During a recovery, is your organization's storage secure? System attackers and data thieves are cowards, so it's only natural that they're attracted to enterprise systems when they're most vulnerable.

Disaster recovery is a complex and multifaceted operation, and your DR team members are likely already spreading themselves thin trying to ensure a speedy and complete recovery. That's why it's important to ensure that system and data security is always maintained, especially during a DR operation.

There are several key points to consider as you evaluate your organization and work on crafting a secure disaster recovery plan. Along with having solid data security measures in place as part of your standard business operations, see how it helps to consider DR when establishing these standards. Here are four steps to maintain security during recovery.

Remain consistent Security during a DR operation cannot be any different than during regular operations, said Richard Butgereit, director of catastrophe response at the Geospatial Intelligence Center, an organization that serves the insurance industry and first responders with geospatial support during disaster situations. "Otherwise, you look to turn your disaster recovery into yet another disaster," he stated. A prime directive for a secure disaster recovery operation should be to maintain the same security standards in place for normal business operations, said Greg Arnette, director of data protection platform strategy at Barracuda Networks. "This means the security apparatus -- software, hardware, identity management, etc. -- needs to be at the core of the [business continuity/DR] planning."

Stay strong Access and authorization systems should be protected as part of a business continuity and DR plan. "These critical systems are the foundation for modern enterprise IT systems, and themselves need a DR plan to ensure that APIs and login screens are accessible when primary systems are affected by the disaster event," Arnette said.

Stick to the plan The data and applications running in your DR location should be following the same guidance and security protocols as your production facilities. Ned BellavanceDirector of cloud solutions, Anexinet The best way to maintain a secure disaster recovery process is to have good security practices already baked into existing technologies and processes, recommended Ned Bellavance, director of cloud solutions at IT service management company Anexinet. "The data and applications running in your DR location should be following the same guidance and security protocols as your production facilities," he said. Bellavance noted that several key security items should be considered when developing secure disaster recovery operations. "First, any sensitive data should be encrypted at rest and in transit, including backup and replication data being sent to a secondary site," he said. "Second, DR documentation should not include any passwords or secrets." Such information should be stored securely with an off-site service that can be easily accessed in the event of a disaster. "Third, DR operators should follow the principle of least privilege," Bellavance said. This means not giving operators more rights than they absolutely need to accomplish their tasks.