I was hosting a meeting recently when I received an urgent call. “Mr. Kratz, this is ADT Security. An alarm has been triggered at your home and we are dispatching the fire department immediately.” Luckily, I knew there were contractors working at the house and after quickly confirming that the house wasn’t ablaze, I thanked ADT and asked them to cancel the alarm.
While that alarm was false, it got me thinking. Suppose there really was a fire, or another type of disaster that destroyed my home. Would I be properly equipped to recover?
That led me to take steps to ensure that I am recording, documenting, storing and backing up the important things in my life (and my home) so that they can be easily recovered if disaster strikes.
After getting my own disaster recovery strategy in order, I asked 10 friends if they had done anything to protect against worst-case scenarios. Three had not, seven had, but of those seven only one stored their information in the cloud. The rest uploaded everything onto a home computer that might not be salvageable in a fire, flood or worse.
What we face in our daily lives applies to local and provincial governments as well. Many do not have a standardized, pre-scheduled approach to disaster data recovery, nor do they have the funds or resources needed to protect the information of their citizens should disaster strike.
How to start building a disaster recovery (DR) strategy for your organization
To get started, first look at how you are conducting data backup and recovery. Ask tough questions, role play through different scenarios and plot out potential outcomes. From there, determine if your organization will keep a traditional approach to DR or move towards a more modern one using innovative technologies available to protect vital information.
A traditional approach to DR involves different levels of offsite duplication of data and infrastructure. Critical business services are set up and maintained on this infrastructure and tested at regular intervals. The infrastructure required to support this approach includes:
- Facilities to house the infrastructure, including power and cooling
- Security to ensure the physical protection of assets
- Suitable capacity to scale the environment
- Support for repairing, replacing, and refreshing infrastructure
- A contract with an internet service provider for connectivity that can sustain bandwidth utilization for the environment under a full load
- Secure network infrastructure, including firewalls, routers, switches, and load balancers
- Enough server capacity to run all mission-critical services
The DR environment’s location and the source infrastructure should be a significant physical distance apart to ensure that the disaster recovery environment is isolated from faults that could impact the source site.
One of the benefits to working with a cloud services provider to develop a DR strategy is that you do not have to worry about the cost implications of creating a duplicate data storage environment. This is due to cloud pay-as-you-go pricing models.
Another advantage to cloud storage is that an organization does not have to deal with the long time required to restore physical systems from information backed up at an offsite location.
By storing data in the cloud, governments can instantly access information. If a government still has onsite infrastructure, they can backup that information in the cloud using a network connection. If a disaster occurs, they can immediately access a copy of that information when onsite resources are back up and running, or from a remote location until that site becomes operational again. This type of model is becoming increasingly obsolete as more governments are moving entire data storage to the cloud.
While backing up data in the cloud can simplify DR, organizations still need to share responsibility and test systems to ensure a proper configuration that will retain and secure data. This is important to our customers because we do not provide public access to their data, and we set our storage products to be secure by default. However, we give our customers control over their storage capacity in the cloud. Organizations should ensure that when making any configuration changes, that the data storage container is restored to its original secure state. With AWS, this step is a simple click of a button compared to governments managing DR with internal resources that require having to go to an offsite location to verify data security.
Improving your DR strategy
I have already touched on the importance of ensuring your data is secure in the cloud when building a DR plan, but you need to go beyond testing security and actually perform frequent comprehensive testing of your overall DR plan.
This involves performing “game day” exercises where you actually complete a full run through of a DR scenario, ensuring all systems are configured correctly and that proper documentation is in place to make the process as simple and repeatable as possible if a disaster event occurs. Using a cloud services provider instead of managing your own physical offsite servers allows governments to quickly and cost-effectively perform these tests. Here are four common “game day” scenarios that a DR team should test on a regular basis:
- Power loss to a site or set of servers
- Loss of ISP connectivity to a single site
- Virus impacting core business services
- User error that causes the loss of data
The last line of defence is really focused on establishing regular checks and sufficient monitoring so your IT managers are quickly alerted to server failure, or connectivity and application issues. Be sure to perform regular backups and test them to always be prepared and flexible when your data is stored in the cloud.
A decade ago, the thought of a disaster impacting a government meant significant cost and planning to establish a plan that did not give organizations the flexibility and scalability to respond in real-time. Today, governments can host regular services that citizens depend on in the cloud, while ensuring that those systems are protected and easily duplicated for a fraction of a dollar per gigabyte. This is compared to the hundreds of thousands of dollars that may have been spent before on offsite servers. This new low-cost and on-demand infrastructure has changed the meaning of traditional business, and it should change how governments plan and test DR strategies.
Going back to my own personal experience, don’t wait for a phone call bearing bad news. Be proactive and take steps to make sure you are prepared before disaster potentially strikes.
By Jeffrey B. Kratz, General Manager, Latin America, Canada & Caribbean, Worldwide Public Sector, Amazon Web Services.