As climate change becomes more apparent, natural disasters are increasing in frequency. As a result, many backup administrators must have a plan to prevent data loss in an extreme weather event.
Historically, companies have viewed disaster recovery as an area where they shouldn't overinvest, said Johnny Yu, an enterprise IT storage industry analyst at IDC. That view is now changing, along with weather trends.
"Organizations that are used to their local weather patterns tend to only plan for those patterns," Yu said. "When those patterns change, administrators now have to address new disaster possibilities that they might not have invested resources into. These include wildfires, blizzards or massive power grid failure."
New weather patterns forcing backup reevaluations
A good place to start with data backups in general is to follow the 3-2-1-1 rule. A modified version of the traditional 3-2-1 rule, the 3-2-1-1 rule recommends three copies of data, including the original plus two backup copies; two different types of storage media; one copy kept off site to protect against localized disasters; and one copy kept offline in immutable storage to protect against ransomware.
"Specifically, for disaster recovery, storing the backups and staging the failover site on public cloud checks many of the boxes of the 3-2-1-1 rule," Yu said.
While issues related to data centers and data backup risks have always existed, the acceleration of extreme weather patterns could change the parameters of where organizations decide to actually install or set up their data centers, said Christophe Bertrand, practice director for data management and analytics at TechTarget's Enterprise Strategy Group. Threats to data centers can come in the form of flooding, wind damage, excessive snow or earthquakes.
"The big thing is the need to understand new risks and building defenses that can resist those problems," Bertrand said. Threats to a data center might also be directed at the region, not the facility, disrupting or damaging local infrastructure.
Backing up data in the cloud keeps it safe, sort of
The top benefits of using cloud backups for disaster recovery lie in cost, Yu said. Unlike with on-premises disaster recovery, customers don't have to pay for a secondary site and extra hardware, or for the maintenance of that hardware.
"Similarly, it's cheaper to scale on the cloud than to scale storage and compute using self-owned hardware," Yu said. "There's also an extra layer of security with data in the cloud, as it is one more set of credentials attackers must steal to access the backup system."
One major drawback of the cloud is that internet bandwidth becomes a bottleneck for every step of the backup process, from sending data to the cloud in the first place to recovering it back to primary once the disaster is over.
But the extent of vulnerability also extends to where the cloud provider is located and hosts its data, and what that location faces in weather extremes. Organizations should review how local weather has played out over the past few years to get a better sense of what the future might hold for that provider.
Johnny YuEnterprise IT storage industry analyst, IDC
"The benefit of cloud storage is that data backups will not be in your infrastructure," Bertrand said. "If that gets affected, in a sense, it doesn't really matter. Obviously, your data is somewhere else physically. So, understanding where the cloud provider is storing it -- and what they do to protect their own physical plant -- is going to be important."
Location is still key with a hybrid cloud backup arrangement
Some organizations choose a hybrid arrangement, where data can be stored both on premises and with a cloud provider. Again, the key to preventing data loss in a natural disaster is location.
"Companies [that use] on-premises disaster recovery need to ensure their secondary sites are far enough from their primary that a localized disaster won't affect both," Yu said. Distance will vary by organization, but the major requirement is that both sites not be on the same power network. "Not every disaster is an earthquake or tornado -- simple power outages are common and can still be cause for a failover, especially for high-transaction companies where every second of downtime is lost business," he explained.
Organizations must test disaster recovery plans regularly. According to Yu, a recent IDC survey found only 38% of organizations test their disaster recovery plans quarterly or more often. Frequent plan testing is critical to prevent data loss in a natural disaster, since it enables organizations to discover vulnerabilities and combat changing risks.
"Creating runbooks for different disaster or cyber attack scenarios and following them by running drills is the best way to train staff, refine the disaster recovery plan and prepare organizations for when an actual incident occurs," Yu said. "Moreover, disaster recovery plans need to be updated and tested whenever there's a major IT change, such as the deployment of a new critical application or a large systems upgrade."