Your worst-case DR scenario today might be vastly different than it was just a few years ago. What's the worst that could happen to your data center in the event of a disaster?
Even as corporate data resources have grown in scope and become ever more critical, planners have orbited around a fairly orthodox view of worst-case disaster recovery scenarios. Now, recent major natural disasters in areas with lots of tech infrastructure, such as the flooding in Texas in 2018, are giving some planners pause.
What's more, with global trade and diplomatic tensions higher than they have been since the 1980s -- including a sputtering conflict between two nuclear-armed South Asian nations -- is it time to rethink DR?
Below, IT experts weigh in on some of the worst possible disaster recovery scenarios today and what can be done in the DR planning process to mitigate such crises.
What's the worst that could happen?
As Enterprise Strategy Group senior analyst Christophe Bertrand points out, worst is a relative term. While some organizations might plan for the end of the world as a worst-case scenario, others might find such planning to be overkill.
Certainly, there are examples that sound like worst-case scenarios. Consider the case of the VFEmail hack that took place earlier this year. All of VFEmail's U.S. business data was effectively deleted by hackers overnight with no warning. The company was ultimately able to recover its European operations, but the U.S. business no longer exists.
When assessing the risk of potential disasters, people typically think about three things, according to Joseph George, vice president of product management for global recovery services at Sungard Availability Services. Those three things are:
- What are the things that can go wrong and what disaster recovery scenarios should you plan for?
- What is the probability of that scenario happening?
- What will be the effect or cost if that scenario does occur?
It's critical that you consider all three components at the same time, George said, and thinking through all of those elements requires diligence.
"Most people have a natural optimism bias when it comes to disasters and don't typically believe a disaster will happen to them," he said.
If people don't think a disaster is likely to happen to them, they likely won't take action to prepare for that scenario. However, the sheer frequency and types of disasters that are taking place today are forcing organizations to change their thinking.
For Kyle Young, director of IT at security and privacy compliance assessor Schellman & Company, working for a company based in Florida presents a set of weather-related challenges that he must plan for.
"Working for an organization that is headquartered in a region that is meteorologically under siege for nearly six months out of the year -- Tampa -- planning for the worst-case scenario is an absolute must," Young said.
"...ensuring the proper employees and teams are involved in developing, testing and executing these plans when necessary is critical to the operability of the company during an event."
Of course, the most important factor for the successful execution of a business continuity and disaster recovery (BC/DR) plan is the safety of the employees, he said. Furthermore, ensuring the proper employees and teams are involved in developing, testing and executing these plans when necessary is critical to the operability of the company during an event.
According to Young, you should think strategically when selecting vendors for your BC/DR plans, preferably those that operate in multiple geographic zones to allow for continuous availability in these types of situations. It is critical for your business to have the ability to operate during a multitude of disasters that could affect your business, including meteorological events, human error or cyberattack.
"With the proper BC/DR plan in place, [geography] should be a non-issue, as consideration should be paid to ensure geographic redundancy has been put in place," Young said.