“Continuity planning is a government organisation’s need to ensure that essential functions can continue during and after a disaster. This includes the prevention of mission critical service interruptions, and the ability to re-establish full functionality as quickly as possible,” says Ashish Dhawan, Country Director, India and South Asia, Juniper Networks
The concept of business continuity is based on the identification of all business functions within an organisation, and the assignment of a level of importance to each business function. Business continuity planning ensures that all personnel in an organisation understand which business functions are the most important to the business. However, business continuity is not something implemented at the time of a disaster; it requires planning and should include all activities that need to be performed daily to maintain service, consistency, and recoverability.
It’s about Proactively Being Prepared
A key component for helping government agencies plan for potential emergencies is taking continuity planning seriously and adopting a proactive approach. Once disaster strikes, an organisation’s ability to respond quickly and effectively may be critical in protecting its staff, citizens, and reputation. While many businesses have business continuity plans to deal with disruptions,
in today’s world it is imperative that these plans be expanded for local, regional, or global situations. The following stages outline a simple yet comprehensive approach for building a continuity plan.
• Steering Committee—Continuity planning begins with the establishment of a steering committee, whose members are responsible for identifying the key functions and activities that will have the highest priority, both during and after a disaster.
• Planning Stage—The planning component of a continuity plan involves the evaluation, selection, and installation of
(1) an emergency communications system that can handle the needs of remote “emergency” workers, and
(2) an alternate facility for critical servers and systems. This component also includes setting up a plan for protection and availability of vital records
during any disaster.
• Execution Stage—The next part of a continuity plan is formation of an execution team that will test the emergency communications systems and the cutover from a primary to an alternate facility.
• Ongoing Testing, Training, and Review—Following all of these steps, it is
important to have ongoing testing, training, and review of the continuity plan to insure that the plan works, all personnel stay trained in proper procedures, and the plan keeps up with new directives and technology advances. Business Continuity Challenges Planning for a disruption to business services from typical network outages and server crashes is a full-time job by itself. When preparing contingency plans for a major disaster or emergency, the planning effort is magnified tenfold, and network managers are presented with unique challenges.
1. Maintaining Productivity by Enabling Access to Applications and Information from Anywhere at Any Time and on Any Device. Pandemics, like the H1N1 virus, can impact a business by requiring a company to limit social interaction between employees, partners, and customers to isolate further spread of the virus. This makes a compelling case for the wider adoption of remote access, as employees are quarantined or required to work from home for an extended period of time.
2. Sustaining Partnerships with Real-Time Access to Applications and Services While Knowing that Your Resources Are Secured and Protected. VPNs effectively addressed the requirements for cost-effective, fixed, site-to-site network connectivity; however, they were, in many ways, still too expensive
for mobile users, while for business partners or customers, they were extremely difficult to deploy. It is in this environment that SSL VPNs were introduced, providing remote/ mobile users, business partners, and customers
an easy, secure way of accessing corporate resources through the Internet
without the need to pre-install a client.
3. Continuing to Deliver Exceptional Service to Customers and Partners with Online Collaboration. If a pandemic disaster forces social distance between people, multiplemeans of conferencing will be required to help facilitate collaboration.
4. Balancing Risk and Scalability with Cost and Ease of Deployment. Network managers of government agencies and departments are constantly balancing between ease of deployment and high levels of security with their remote access solutions.
Secure Remote Access – What are the Issues?
IPsec solutions have resulted in end user frustration from only being able to access resources from a device with client software, and the high deployment and support costs associated with maintaining that software. The security concern has proven particularly vexing given the increasing sophistication and frequency of cyber attacks against information systems. These issues have
contributed to a status quo regarding remote access in the government that is now beginning to change in earnest. Many of the government agencies that have already implemented client based IPsec VPN technology for teleworkers are experiencing a multitude of problems with their current
• Inflexible Access—Client-based IPsec VPN cannot reliably extend access to a
variety of remote workers such as telewrkers, mobile employees, contractors and vendors/partners.
• Incomplete Security—Client-based IPsec VPN cannot provide a widespread and secure environment to a variety of endpoint devices, both managed (i.e., corporate smartphone) and unmanaged (i.e., home PC).
• High Cost—Client-based IPsec VPNs cannot provide this connectivity with costeffective installation, setup, maintenance, and support costs. SSL VPN The term SSL VPN is used to refer to a new and fast-growing product category comprising a variety of technologies. Working backwards, the term “VPN” or virtual private network is the practice of using a public network like the Internet to transmit private data. Prior to 2001, most VPNs were based on some type of network layer transport such as IP Security (IPsec), or other methods like Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP). SSL VPNs use a different methodology to transport private data across the public Internet. Rather than forcing the end user to install and configure a complicated client on his or her system, SSL VPN uses SSL/HTTPS—available without additional software deployment on all standard Web browsers—
as a secure transport mechanism. Rather than using the older IPsec network layer “tunnel” technology, SSL VPN connections happen via a Web connection at the application layer. SSL VPN technology continues to advance with enhancements that allow a variety of access types for client/server applications and network layer connections that are still enabled via SSL. Another feature in SSL VPNs is the provisioning of additional endpoint security, where dynamic endpoint security checks can be done before a session is actually initiated as a means of ensuring that each endpoint is in compliance with corporate security policies.
Remote Access and SSL VPN
Part of the remote access problem across government agencies in general is the fact that many users and network managers are struggling to decide which technology should be deployed where. Where do IPsec VPNs and the newer SSL VPNs fit into network policies, and which problems can each technology best address? This question can be answered by looking at the usage scenarios
themselves. The fact is that IPsec and SSL are not mutually exclusive technologies. They can—and in fact, often are—deployed in the same enterprise. On the left side of Figure 1, we see a typical IPsec VPN, where administrators who need to achieve site-to-site connectivity for field and remote offices will be well served by IPsec VPN offerings. On the right side of Figure 1, we see a typical SSL VPN. Here, administrators who need to allow teleworkers, mobile employees, contractors, offshore employees, business partners, or customers access to certain corporate resources will be well served by SSL VPNs. SSL VPNs are designed to address the needs of diverse audiences that need secure access to administrator-specified corporate resources from any location. SSL VPNs also allow administrators to change both the access methods and resources allowed as user circumstances change.
SSL VPNs can also be configured to check endpoint security compliance to either provision resources accordingly or to provide the end user with the means to remediate.
Survivable Remote Field Offices
Remote field offices are particularly susceptible to natural disasters and acts of terrorism. These sites typically have terrestrial fibre or copper WAN access connectivity. When redundant WAN access is provided to the remote field, this backup access is typically provided over terrestrial copper or fibre access as well. Frequently, the primary and backup WAN cabling travel a common path and enter the building at the same point of entapry. This configuration makes both the primary and backup access susceptible to a common threat. Given that wireless communications do not follow a common path into remote field offices the way terrestrial WANs do, wireless can offer a very viable option to traditional WAN backup connectivity. In conclusion, government businesses can be prepared for emergency situations by taking a proactive proach to their business continuityplanning. A comprehensive plan can provide a range of scenarios ahead of time, with clear processes and responsibilities defined in detail. A critical component of the overall business continuity plan is a secure remote access plan to ensure that remote or isolated workers can continue their work during and after a disaster strikes.
is Country Director, India and
South Asia at Juniper Networks