Secure Your IT Infrastructure & Create Resiliency

Posted on October 22, 2020July 6, 2022

IT infrastructure is the combination of hardware, software, communications, data centers/hosting services, and human resources that allows an organization to deliver information technology services to its constituent communities.

IT resiliency refers to an organization’s ability to avoid or minimize business disruption when the IT infrastructure is challenged by planned or unplanned events, such as the novel Coronavirus. IT resiliency is at the core of an effective IT strategy, designed to ensure organizations can quickly get back to business after something goes wrong, as well as how to protect your organization from threats in the first place.

Planned or unplanned events that could impede your ability to deliver optimal services may include: production and/or migration failure of systems and/or applications, turnover among key IT staff, man-made and natural disasters, cyberattacks, and malicious activities by known or unknown parties. Any of these events may disrupt or even paralyze an enterprise if proper planning and controls are not in place.

What Are Measures to Improve IT Infrastructure Resiliency?

Document and Test Your Business Continuity Plan

Business Continuity Plans (BCPs) are essential to successfully conduct business seamlessly when disruption strikes. Having a working BCP in place in advance of a disruptive event helps to lessen the impact on people, processes, and systems.

AAFCPAs’ Business & IT Consulting practice advises clients to first answer the questions: “What do we need most?”, “How long can we be without?”, and “How much data can we afford to lose?” The answers to these questions generate a Recovery Time Objective (RTO) and Recovery Point Objective (RPO). From there, a specific plan to address the needs of each service may be developed.

Document and Test Your IT Disaster Recovery Plan

An IT Disaster Recovery Plan (DRP) is a documented and tested process or set of procedures which ensures your organization can recover IT systems, services, and data following an event. DRPs should be tailored to your business size, industry, and specific IT infrastructure. The plan will be multi-discipline and include other departments outside of IT. A risk-based approach will drive answers to “How will we work?”, “Where will we work?”, “What is the impact to the business and our constituents?”, and “Who will communicate to our constituents?” Once crafted, periodic testing of the DRP should be executed as part of your BCP in order to support business operations.

Sound Backup and Recovery Strategy

Organizations must implement strategies that protect both their data and their ability to access it. These strategies are only a single component of a comprehensive BCP and broader DRP.

The Backup and Recovery Strategy should include routinely scheduled backups of your business’ critical systems. Routine is subjective and driven by RTO and RPO requirements specific to the environment being backed up and recovered.

Robust Risk Assessment

Understanding where risks exist in your technology enterprise is paramount to your ability to effectively manage them. Risks come in many forms and are as individual as your organization. Risks exist in aged technology; outdated solutions; access control deficiencies of incoming, existing and departed staff; inappropriately configured systems; poor password management practices; and a lack of employee training and awareness, to name but a few.

AAFCPAs advises clients to perform regular top down risk assessments as a solution to help identify, prioritize, and remediate deficiencies.

How Can AAFCPAs Help?

AAFCPAs recommends performing an IT Risks and Controls assessment first. Once completed, visibility to high risk concerns will be unveiled and then may be addressed. If cyber security is of strong concern, network penetration and cyber assessments may also be employed. If you host private and/or confidential information covered by HIPPA, GDPR, PCI, or other local, state, federal, or international governing requirements, these services should be considered.

AAFCPAs’ Business & IT Consulting practice advises clients on improving their IT Resiliency with recommendations that are right-sized and tailored to be appropriate given each client’s resources and specific IT infrastructure requirements.

If you have any questions, please contact James Jumes, MBA, M.Ed. at 774.512.4062, jjumes@nullaafcpa.com; Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes, MBA, M.Ed.

James joined AAFCPAs in 2013 to lead the firm’s Business Process & IT Consulting practice. He leads a team of senior technologist in the delivery of solutions related to business intelligence & productivity, information risk management and cybersecurity, and special IT attestations, compliance, and certifications. His goal is to strengthen the links between people, process, and technology, which increases productivity and drives business growth. James has more than 30 years of experience working with information technology …

Vassilis Kontoglis

Vassilis has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional …

Related Insights

Shift in EEC Funding Model Requires Business Process Assessment

Effective October 1, 2024, the Massachusetts Department of Early Education and Care (EEC) shifted its contract reimbursement from a primarily unit-rate model to a mix of unit-rate and cost-reimbursable contracts. Under the new contracts, childcare seats will be reimbursed on a unit-rate basis while administrative and supportive services will be funded through cost reimbursement contracts. […]

Cost Center Coding Strategies for Effective Grant Reporting

For complex human and social services providers, managing grants and ensuring compliance can often feel like navigating a labyrinth. One effective strategy to simplify this process is through cost center coding. AAFCPAs provides the following detailed guidance on how to leverage cost center coding to streamline grant reporting and maintain compliance. Design Your Cost Centers […]

October is Cybersecurity Awareness Month. Are You Prepared?

Cybersecurity Awareness Month is observed in October in the United States to raise awareness about the importance of protecting digital systems and data from cyber threats. As of the third quarter of 2024, there were over 2,000 reported data breaches affecting an estimated 1.3 billion individuals globally with major breaches affecting companies like UnitedHealth, Snowflake, […]