Why disaster recovery strategies need a second look
With the destruction that recent hurricanes, earthquakes and other natural disasters are leaving behind, communities and organizations must be prepared to start rebuilding immediately.
For healthcare organizations, this means implementing ways to recover lost data and restart operations as a result of power outages or impacted data centers.
Disaster recovery plans hold a line of defense for the unexpected. If implemented strategically, these plans keep enterprises stable in hard times and can make resuming normal operations as simple as recovering from a backup. There are various ways to test a disaster recovery plan after implementation to ensure a foolproof defense against the unexpected.
Every chief information officer speculates on the health and resiliency of their data center to ensure the continuity of their organization in the event of a disaster. Many go as far as to hold periodic tests to discover and mitigate vulnerabilities.
Netflix has gone even further by introducing testing in the form of their Simian Army, which randomly tests the resiliency of their production environment against all manner of failures. And although cloud computing has provided a wealth of options for ensuring operational continuity in the event of natural or manmade interruptions, disaster recovery (DR) is the last line of defense when every continuity procedure and plan fails.
With outages costing enterprises as much as $60 million a year, according to IHS Markit, DR planning is a critical component of every data center plan, even if the data center is in the cloud.
Furthermore, there are now regulations that require companies to have a DR plan in place. For instance, the Federal Financial Institutions Examination Council (FFIEC) has guidelines about the maximum allowable downtime for IT systems based on how critical downtime is to the organization. If a disaster arises and an organization isn’t prepared for it, it can face fines and legal penalties in addition to the loss of service, data and customer good will.
The ultimate goal of DR planning is to move “cold” data—complete copies of the data center frozen at a point in time—to the most cost effective location possible that provides for meaningful SLA recovery if and when necessary. These copies then are constantly updated to ensure any subsequent changes to the environment are replicated to the DR environment.
Before moving forward with DR planning, organizations must look at industry-specific regulations such as HIPAA or the Sarbanes-Oxley Act to determine the right hosting infrastructure for their data. For example, strict data sovereignty and security requirements prevent organizations from saving personal data to the cloud if that data leaves the country of residence at any time.
After evaluating these requirements, it may be that the CIO will see that hybrid cloud makes the greatest financial and risk permissive option for that organization. Where previously, “cold” data was moved to tape for offsite storage, cloud-based cold storage provides for cost-effective retention of data and quicker recovery in the event of a disaster.
Implementing a hybrid IT infrastructure where data is backed up to the cloud—private or public—enables IT to continue to control and align the appropriate levels of data performance, protection, and security across all environments. By replicating data to the cloud and/or other physical sites, organizations can quickly recover operations to that facility when a primary site outage occurs.
Even in the absence of natural disasters, one potential disaster that is wreaking havoc on sensitive enterprise data today is ransomware—maalware that takes the victim’s data hostage until ransom is paid. However, organizations with backup and DR solutions as simple as snapshot management software can use it to combat ransomware.
The concept is rooted in user-driven data recovery, and fights ransomware with its read-only feature that prevents encryption of the snapshot by an outside source. The protection occurs in the background for added reassurance and halts the need to pay cyber criminals for taking data hostage, as users will have a point-in-time recovery from which to restore their uncompromised data.
These days it’s rarely a matter of if disasters will strike, rather when they will strike. Organizations must create and test a comprehensive DR plan to prevent the potential for lost productivity, reputation, and revenue for the business.
By understanding the threats to their data, taking compliance regulations into careful consideration and creating an all-encompassing DR strategy, organizations will be well positioned to quickly recover operations and avoid the consequences of downtime from any disaster.