SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Planning for the next catastrophe: Disaster Recovery during COVID-19
Fri, 27th Aug 2021
FYI, this story is more than a year old

The COVID-19 pandemic has been the catalyst for momentous change throughout the IT landscape, and for Disaster Recovery in particular, as the global pandemic made widespread disruption and uncertainty a clear and present reality.

Andrew Cruise, managing director at Routed, a vendor neutral cloud infrastructure provider, says the onset of COVID-19 was one kind of disaster as companies had to quickly invoke business continuity and disaster recovery plans to cope with employees being denied access to their offices.

It has put into sharp focus many enterprises lack of DR plans and accelerated the penetration of Disaster Recovery as a Service (DRaaS) in the market, he says 
 
According to Cruise, having coherent DR plans in place are a non-negotiable, especially given the wide-ranging threats today's businesses face on an ongoing basis.

He says that while there are a number of obvious disasters that CIOs should be planning for, there are some no less high profile disasters that don't receive adequate attention until it's too late.

"Ransomware is of course one of the most common and insidious disasters that can occur, but another which receives very little press, mostly due to embarrassment, is internal sabotage, closely followed by employee error," Cruise says.

"These are much more common than fire, theft and flood, and all require a slightly different approach to ensure a resolution."

Cruise highlights four key factors to keep in mind while planning for effective recovery from disasters:

Disaster Recovery (DR) plans are the technical part of Business Continuity (BC) panning and should never sit in isolation. The objective of DR plans is to satisfy Business Continuity objectives, which are typically deployed to maintain some level of business function in the face of an unexpected destructive event. The scope of a DR plan usually covers IT only. This would cover the accessibility of a recovery environment at a minimum, including the recovery and useability of data and applications, and the networks access to said data.

Test your Disaster Recovery plans. If your Disaster Recovery doesn't work, its like paying for insurance and then not getting a pay-out when you claim. Disaster Recovery is not trivial to implement, but it should be easy enough to test, and your provider should have this built into their solution both technically and commercially. No one wants to fix the roof while it is raining, or change a tyre at 100km/h and businesses cannot afford to address serious technical problems in the face of a major disaster. Testing Disaster Recovery plans shows up performance and capacity issues and allows organisations to plan accordingly, which may include switching providers.

Find the right skills. Anyone who is part of a Disaster Recovery team should be well organised, and calm in the face of pressure. Clearly, technical skills to operate, manage, and test the environment are also required. Enterprises need to ensure they have access to these skills from their provider.

Consider the costs. Although cloud-based disaster recovery solutions are designed for the enterprise, it is available, in scale, and therefore within the reach of smaller businesses too. Disaster Recovery should not be more than 20-30 percent of an organisations IT production budget. Keep in mind that it is not necessary to invest in capital, by purchasing the target hardware and software. Businesses can buy disaster recovery as a service, and rent what is needed, based on usage.