Contact Us: 888 965 9988

Blog & News

Disaster Recovery Planning: Top 5 Takeaways from Hurricane Dorian

Sep 19, 2019, 15:08 PM by Alex Simons

Hurricane Dorian DR

Image: ABC News


Have you seen that incredible new commercial where somebody drops a server into a lake – and then they fish it out, plug it in, and show you all the data that remained intact?

Of course you haven’t. Servers don’t do that. And if you see somebody destroying a server – they’re probably destroying evidence.

As an IT professional, you probably spend countless hours preparing for a wide-range of technologic threats facing your network.

But what about Mother Nature? I’m guessing you don’t spend many development cycles worrying about her. Hurricane Dorian unfortunately highlights the importance of a comprehensive business continuity strategy purpose-built to withstand severe weather-related disasters.

Ready.gov is an excellent source of information to help prepare, respond and mitigate national emergencies, including natural disaster.

The 5 takeaways below focus on key data protection considerations to limit business disruption and safeguard corporate information systems in the event of a hurricane or weather-related outage.


Takeaway #1: Be Ready for Flooding

According to the National Oceanic and Atmospheric Administration NOAA, flooding associated with Hurricane Dorian could reach up to eight feet above normal tide levels in some coastal areas [1].

On-prem hardware and information systems simply cannot withstand severe water-related damage. The affected information is also subject to permanent deletion if it only resided in the singular flooded location.

FEMA also reports that floods are the most common natural disaster in the United States and the geographic reaches are near universal [2]:


Frequency of Flooding by FEMA

The most critical aspect to a successful disaster recovery plan in the event of a flood to is to ensure that corporate data is moved off-site securely and consistently.

Imagine showing up to work tomorrow to a flooded server room.

What would you do?

The consistent movement of data off-premises is the most important first step within an IT disaster recovery plan. A secure secondary site for replication will minimize the risk associated with the electrical failures and on-site outages associated with flooding.


Takeaway #2: Ensure Geographic Redundancy

Many organizations have a workflow designed to replicate data to secondary storage devices on-premises.

But what would happen if both storage locations were impacted by the same hurricane or natural disaster?

The only mechanism to prevent this scenario is a geographically redundant solution utilizing a dispersed network of secure backup facilities.

The general rule of thumb for a redundant backup solution is the 3-2-1 Backup Rule. This easy-to-understand principle ensures:


3-2-1 Backup Rule

The 3-2-1 backup rule is a critical component for any data protection system. Each additional layer of redundancy ensure secure secondary storage collocations and offsite infrastructure away from the weather-related damage.


Takeaway #3: Backup ≠ Disaster Recovery

So your data is consistently replicating to a secure offsite location.

You are now prepared for an outage, right?

Wrong.

Data backup is often used interchangeably with disaster recovery. But the two terms are not synonyms. Uptime and availability requirements extend far beyond replicating data offsite.

Backups are simply secondary copies of data to facilitate a restore. Disaster recovery is the ability to failover an application within a timeframe that supports your recovery time objective (RTO).

The RTO refers to how much downtime a system or application can tolerate without significant business damage. Not all data is created equally. Different systems and applications will have different RTOs.

Business impact analysis (BIA) and total-cost-of-ownership (TCO) assessments will help you define the RTOs for each dataset. Flexible timeframes likely only require a dependable backup solution. Short or instantaneous timeframes for mission-critical applications likely require a comprehensive disaster recovery solution.


Takeaway #4: Test Your DR Plan

According to the Disaster Recovery Journal’s 2018 State of Business Continuity Report, an average of 28% of organizations do not test their disaster recovery plans [3]. The survey also reports that only 18% of surveyed organizations report are “Very Prepared” in their ability recover after a disaster:


DR Prepardness
 

Source: Disaster Recovery Journal


In other words, these “disaster recovery plans” are not plans at all. They are a series of assumptions about how business operations will resume in the event of an outage.

Digital transformation and continuous changes to an IT environment often misaligns disaster recovery operations with uptime requirements. Only frequent testing can expose the gaps within the disaster recovery plan.

The DR testing strategy should be designed to reveal which elements of the disaster recovery plan would fail during a live execution. Disaster recovery is a capability, not a product. So testing is the only mechanism to measure and validate organizational readiness and IT resiliency in the event of an outage.


Takeaway #5: Leverage Automation for Increased Operational Efficiency

Solution design and system implementation for DR is often complicated by exponential data growth, dispersed hybrid environments, and the OPEX required to administrate and maintain the solution.

Workflow automation can help streamline various IT failover operations within the overarching disaster recovery plan. This can bolster efficiency by ensuring continuous around-the-clock functionality while significantly reducing manual overhead.

The rise of virtualization has also simplified disaster recovery policy management with enhanced server and primary storage orchestration. Frequent automated snapshots of high-priority VMs can help you immediately spin-up an environment to a secondary site with a few clicks. Virtualized and cloud-native solutions with automated DR policy management also reduce the overall total-cost-of-ownership (TCO) by eliminating capital hardware expenditures, faster provisioning of resources, and simplified disaster recovery system management.


It Might Be Time to Re-Examine Your Disaster Recovery Protocols

Hurricane Dorian serves as a stark reminder for a dependable disaster recovery strategy in the event of an outage.

Organizations usually can’t avoid natural disasters or other weather-related business disruptions. Only preventative business continuity measures can minimize the potential damages and fiscal consequences associated with data loss.

Disaster recovery is an area of IT in which many organizations don’t have much confidence. If your critical business systems are not wrapped in data loss prevention products and staffing to failover after a disaster, assistance is available through business continuity consultants or a disaster recovery-as-a-service (DRaaS) model.

We also recommend our recent disaster recovery planning guide from leading storage and security analyst, George Crump.



Sources:

[1]. National Oceanic and Atmospheric Administration

[2]. Federal Emergency Management Agency

[3]. Disaster Recovery Journal

Subscribe to our Newsletter

Enter your email below to be notified about new articles.


Download Analyst Report


Disaster Recovery Planning

“Disaster Recovery Planning: Getting from Good to Great”