Surviving Hurricane Harvey: How to avoid a disastrous recovery
As Hurricane Harvey takes aim at the Texas coast today, IT departments at organizations in the storm's path are bracing for the worst.
It is expected that the storm could reach Level 3 in intensity by landfall. But the high winds are only part of the problem. The greatest destruction can come with the flooding that accompanies the storm.
Harvey will soon put to the test the disaster recovery plans that coastal Texas companies have made. But the storm also serves as a reminder to organizations for the need of strong backup and recovery plans at all times. A crisis or emergency rarely gives advance warning.
Every chief information officer speculates on the health and resiliency of their data center to ensure the continuity of their business in the event of a disaster. Many go as far as to hold periodic tests to discover and mitigate vulnerabilities.
Netflix has gone even further by introducing testing in the form of their Simian Army which randomly tests the resiliency of their production environment against all manner of failures. And though cloud computing has provided a wealth of options for ensuring business continuity in the event of natural or manmade interruptions, disaster recovery (DR) is your last line of defense when every business continuity procedure and plan fails.
With outages costing enterprises up to $60 million a year, according to IHS Markit, DR planning is a critical component of every data center plan, even if the data center is in the cloud.
Furthermore, there are now regulations that require companies to have a DR plan in place. For instance, the Federal Financial Institutions Examination Council (FFIEC) has guidelines about the maximum allowable downtime for IT systems based on how critical downtime is to the business. If a disaster arises and a company isn’t prepared for it, the company can face fines and legal penalties in addition to the loss of service, data, and customer good will.
The ultimate goal of DR planning is to move “cold” data, complete copies of the data center frozen at a point in time, to the most cost effective location possible that provides for meaningful SLA recovery if/when necessary. These copies are then constantly updated to ensure any subsequent changes to the production environment are replicated to the DR environment.
Before moving forward with DR planning, organizations must look at industry-specific regulations such as HIPAA or the Sarbanes-Oxley Act to determine the right hosting infrastructure for their data. For example, strict data sovereignty and security requirements prevent organizations from saving personal data to the cloud if that data leaves the country of residence at any time.
After evaluating these requirements, it may be that the CIO will see that hybrid cloud makes the greatest financial and risk permissive option for that organization. Where previously, “cold” data was moved to tape for offsite storage, cloud based cold storage provides for cost effective retention of data and quicker recovery in the event of a disaster.
Implementing a hybrid IT infrastructure where data is backed up to the cloud - private or public - enables IT to continue to control and align the appropriate levels of data performance, protection, and security across all environments. By replicating data to the cloud and/or other physical sites, organizations can quickly recover operations to that facility when a primary site outage occurs.
Even in the absence of natural disasters, one potential disaster that is wreaking havoc on sensitive enterprise data today is ransomware – malware that takes the victim’s data hostage until ransom is paid. However, organizations with backup/DR solutions as simple as snapshot management software can use it to combat ransomware as part of the DR plan.
The concept is rooted in user-driven data recovery, and fights ransomware with its read-only feature that prevents encryption of the snapshot by an outside source. The protection occurs in the background for added reassurance and halts the need to pay cyber criminals for taking data hostage, as users will have a point-in-time recovery from which to restore their uncompromised data.
These days it’s rarely a matter of if disasters will strike, rather when they will strike. Organizations must create and test a comprehensive DR plan to prevent the potential for lost productivity, reputation, and revenue for the business.
By understanding the threats to their data, taking compliance regulations into careful consideration and creating an all-encompassing DR strategy, organizations will be well positioned to quickly recover operations and avoid the consequences of downtime from any disaster.