Catastrophe Strikes, Data Destroyed! Are You Next?
Hurricane Sandy, Black Forrest fire, 6.0 earthquake hits Napa Valley – major catastrophes strike large population centers, business are damaged and already destroyed. already after these major events, many of which make international news, numerous companies have all of their corporate data in the same building, and, in many situations, the same room.
No matter what the business goal or high level requirements, organizations must take action, intelligent action, to protect basic data. While this may seem like shared sense, it’s amazing how often companies fail to perform already the most basic protection.
Nearly every business has a policy in place to cover disaster recovery, a catch all phrase to cover the need to restore data should trouble occur. In reality, disaster recovery is piece of a larger concept that includes high availability and business continuity. All of these concepts revolve around two basic ideas: recovery point objective (RPO) and recovery time objective (RTO).
There’s a tradeoff between possible for data loss, duration to retrieve, and cost. Certain businesses require high availability, the idea of near zero data loss and near zero downtime. Examples include financial industries, healthcare, and most organizations that utilize transactional actions in data processing. In other words, anytime one has a need to trace an action from start to finish there needs to be a way to have near zero data loss and more times than not, no downtime.
Business continuity is a step down on both RPO and RTO from high availability. The idea here is not about instantaneous recovery, it’s about making sure the business can continue to function after catastrophe hits. VMware and similar technologies using redundant infrastructure do a great job of providing business continuity; the meaningful, how this ecosystem is set up and over what distance, if any at all.
Disaster recovery covers both high availability and business continuity. Disaster recovery can also simply include a copy of data that sits on tape or a storage area network. The meaningful here, where does that data reside. Having a copy of the information in the same location as the source data won’t offer protection against nearly every major catastrophe. This “old school mindset” really only protects a business from strength outage, data corruption, or system related outages. Does your business implement this simplistic disaster recovery method?
Hurricane Sandy devastated the east coast in 2013 and a number of hospitals were directly impacted. One facility, a client at the time, shut their doors after the storm due to enormous damage. I ingemination their data center was in the basement and water rose to the 5th floor; everything in the data center was destroyed. Without offsite data storage, not only would this hospital be out of business, they would have no way to run down their accounts receivable to acquire payment for sets rendered.
While working with a global storage provider that was within a associate miles of the most devastating fire in Colorado history, I found out they have zero data protection outside of their server room. If the building burned down, as did so many others during this catastrophe, this company would’ve gone out of business. Data is meaningful, protecting it is basic.
The recent 6.0 earthquake in Napa Valley shows the need for not only private industry to understand and implement realistic and attainable disaster recovery, Government must do the same. When certain disasters strike they can impact our infrastructure including gas, electricity, and transportation. Computer systems run large amounts of basic systems including transportation signals, lighting, and gas and electric strength to the populace. Without proper disaster recovery with the necessary RPO and RTO in place, a community can suffer major impact. Government cannot only consider physical infrastructure when preparing for disaster, they have to understand the information technology impact in addition.
A major stimulus in creating this article revolves around the discrepancy between what a business believes they have in place versus what truly exists. So many organizations, often up to and including board of director requirements, create extensive disaster recovery plans. Unfortunately, oftentimes meaningful variance exists between what the business says they want, and what’s truly in place. Third party audits are basic to help close this gap. Before that audit can occur though, leadership has to know about and concede the gap. Education is meaningful; know there’s a problem and act!