Taking stock of your disaster response plan during hurricane season

Natural disasters seem to be competing with ransomware for the coveted “Worst Thing to Happen to Datacenters” award of 2021. Ransomware attacks are certainly on the rise, but natural disasters don’t want you to forget about them just yet. According to the NOAA, the losses from natural disasters in the US have already exceeded $1 billion in 2021. Whatever your beliefs regarding the causes of extreme weather, it has a significant impact on the world around us – and organizations of all types need to be prepared.

As of this writing, the Dixie fire is now the second-largest fire in California history and has destroyed 500,000 acres and over 400 structures so far – and it is only 21 percent contained after three weeks. The largest in California’s history was only last year and was double its size. Sadly, the Dixie fire is only one of several fires blazing on the West Coast. Several tropical storms have already been reported in the Southeast, and there have been major floods in many metropolitan areas that came without warning this summer. We even had something called a derecho appear in Ohio, which is a hurricane that forms over land.

With hurricane season quickly approaching us, it gives us a chance to stop and think about how well prepared we are for disasters of all kinds. A solid, well-tested disaster recovery (DR) plan is the difference between your company surviving a natural disaster – or ceasing to exist the moment it happens. This is not fear-mongering; many companies have disappeared forever after a failed disaster – including 40% of small businesses. Don’t let yours be next.

Plan for the worst and hope for the best

The first step in DR planning is to identify the risks that you are going to protect against. You should be aware of the types of natural disasters that inflict your area, as well as additional risks such as ransomware attacks. When designing your DR system, you need to take those risks into account because it may help you decide certain aspects of your design – especially where you’re going to store your DR copy.

The key to surviving a natural disaster (or a cyberattack) is placing as much distance as possible between your primary and protection systems. The old adage of the 3-2-1 rule comes to mind here: three copies of your data on two different media, one of which is stored somewhere else. The last part of that rule is perhaps the most important when discussing disaster recovery. Unfortunately, separating primary and protection systems to support quick recovery has historically been something outside of the budget of many companies.

The good news is that the advent of cloud computing has changed all of that. The cloud allows you to easily store data far away to protect it from natural disasters while creating a digital air gap between your computing infrastructure and recovery site. The latter ensures that events such as a ransomware attack that infects your primary systems will not also infect your recovery systems. However, not all cloud DR systems are the same, and some can be easily infected if a ransomware attack strikes – so choose wisely.

Once you have designed and implemented your DR system, it must be regularly tested to ensure that it will do the job if called upon. While testing your DR system, don’t make the mistake of only testing one or two parts of your system. While there is nothing wrong with testing part of your infrastructure, you also must test a full-scale recovery at least once a year – hopefully more. Only in a full-scale recovery will you really see how you and your DR system will perform if the worst happens.

While you might not be a part of the world that is soon to be in the direct path of multiple hurricanes, this is still as good a time as any to take stock of your DR plan to see how it measures up. If you have ignored this particular problem because you thought it was too expensive or not possible, it’s time to think again. Advancements in the cloud have brought full-scale, high-speed, disaster recovery to every environment. It’s time to take a look at your options.

W. Curtis Preston, also known as Mr. Backup. has been in the backup and recovery industry for over 25 years. Curtis has designed and implemented backup systems for the world’s largest companies, is the author of three O’Reilly books on the topic, as well as the webmaster of backupcentral.com. After following the industry for more than two decades, Preston joined Druva and is now its Chief Technical Evangelist.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.