When a CryptoLocker ransomware swept the world recently, the effect was extraordinary. A surgeon lost access to computers mid-operation, retailers lost access to point of sale equipment, and individuals lost everything from family photos to college papers. Subsequent waves of similar ransomware are still circulating, often causing a total loss of data.
For many businesses, it sounds a death-knell; in a Federal Emergency Management Agency (FEMA) report, 40% of businesses are unable to reopen after a disaster, with 25% failing within a year. Whether the disaster is a man-made cyber-attack, human error, or a natural disaster such as fire or flood, every business leader, and every IT professional, must ask themselves how long they can still operate without access to the data they depend on.
Outside the IT department, the potential impact of lost data is often underestimated or misunderstood. Immediate thoughts may turn to managing without access to emails, or perhaps to customer records – in itself something that makes normal operations extremely hard. As any IT professional knows, though, that is just the tip of the iceberg. Businesses have an obligation to shareholders to protect data – and that means looking beneath the surface.
Whatever business you’re in, from manufacturing to finance, from agriculture to education, you’re part of a digital economy. Changes have crept in over the last few years, connecting security cameras, production equipment, heart rate monitors, even livestock, making them all a part of the internet of things (IoT). And these things make us more dependent than ever on continued access to data. DR plans today must take into account this broader array of devices.
A familiar problem we encounter is where people think they’re doing disaster recovery, but perhaps back up to the other end of the same building, where they may not have access if things go pear-shaped. There is no harm in having a copy of your data in the same place for other purposes, if it is not the only copy. The location of your backups is critically important, and anywhere on the same campus is way too close.
An absolute essential in today’s world is to use off-site backup. There are many cloud options – but we recommend as a primary consideration that you check which jurisdiction your data resides in. Given the political flux in some countries previously considered stable, keeping data close – but not too close – is ideal.
We use world-class data centres around Australia and in New Zealand with our partners SAS IT for our own business because it gives sufficient physical distance without exposing us to potential legal cases overseas. We can support our customers to do the same. We work with a risk matrix to establish what risk each customer is mitigating, working through a detailed process to determine which data is most important to each business to continue operation.
Before choosing a back-up location, a DR audit is a worthwhile exercise. This examines and tests all aspects of your plan, and matches recommendations to your business. This will vary according to your data dependence level – a small manufacturer may be able to absorb a slightly slower recovery time than a bank, for example. An audit will explore whether you can afford to lose a day, an hour, or a minute’s transactions, and whether you can afford to risk losing access to a piece of equipment.
An audit will also pick up flaws in processes that hamper an otherwise strong DR plan. For one customer, we met in the car park and conducted an exercise in which an imaginary fire had broken out in the main building. On asking where the DR plan was located, we learned it was inside. On that occasion, the remainder of the plan was well-designed, but a fresh set of eyes picked up that flaw.
Independent audits often pick up problems that familiarity misses, so it is a valuable process. It means having an expert with the time to focus solely on DR – something the very busy in-house team can struggle with. Contrary to commonly held concerns, it can be done in a virtual environment, without any disruption to people or production – so there really is no reason not to.
For more about creating a solid DR plan, considering a truly industrial-strength backup-as-a-service solution, or auditing the solution you already have in place, contact the friendly experts at Team Computing.