Having an area where recovery operations can function can sometimes be an important element in recuperation from a cybersecurity incident. There are 3 basic classifications for these sites:
Cold Site – This is an operational space that will have basic facilities; power, phone system, Internet connectivity and other basic amenities. Network and other hardware can be brought to the site in order to repair or resume basic operations. This may be necessary in case there is physical damage to an existing structure that interrupts the business continuity of an organization.
Warm Site – Hardware and connectivity is already established. The hardware may be minimal and only include critical servers. There may be backups on site.
Hot Site – This is a redundant site for the organization. This would be a mirror image that requires real time synchronization between the sites. The luxury of having a hot site would provide uninterrupted services as the switch can easily be made to the duplicated site.
A hot site, with duplication of the entire operation would be costly, but efficient. A warm site could be more feasible and aid in the quicker recovery from a cybersecurity incident. A cold site would be necessary should the original site become unusable but would be slower and more expensive to recover from an incident. Depending on the nature of your organization, you will need to determine what would be suitable and how much down time you can experience.
Make sure that when you are creating your Incident Response Plan that you include a “Plan B”. It should include the options of alternative sites for recovery purposes.