Enterprise Security

How to Protect Data From Natural Disasters

With hurricane season in full bloom and the additional prospect of natural disasters, the importance for companies to have disaster data plans in place is paramount.

Companies that fail to make recovery plans for their electronic gear and essential data are inviting serious financial injury when an emergency strikes.

TechNewsWorld discussed disaster preparedness with a panel of IT experts. Check out their recommendations — and make sure that you have not forgotten that one key thing that many companies forget to protect but regret afterward.

IDC Findings

A 2018 IDC report entitled “The State of IT Resilience” warns businesses not to fall into the trap that snarls many companies each year when emergencies happen. These firms view disaster recovery (DR) preparedness as an insurance policy and an added expense that is likely to have little payback.

This approach to disaster recovery is inadequate for today’s digital businesses. If DR tools and initiatives are viewed as a cost center objective and not as a business driver, an organization’s cloud and digital transformation (DX) initiatives will be exposed to a higher rate of failure, the report warns.

Other research estimates that as many as half of all organizations could not survive a disaster event. That research also found that many businesses do not properly protect their data, test their disaster recovery environment, or have automated DR processes in place.

“After an already stressful 2020 due to the COVID-19 pandemic, forecasters are expecting an above-average number of hurricanes this season. Regrettably, many businesses may be unprepared to weather those storms and could experience permanent data loss if they aren’t ready from an IT perspective,” Caroline Seymour, vice president of product marketing at Zerto, told TechNewsWorld.

To avoid becoming another victim, she recommends maintaining critical business operations, preserving valuable data, and ensuring IT resilience by having a formal DR plan in place that can be enacted rapidly.

In addition to having cloud-based disaster recovery technology implemented and tested, IT teams need to practice their DR plans to understand what works well and where there are opportunities for improvement, Seymour cautioned.

The Cost of Not Preparing

IT resilience — essential to disaster recovery — is a measure of an organization’s ability to protect data during planned disruptive events, effectively react to unplanned events, and accelerate data-oriented business initiatives. It includes traditional disaster recovery and backup tools, and also incorporates advanced analytics and security capabilities needed for the success of any digital business in the 21st century.

IDC’s research found that many organizations are seeing new forms of disruptions, such as ransomware, cause considerable downtime.

Here are some key findings from IDC’s disaster recovery research:

  • More than half of the respondents are currently undertaking IT or digital transformation projects and view IT resilience. They see IT resilience as foundational. But few respondents believe their IT resilience strategy is optimized.
  • Most organizations surveyed have experienced tech-related business disruptions. These situations resulted in material impact in terms of either recovery cost or additional staff hours, direct loss of revenue, permanent loss of data, or damage to company reputation.
  • Data protection (DP) and disaster recovery (DR) are central tenets of digital transformation initiatives but may not be prioritized by many organizations.
  • Only half of all apps are fully covered by a DR strategy. This indicates a disconnect at the business strategy level regarding the importance of data protection and data recovery to the organization’s initiatives.

Much Can Go Wrong

The research found that many companies struggle with the cost, complexity, and orchestration of their data protection and disaster recovery solutions. Almost half of the respondents (45 percent) reported challenges with restore or backup reliability.

The complexity of the backup and recovery process was also a leading challenge for 43 percent of the companies. These factors have a high probability of delaying or disrupting IT transformation (DX) initiatives.

That complexity process is pushing some 90 percent of the participating companies to pursue a convergence of backup and DR tools as they eliminate redundant tools. This indicates that users increasingly see backup and DR functions not as siloed products by as complementary assets of a single solution.

Researchers believe the best practice for corporate data recovery is to define what IT resilience means for their organization and develop a plan for implementation. That definition should begin with the core elements of data protection, backup, and disaster recovery.

It should also account for emerging security threats and address the requirements of all business applications. That includes on-premises or public cloud-based. It should not include a one-size-fits-all IT resilience solution.

“As of July 2020, the US has experienced 10 weather- and climate-related disaster events, losing more than $1 billion each time. This does not even count the storms that took out parts of the Northeast last week (Hurricane Asaias),” Jennifer Curry, vice president of Global Cloud Services at INAP, told TechNewsWorld.

Recipe for Recovery

Successful disaster preparedness entails prioritization and communication. Curry outlined three ways companies can protect their data and information before disaster strikes:

Step One: Identify RisksFor many organizations, losing data and information is the biggest threat. Start by identifying where their data is stored, if there are copies, and if so, where are the copies stored (onsite or in a separate location).

“Having all information stored in one place is extremely risky because one natural disaster can wipe out everything,” she said.

Step Two: Think About Off-Site BackupsIf an organization does store data separate from its primary location, that is half the battle.

“To further protect their assets, companies should select a backup site that is in a different geographical region to reduce the chances that both locations would be knocked out by one disaster,” she reasoned.

Step Three: Consider Disaster Recovery SolutionsMany companies use cloud storage as a backup since it is easily scaled and cost-effective. However, a more robust option is disaster recovery as a service (DRaaS).

“DRaaS is essentially a facility redundancy in company infrastructures. It replicates mission-critical information, applications, and data so companies can maintain business continuity during natural disasters,” Curry explained.

“IT teams will be strapped when disaster strikes, and rather than having them tackle multiple requests from stakeholders across the organization, they are more successful if they have a prioritized list of applications,” she offered.

INAP tells clients to make sure comprehensive business continuity is developed before a devastating event happens. This also serves as an opportunity to identify the risks and gaps that may be commonly missed.

Balancing the Risks

Managing data loss is a case of reducing risks and consequences. The risk cannot and will not ever reach zero, according to David Zimmerman, CEO of LC Technology International.

“Events like fires, floods, tornados, earthquakes, and other disasters can result in business-altering data losses. Floods (especially salt water) severely damage equipment such as servers, SD cards, and laptops. With corrosion from seawater, data recovery might be impossible,” he told TechNewsWorld.

However, the right mix of training, corporate protocols, and cloud backups can greatly reduce the downsides of any data losses, making them slight inconveniences instead of business-ending disasters, he added.

Companies can protect their electronics and data during an emergency by incorporating the risks of data loss into a disaster recovery plan that evaluates the physical and virtual locations of their data. Then review how susceptible both would be to loss from fire, floods, or other events, suggested Zimmerman.

Sidestep Mishaps

Many small business operators with no IT staff tend to think a single backup to an external hard drive or storage uploads to a cloud service is all they need. This is dangerous thinking, according to Zimmerman.

Just because your business does not have a full staff with a fancy data management system does not mean you cannot take smaller, easy steps to protect your data.

“A single backup to a hard drive is the first step a business without the resources of an IT staff can do. However, it must go beyond that.

Without a formal data protection plan, all your hard work and content are at risk every day it is not duplicated. There are easy steps to proactively prevent this from happening,” he said.

Small business operators should follow what larger companies that have IT workers do. Implement a policy of redundancy.

This involves making multiple layers of backups, often more than you think is necessary. Create backups with the cloud combined with external hard drive storage. These should be used in tandem, not as replacements for each other, recommended Zimmerman.

“Managing the risk from any natural disaster should start with an inventory of all corporate-owned data. Back everything up to external hard drives — noting that these are kept off-site — that’s the important part. If a disaster strikes and all the data is held in the office, then the backups are pointless,” he offered.

One Thing Not to Forget

Many organizations still do not see the importance of creating a disaster recovery plan prior to a disaster happening, despite the massive risk of losing data that could impact the company’s future, Zimmerman shared. The most critical point of data recovery is proactivity.

“You don’t want to have to scramble to create a data recovery plan after a disaster strikes. The plan should function as a roadmap that includes all the sources and locations of data and who is responsible for it,” he advised.

Evaluating what to do and where to go after data is lost can be crippling to a business model, company reputation, and ability to actually do business. That can hurt any existing relationships with customers and partners.

“Forgetting to protect something is usually not the problem. What companies regret most is not doing periodic restore testing from backup data and testing disaster recovery plans. If companies are unprepared, it prolongs downtime and in some cases leads to data loss,” Shawn Lubahn, account product manager at Barracuda Networks, told TechNewsWorld.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Enterprise Security

E-Commerce Times Channels