Risk Management Blog - ClearRisk

Twitter Recovered from two Service Interruptions. Can you?

Posted by Craig Rowe on Tue, Aug 18, 2009 @ 14:08 PM

On August 6th, microblogging service Twitter.com was the victim of a distributed denial-of-service (DDoS) attack that kept it offline and scrambling to recover for over two hours. On the 12th of August, it was again the target of a second DDoS attack that this time kept it offline for a mere 30 minutes.

While a politically-fuelled attack on multiple social networking sites may be pretty far down the list of anticipated risks, we wonder – What planning and procedures did Twitter have in place to address and recover from such an event?

To better an organization’s response to any disruption in operations, business continuity should be a main staple of any risk management plan.

Business Continuity Planning (BCP) involves creating and preparing to implement actions and processes that help an organization recover from any unforeseen disruptions of operations. An effective BCP limits business interruptions by giving employees the infromation, tools and direction to return to normal operations as soon as possible.

A BCP should include plans, measures and arrangements to ensure the continuous delivery of critical services and products, permitting the organization to recover its facility, data and assets. The creation and implementation of BCP should begin with the identification of necessary resources to support business continuity, including personnel, information, equipment, financial allocations, legal counsel, infrastructure protection and accommodations to make such a recovery possible.

Further benefits of business continuity planning include:

  • Ensuring the safety of employees and the general public;
  • Minimizing potential revenue loss;
  • Preventing loss of confidence in the organization;
  • Reducing the probability of a disaster or disruption occurrence; and
  • Reducing disruption of normal operations.

With two DDoS attacks in the run of a week, Twitter certainly has shown improvement in how they respond to and recover from disruptions in their operations specific to a malicious attack. It would be an interesting exercise to see if Twitter’s response plan has changed in the past week. Business continuity planning should always be flexible enough to be used in response to any disruption.

Does your organization have a Business Continuity Plan?

Topics: business continuity plan, recovering from an outage, recovering from a crisis, service interruptions