Published On May 21, 2021What is a disaster to you? When many people think about the need for disaster recovery, they picture hurricanes, tornadoes or other natural disasters. In reality, catastrophes caused by humans — such as cyberthreats, wide-scale system failures and human errors — are the main sources of disaster.
What is a disaster to you? When many people think about the need for disaster recovery, they picture hurricanes, tornadoes or other natural disasters. In reality, catastrophes caused by humans — such as cyberthreats, wide-scale system failures and human errors — are the main sources of disaster.
With the recent Colonial Pipeline ransomware attack, this has come into sharp focus and is a stark reminder to companies to make sure they have up-to-date and functional disaster recovery plans in place, and to test those plans regularly and proactively. In an article in The Verge, Philip Reiner, CEO of the nonprofit Institute for Security and Technology, said, “One of the things we see here is another example of basic steps not being taken in order to secure your systems. Cyber hygiene, or the lack thereof, is really one of the greatest causes of cybercrime. … very basic things [are being left] undone.”
In response, President Joe Biden has issued an Executive Order on Improving the Nation’s Cybersecurity which seeks to strengthen the federal government’s ability to prevent and respond to cyberthreats. The order also encourages private sector companies to follow the federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.
Tie Your Disaster Recovery Plan into your Business Continuity Plan
When IT professionals were asked in a recent survey about the actual disasters they reported experiencing over the last year, man-made disasters topped the list (65%), followed by technology incidents (29%) and IT security incidents (22%).
Every component of a disaster recovery (DR) plan should tie into an overarching business continuity plan (BCP). Disaster recovery includes the processes, tools and procedures to reduce downtime and data loss beyond the capabilities of backup. Business continuity encompasses backup, disaster recovery and high availability (i.e., making sure your systems are running 99.999% of the time) as well as aspects of the business (technical and non-technical) and the process to restore business functions.
The Threat of Downtime is Real
The threat of downtime is the single biggest driver for business continuity planning for many organizations. IDC indicates 80% of small businesses have experienced downtime at some point, with costs ranging from $82,000 to $256,000 for a single event. For larger enterprises, downtime costs can reach $9,000-$17,000 per minute.
Between 40-60% of small organizations that lose access to operational systems and data, and don’t have a disaster recovery plan, end up going out of business forever, according to a webinar hosted by Carbonite, an OpenText company, and Iron Mountain.However, 96% of organizations with disaster recovery solutions in place fully recover their operations and do so relatively quickly.
To successfully prepare your organization to recover from a disaster, these basic steps are required:
You need at minimum a Backup Disaster Recovery (BDR) plan documented and in place
You need a team that knows how to recover your systems (and knows your data)
Your BDR needs to fit into the Business Continuity Plan (BCP)
Everything needs to be tested – at least once a year
Two Stories of Preparedness
In another disaster scenario, preparedness saved the day. Ice storms in Texas knocked out power and closed roads in early 2021, but the data centers prevailed, primarily because their disaster recovery plan included provisions to have at least 48 hours’ worth of diesel fuel on site to keep things up and running, despite the lack of power.
The Texas weather event reminded many of 2012’s Hurricane Sandy in the New York and New Jersey area. However, in that storm, hundreds of people died, 8 million people lost power and the damage was devastating – estimated at $70 billion.
One company weathered the storm and put a robust data protection system in place as a result. At the time of Hurricane Sandy, one of the largest managed healthcare companies in the United States stored all of its data within a 30-mile radius of its headquarters and lost massive amounts of medical insurance information due to flooding. As part of an overall system upgrade, they turned to Iron Mountain’s Iron Cloud Data Protection services to replicate data across their two locations and protect their data in the cloud. As a result, the company transformed its disaster recovery system, moving from tape to cloud to prevent future problems. They estimate $2 million in IT cost savings, as compared to using their traditional commodity cloud service. The organization can also now rely on geo-redundancy across Iron Mountain’s ultra-secure data centers.
Coronavirus: A New Reason for a Disaster Recovery Plan
In response to the global coronavirus pandemic, many businesses have adopted remote work, 24/7 operations and face new challenges to IT security. According to tdwi’s Upside, “One of the most important trends we saw in 2020 that will continue into 2021 is an organization's need for a robust disaster recovery plan ... Every company has always needed a disaster recovery plan. Some just didn't realize the criticality until the pandemic and remote work made it more apparent. It is not clear to most that they not only need a plan, but they need to routinely test it to make sure it is comprehensive. The COVID-19 pandemic, wildfires, hurricanes, and economic closures of 2020 shined a continuous spotlight on the problems, forcing companies to consider if they had the right plan.”
Business data has never been more critical to an organization’s survival and success and securing and protecting it is essential. Whether you use on-premise backup, cloud backup or manage a hybrid IT environment, you need to consider your disaster recovery options and put a plan in place before a worst case scenario occurs. You also should consider storing a gold copy of your data offsite - in an air-gapped environment not connected to a network and therefore, un-hackable - so you have additional ways to recover. Security measures, such as multi-factor authentication, which is available with Iron Mountain’s Iron Cloud Secure Offline Storage with Vault Lock service, can provide added protection for the critical data that runs your business.
Are you protected? It’s time to reassess your disaster recovery and business continuity plans to ensure they cover all scenarios - natural and man-made.