Redefining Disaster Recovery
For years, disaster recovery had a simple definition in the world of IT. It meant that you had put in place technologies to recover from a disaster, which had destroyed or rendered unavailable systems and data in your on premise datacenter. To address these disasters the IT industry developed a robust set of solutions, including software for backup and archive, as well as tape backup systems and redundant off-site datacenters. No system is perfect, but it was fair to say that if one wanted to prepare for these traditional “all or nothing” disasters, technologies existed that CIOs could employ to ensure they could recover their data so that it was not lost forever.
Over the past few years, it has become increasingly apparent that our traditional definition of disaster recovery needs to be expanded. Today’s disasters can include a CEO’s laptop data being held for ransom by a cybercriminal, corrupted data in a mission critical cloud-based application or a failure to find data needed for an eDiscovery motion. Moreover, just being able to recover from a disaster is no longer enough–recovery needs to take place quickly, often at the “microscopic data level”, otherwise, business can grind to a halt (as the recent Delta airline IT system mishaps demonstrates). In this new world what does a modern disaster recovery strategy look like and what capabilities are essential to recover from today’s data disasters?
It will not be a surprise to any CIO that at the top of the list of new must-have disaster recovery capabilities is cloud backup, archive, eDiscovery and search. From cloud-based applications like Salesforce and Office365, to public cloud services such as Amazon Web Services and Microsoft Azure compute, the cloud’s agility, flexibility and simplicity has enabled it to take the world of enterprise IT by storm.
Today’s digital economy demands that CIOs expand their definition of disaster recovery to include the cloud, endpoints, and recovery speed
Cloud adoption has been so fast that many enterprises have yet to consider how they would manage a disaster that threatens their cloud-based data, let alone develop and implement a disaster recovery strategy for the cloud or one that simply uses the cloud. Yet with ever more mission-critical data and applications moving to the cloud and threats to this data growing (from data corruption caused by a mistake by your DevOps team to hackers seeking to destroy an enterprise’s data) the importance of protecting this cloud-based data is growing. Moreover, they also need to be able to recover (often using archive search) microscopic pieces of cloud-based data such as individual emails, files, or SharePoint items. Most enterprise level CIOs today have either already integrated or plan to integrate the cloud into their enterprise IT infrastructure. If a deployment of disaster recovery technologies that can support a backup, recover, and archive strategy for this cloud-based data is not at the top of these CIOs to-do lists, it should be.
Next on the list would be finding technologies that enable the recovery of data from laptops and other endpoints that have been lost, stolen, damaged, or hacked. While important enterprise data has been stored on endpoints for years, the value of this data has increased-according to the Ponemon Institute, the average cost for a lost or stolen record containing sensitive and confidential information has increased 23 percent since 2013. Moreover, while the value of this data has grown, so has the number of threats to this data. In addition to lost stolen and damaged endpoints, CIOs increasingly need to worry about cyber criminals who see endpoints as the soft underbelly of enterprises’ data protection and management strategies. In particular ransomware, where cyber criminals hold someone’s endpoint data hostage, is a growing threat-network control company InfoBlox saw a 3,500 percent increase in the criminal use of net infrastructure that helps run ransomware campaigns in the first quarter of 2016. Complicating the situation further, while many companies have deployed endpoint backup technologies, they often are not actually used by employees because they are not mandatory, ubiquitous, and unobtrusive. With lost, stolen, damaged, and hacked endpoints increasingly constituting a disaster, CIOs that fail to deploy technologies that constantly protect this data with little to no effort on the part of users risk seeing some of their enterprise’s most valuable data disappear.
Another capability that CIOs need to consider in the new world of disaster recovery is speed. In the digital economy enterprises depend on 24/7/365 access to web, mobile and other applications and any delay in being able to access these applications can not only results in immediate financial losses, but damage to corporate reputations that can last for years. IDC indicates that the average cost of downtime is about $100,000 per hour, although it can go as high as $1.6 million per hour for some organizations. In this “always on” environment, tape backup is not sufficient if an enterprise wants to be back up and running after a disaster in minutes or hours rather than days or even weeks. Moreover, the disaster might not even be about losing data, but just not being able to quickly find old data. For example, having moved to Office365, can your enterprise still find a 10-year-old on premise Exchange email or SharePoint item needed to help your corporate attorney cross-examine a witness in an important lawsuit the next day? Today’s data disasters are not just about the permanent loss of data–they are also about quickly recovering or finding data essential to your business. While when you are driving “speed kills”, when it comes to data the opposite is now true– “slow kills.”
In the past CIOs could be excused for not considering disaster recovery scenarios related to corrupted cloud-based data, hijacked endpoint data, and offline mobile apps. These CIOs and other IT decision makers can no longer be excused for not having an optimized plan in place. Today’s digital economy demands that CIOs expand their definition of disaster recovery to include the cloud, endpoints and recovery speed, and make sure they have the technology they need to meet these new disaster recovery challenges. If they do not then they might be the next enterprise to be confronted by reporters, customers, employees, and shareholders asking–how could you not have prepared for that?