Hurricane Sandy, Black Forest fire, 6.0 magnitude earthquake shakes Napa Valley – major disasters hit large population centers, businesses are damaged or even destroyed. Even after these major events, many of which make international headlines, numerous companies have all company data in the same building and in many cases in the same room.
Regardless of the business goals or demanding requirements, companies must take intelligent measures to protect critical data. While this may seem like common sense, it’s amazing how often companies don’t offer even the most basic protection.
Almost every organization has a disaster recovery policy, a catch-all term that covers the need to recover data in the event of a problem. In reality, disaster recovery is part of a larger concept that encompasses high availability and business continuity. All of these concepts revolve around two fundamental ideas: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
There’s a trade-off between the potential for data loss, recovery time, and cost. Certain businesses require high availability, the idea of near-zero data loss and near-zero downtime. Examples include the financial industry, healthcare, and most organizations that use transactional actions in data processing. In other words, whenever an action needs to be tracked from start to finish, there must be a way to have almost no data loss and most of the time no downtime.
Business continuity is a step down in both the RPO and RTO of high availability. This isn’t about instant recovery, it’s about making sure the business continues to function after a disaster. VMware and similar technologies that use redundant infrastructure do an excellent job of providing business continuity. the key is how that environment is set up and over what distance, if at all.
Disaster recovery encompasses both high availability and business continuity. Disaster recovery can also simply involve a copy of data residing on tape or a storage area network. The key here, where is this data located. Having a copy of the information in the same place as the source data does not protect against almost every major disaster. This “old-school mindset” really only protects a business from power outages, data corruption, or system-related failures. Does your company implement this simplified disaster recovery method?
Hurricane Sandy devastated the east coast in 2013 and a number of hospitals were directly affected. A facility, then a customer, closed after the storm due to massive damage. I remember their data center was in the basement and the water rose to the 5th floor; everything in the data center was destroyed. Without external data storage, this hospital would not only be unemployed, it would also have no way to clear its accounts receivable to receive payment for services rendered.
When I was working with a global storage provider just a few miles from the most devastating fire in Colorado history, I found they had no data protection outside of their server room. If the building had burned down like so many others did during this disaster, this company would have gone broke. Data is key, protecting it is fundamental.
The recent 6.0 magnitude earthquake in Napa Valley shows that not only does private industry need to understand and implement realistic and achievable disaster recovery, but government needs to do the same. When certain disasters occur, they can affect our infrastructure, including gas, electricity, and transportation. Computer systems run large amounts of critical systems, including transportation signals, lighting, and gas and electricity for the population. Without proper disaster recovery with the required RPO and RTO, a community can have a big impact. In addition to considering physical infrastructure when preparing for disasters, governments must also understand the impact of information technology.
A major impetus in the creation of this article revolves around the disconnect between what a company is believes they have on the spot against what really exists. So many organizations, often up to and including the requirements of the board of directors, create extensive disaster recovery plans. Unfortunately, there is often a significant discrepancy between what the company wants and what actually exists. Third-party audits are critical to closing this gap. However, before this audit can take place, leadership needs to know and acknowledge the gap. Education is key; know there is a problem and take action!