In one of my client projects, a leading Southeast Asian unicorn sought to launch a financial services application in Indonesia. To achieve this, they needed to certify their infrastructure with ISO 27001 compliance. On paper, this required them to:
"Ensure business continuity and disaster recovery plans include considerations for maintaining information security during disruptions. This includes regular testing of recovery processes, maintaining backups, and ensuring critical systems can be restored quickly."
In practice, their data-centers had to prove the defined RTO (Recovery Time Objective) of 4 hours and RPO (Recovery Point Objective) of 15 minutes through a Disaster Recovery (DR) drill.
Achieving RTO/RPO for ISO/IEC 27001:
The designed infrastructure was built on dedicated bare metal servers with a hypervisor installed for virtualisation. The network topology included segregated VLANs, client-to-site VPNs, and site-to-site VPN tunnels.
To meet the required RTO/RPO numbers, the application was deployed on both the primary data center (DC) and disaster recovery center (DRC) using an Active/Passive deployment model. Data was replicated live across both data centers, with the DRC serving as a standby mirror for the primary DC. A DR drill was then conducted using DNS and traffic switching, with all activities—switching the DNS, shifting the traffic from the DC to the DRC, and back—completely automated using Infrastructure as Code (IaC).
Disaster recovery is crucial for recovering from unforeseen, unplanned events that impact business operations. Various factors influence disaster recovery plans, with physical distance and latency between the DC and DRC being among the most critical.
Key Points:
Distance Requirement: DC and DRC sites must not reside in the same disaster zone. To ensure business continuity and disaster recovery, the data centers must be at least 40 km apart. Some cloud availability zones may not adhere to this requirement. Therefore, if you have a DC/DRC setup, be sure to validate the physical distance between your cloud provider's availability zones.
Cloud Compliance: Surprisingly, not all cloud providers meet DC/DRC compliance. While they may have compliant setups in some regions, many newly launched regions focus more on high availability than disaster recovery.
How do clouds comply with compliance requirements?
In-order to comply with the business continuity and disaster recovery controls of ISO 27001, the datacenters (DC/DRC) must be at least 40 km away from each other or in other words not must be fit to recover within the RTO/RPO timeline during a disaster.
As surprising as it might be, your favourite cloud provider may not have a DC/DRC compliance. In most cases they might have it in some countries with multiple regions but there will be many regions, mostly the newly launched ones where their focus would be mostly on high availability than disaster recovery.
Some availability zones on clouds might not abide by this rule. If you have a DC/DRC requirement, be sure to validate the physical distance between your cloud provider's availability zones.
That is why DR Drills are mandatory at least once in a year and must be conducted to test and prove the RTO/RPO numbers.
Regularly tested BCP and DR plans on evenly distributed and fully-independent sites need to be recorded and certified by auditors especially for applications dealing with essential services like banking, healthcare etc. This also builds confidence in in house processes.
Checkout the article below for details: 👇👇
Direct Connect with Private Links:
For peer-to-peer connectivity and data transmission—especially in a hybrid cloud model or a DC/DRC setup—you need direct private links between your clouds or sites. This is particularly important if you care about integrating with many third-party APIs.
Reasons for Dedicated Links:
Minimum Latency and Better Performance: Essential if you have third-party connections.
Data Privacy in Transit: Prevent man-in-the-middle attacks by owning your entry points.
Fault Tolerance: Dual ISP links ensure that if one path fails, another is available.
Low Latency for Data Replication: Achieve latency <1 ms between sites with a direct dedicated connection (e.g., MPLS, GCP InterConnect, AWS PrivateLink, or Alibaba Cloud Express Connect).
A site-to-site VPN alone is insufficient for connecting two locations. Remember, VPNs over the internet can provide secure connectivity but not the required latency. Other benefits include DNS caching, real-time session failover, and backup and recovery.
For more information, read the article: Private Links for Direct Connect.
Load Balancing & Load Sharing:
Load balancing and sharing between multisite applications or clusters ensure that if one site goes down, the load switches seamlessly to another without downtime for customers.
Types of Load Balancers:
Network or TCP Load Balancers: Work at Layer 3, handling routing and switching of data between devices like routers and firewalls.
Application or HTTP Load Balancers: Layer 7 appliances allow users to access information on the network via an application.
Based on your use case, you may need one or both types.
Secure Backups Policy:
While it may sound old-fashioned, a secure backup policy is still a compulsory requirement for many regulatory compliances. When things go wrong, backups can be lifesavers. Here are some critical tips:
Scheduled Backups: Ensure on-line and off-site backups for critical systems and data, including weekly full backups, daily differentials, and 2-hourly transaction backups.
Encrypted Backups: Encrypt backups if necessary, and look for low-cost encrypted archives in your cloud provider.
Transaction-Specific Provisions: Ensure consistency at restore for transactional databases and authentication systems.
Regular Testing: Regularly test and restore backups to ensure they work.
For a detailed guide, check out the article: Compliance Ready Backups Policy.
Summary:
High availability (HA) and disaster recovery (DR) are distinct concepts. HA can be achieved with availability zones, but DR readiness requires cross-region distribution.
Key Takeaways:
Applications must be evenly distributed across multiple regions that are not within the same disaster-prone zone or are at least 40 km apart.
Data must be replicated and backed up across regions, with latency between availability zones under 1 ms for network-based data transmission.
Always test your DR plan on the cloud and have a well-defined NDA with cloud providers on data privacy and localisation.
Additional Requirements:
Fault-tolerant infrastructure and platforms in line with RTO/RPO guidelines.
Secure and seamless connectivity across intranet and internet.
Logical and physical protection against unauthorised access.
Automated, modular, and highly available environments on demand.
Centralised role-based access control for all systems and services.
Scheduled assessment of disaster recovery and rollback processes.
Every business is unique, and so are its compliance implementation needs. Navigating the complex landscape of security compliance can be a stressful process.
That's I have built tailored solutions that address these specific challenges and goals to align infrastructure with ISO standards.
I hope this article can help you answer some of the compliance needs.
Do like 👍 and share ♻ it in your network and follow Kamalika Majumder for more.
Need to get ISO 27001 compliant ASAP, and have no clue where to start? Book A Free Consultation.
Thanks & Regards
Kamalika Majumder
Your DevOps Compliance Partner
Comments