What happens to a company’s data in the case of a disaster such as 9/11 or Hurricane Sandy? How can a company recover from a disaster and continue their business uninterrupted? It’s a complicated challenge – and one many security professionals and risk management professionals must consider. Companies like Recovery Point provide resources to help a company survive a catastrophic event and keep its computer programs and business processes running. Their customers include large, well-known companies and the government. 

“When big disasters happen, people begin rethinking what they need to protect against,” says Dick Fordham, Director of Marketing and Strategy, Recovery Point. “We try to imagine the worst that can happen, and put in place adequate measures to provide the security in those areas.”

Recovery Point is a national provider of integrated business continuity and disaster recovery systems. The company stores copies of its customers’ critical enterprise data on its servers in multiple locations. Recovery Point enables customers to bring their systems and networks back up and let employees continue working despite any damage from the disaster. “We’re not a big company – about 150 employees – but we can service the biggest clients because we provide a high degree of personalized service,” says Fordham.

There is also a 45,000-square-foot
facility in Gaithersburg, Maryland,
where clients’ data can be stored
up to 30 days on disk and up to
seven years on tape

Client Data Storage And Backup

Recovery Point’s flagship facility is located on a 17-acre private campus in Germantown, Maryland; about 30 miles northwest of Washington, D.C. There is also a 45,000-square-foot facility in Gaithersburg, Maryland, where clients’ data can be stored up to 30 days on disk and up to seven years on tape in high-end, secure vaults. There are also two 100-seat work areas where displaced workers from customer companies can continue to perform their duties – one in Gaithersburg and another one in Kenosha, Wisconsin. Recovery Point is also a tenant in a data center in Mt. Prospect, Illinois, providing an additional, redundant location to store data in case of a disaster.

Recovery Point offers cloud backup strategies to handle data from major computer systems used by large companies; whether it’s mainframe computers, AIX operating systems or iSeries. In addition to providing recovery services in case of a disaster, the company works with companies daily to test and maintain their systems and to provide proof-of-concept demonstrations.

Concentric Circles Of Security

Security is a large part of the services Recovery Point provides. The company leverages the most secure approaches and technologies to ensure that customers’ data is protected, including the familiar “concentric circles of security” approach familiar to most security practitioners. At the center of the circle is the data of customer companies, what Fordham calls ‘the crown jewels.’ Recovery Point uses a combination of cyber, network and physical security to protect a customer’s data assets. “If their data is gone or corrupted, their business is gone or corrupted,” says Fordham.

Location of the data center(s) is the first stage of protecting the backup data. Recovery Point is located outside urban areas, away from likely terrorist threats, in an area that is not prone to hurricane or tornado activity. The ‘geographically stable’ area is above the 100-year floodplain. At the perimeter, there is no signage identifying the company or its mission. An anti-ram barrier topped with a 10-foot personnel security fence encircles the campus. At the gate, visitors must be validated remotely or by authorized badge and security code. Inside the perimeter, there are hydraulic anti-vehicle barriers that can resist a 30-ton truck going 50 miles per hour. Bollards at four-foot intervals keep vehicles away from the building.

Visitors require access badges
and receptionists at multiple
desks are located behind
ballistic-rated bullet-proof glass

Inside, visitors require access badges and receptionists at multiple sign-in desks are located behind ballistic-rated bullet-proof glass. Badges allow access only to the specific areas a visitor needs, whether it is the location where their data is stored, temporary work areas, meeting rooms or overnight sleeping quarters. Two-factor authentication includes iris-scan, fingerprint and voice recognition biometrics.

Data Security Process

Independent certification, including auditing of processes and physical boundaries around the data, meets standards such as the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP). 

The network and power must also be stable and Recovery Point has Uptime Institute Tier 3 certification, which includes redundant, switchable systems. There is an A side and B side to each system; if one side is ‘down’ for maintenance or a malfunction, the other side is fully functional to ensure uninterrupted service.

“Customers have already had one disaster,” says Fordham. “We make it as painless as possible for them not to worry about their data, to make them feel secure. In a disaster there are other things to worry about, such as their home and families. We want security you can see and security you can feel.”

Download PDF version

Author Profile

Larry Anderson Editor, SecurityInformed.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Has The Gap Closed Between Security Fiction And Security Reality?
Has The Gap Closed Between Security Fiction And Security Reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

The Five Questions Bank Security And IT Leaders Need To Answer About Cybersecurity
The Five Questions Bank Security And IT Leaders Need To Answer About Cybersecurity

Organizations across the world face a new risk paradigm: one that encompasses cyber and physical threats. We’ve heard the stories associated with ATM skimming, identity theft, data breaches, scams, and phishing. Large financial services organizations are often the victim of hackers looking to steal corporate information and transactional data or funds, and criminals continue to become more sophisticated in their approach. Growth In Cyber-Attacks Additionally, cyber-threats have taken a front seat in the line-up of primary risks facing financial institutions today. And it is no surprise why: according to Cybersecurity Ventures, the amount of money taken in cyber heists, both in banking and elsewhere, was estimated at $3 trillion overall for 2015, and this substantial amount is expected to double by 2021. Cyber-attacks are becoming more prevalent, more complex and harder to address The fact that cyber-attacks are becoming more prevalent isn't the only issue; they're also becoming more complex and therefore harder to address. And although the convenient interconnectivity of the Internet of Things (IoT) creates many advantages for financial institutions, with that also comes an increased risk to dangerous threats. In today’s environment, banks, credit unions, and financial organizations of all types are primary targets for hackers. But it’s not just the monetary loss that these businesses need to be concerned about — there is also a threat to the brand, customer trust, and employee safety. All of these challenges and complexities open the door to new conversations and risks. Here are the top five critical questions today’s bank leaders need to be ready to answer. Should We Collaborate To Mitigate These Threats Effectively? Over the last decade, the emergence of the Internet of Things (IoT) and a demand for more mobile capabilities has changed the way people and businesses connect. But as the need for connectivity increases, so too does the need for increased security for physical assets, networks, and valuable corporate data. As a result, a dialog between IT and physical security is necessary to help leaders gain a greater knowledge of how to best collaborate to ensure complete protection. Leaders must communicate closely to drive strategies that help identify vulnerabilities in a more proactive manner. The result of these conversations: a truly comprehensive approach to security intelligence. It’s not just the monetary loss that banks need to be concerned about – there is also a threat to customer trust and employee safety How Can I Pinpoint The Important Data For Addressing Cyber Threats? To maintain a high level of security and ensure business continuity around the globe, companies seek solutions that help predict and identify threats in real time. But often, there are too many alerts generated by too many systems, and none of this raw data is actionable. Linking cyber and physical security together transforms alerts into actionable intelligence, which helps users connect the pieces of any situation and present a unified risk scenario to the appropriate analysts and operators. By capturing and analyzing data in real time, enterprise organizations gain a visual representation of risks across the business while accessing information related to the most critical events happening at any given time. Not only does this unified process enable a higher and more proactive level of protection, but it also helps facilitate a plan of action based within a common, unified security operations center. How Can I Inform Of The Importance Of Cybersecurity? Security leaders in banks need to feel prepared by staying updated, looking at common vulnerabilities, understanding the malware and challenges, and testing the environment. And collaboration is key to mitigation: Traditional security and fraud teams must work in conjunction with cyber teams to effectively handle all aspects of a cyber-attack. Additionally, CISOs need to “sell” cybersecurity to CEOs and the board by outlining the importance of protection through emphasising the impact of a potential cyber-attack on the business. Ensure you can verbally address the most critical risks to your senior leadership, including recent botnets, scams, and cyber gangs, to receive the support, and budget you need to address these threats head on. Is My System Secure? It is critical that you are knowledgeable about the steps you can take to protect your security and network infrastructure from cyber-attacks. A firewall is useful to prevent hackers from accessing critical data on internal networks and computers Changing default passwords should be a first step, as some scams target devices with hard-coded factory defaults. Ensure software and firmware is up to date because updates often include fixes for potential vulnerabilities. These updates keep your devices and network more secure and increase overall system uptime. A firewall is useful to prevent hackers and unauthorized programs from accessing the critical business information and resources on internal networks and computers. Also, minimize potential risk by closing network ports and disabling services you don’t need. With all of these instances, it is best to work closely with your integrator partner and chosen vendor to ensure that your system is as secure as it can possibly be. What Solutions Are Best To Help Mitigate Risks? Technology is a great force multiplier. Security — both cyber and physical solutions — helps secure an entire branch footprint, alleviates risk, ensures operational compliance, and improves fraud investigations. Video surveillance systems, analytics, threat management platforms and more can provide organizations with intelligence and unprecedented protection from fraud, all while enhancing the customer experience. Overall, there are significant benefits to collaborating to gain comprehensive risk intelligence. By bringing various leaders, departments, technologies and strategies together, we can more effectively identify threats, develop trends and quickly access important data to ensure security and safety goals are realized.

BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage
BCDVideo Signs OEM Deal With Dell EMC: Positive Impact For Surveillance Storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SecurityInformed.com to discuss the reasoning behind the deal, and how the program will benefit partners, integrators, and end-users alike. Expanding BCDVideo's Product Offering For BCDVideo, the HPE OEM program has been widely acknowledged as a success, allowing the company to leverage a globally recognized brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support For Integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting Surveillance Market Demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating For Growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.