the platform to ensure any future projects to protect additional data could be handled as an incremental update rather than a significant design change.
Key principles of the delivered design, which were verified and tested by the customer, include:
Following successful implementation and testing, the platform was handed over to Triangle’s Managed Service team. Our Service Architects integrated the platform into the customer’s existing ITIL processes, with adjustments for recovery testing, reporting, and management SLAs.
Ongoing managed services include regular recovery testing by our dedicated cyber recovery team, and a full operational platform service with lifecycle management, secure access control, daily data integrity checks and regular health reporting. Regular reviews ensure the platform remains aligned with the client’s production investments and improvements.
The client now enjoys a 24x7 fully managed service for both the recovery testing and platform management services. These ongoing managed services are critical to maintaining recovery technology and keeping the company ready to launch recovery processes if and when a breach is detected.
“Triangle’s experts took the unknowns out of the recovery process. We know that if our IT environments are compromised, Triangle’s recovery team is ready to go with proven step-by-step processes for bringing our business services back online. We have full confidence in the consistency and efficiency of Triangle’s recovery experts and their ability to restore our critical business data.”
The core value of this project and service is that this client can now restore their data and business services in the event of a successful cyber attack. The client moved from having no cyber recovery strategy to having an implemented strategy with a practised and proven capability to recover and keep their business operational.
The client now has a proven method and solution to continue their investment plans to establish a recovery capability for their less critical data. They have also become a centre of excellence for cyber recovery for the other affiliated companies within their organisation.
