kromkrathog -

What will disaster recovery strategy look like in 2020?

Disaster recovery planning is an ever-evolving process, and organizations should be aware of new threats and tools. Ensure that your strategy isn't behind the times in 2020.

Recovery is one of those parts of IT that doesn't fundamentally change over time. However, recent developments in technology and planning are driving changes that will change disaster recovery strategy in the coming year.

The end of the year is a great time to reflect on what's transpired in the recovery landscape and what needs to change to make IT operations more efficient, more cost-effective, faster and better able to meet the changing needs of an organization. Disaster recovery in 2020 will be influenced by numerous changes that will affect how you plan and execute DR.

From preparing for new types of cyberattacks to applying the new compliance regulations to your organization, your disaster recovery strategy and planning should see some significant changes in the next year.

Compliance is going to be a material DR consideration

Business impact analyses focus on how a specific type of disaster will affect critical workloads so you can assess the risk this combination created. I've yet to hear about an organization viewing the deletion of data sets protected under laws such as the General Data Protection Regulation or the California Consumer Privacy Act (CCPA) as a disaster scenario that needs addressing.

These laws contain specific verbiage around how organizations must ensure personal data and how the systems that manage it are up and running, so that consumers can request to see what information you have about them. There is also a right to be forgotten, which enables consumers to request that their information be deleted. CCPA has a lot more "teeth" in it along these lines, so I suspect starting next year (when CCPA goes into law), we'll hear more about the need to ensure those systems and applications managing consumer information are available.

Island hopping cyberattacks are going to be a DR catalyst

This year, cybercriminals began to see the value in not only attacking one organization, but using it as a jumping off point for other attacks. By using stolen credentials and accessing emails and applications, cybercriminals can jump to an organization that does business with the initially compromised organization. This activity, dubbed "island hopping," now occurs in about half of all cyberattacks.

The challenge island hopping presents to disaster recovery strategy is that this breed of cyberattack often results in many changes being made to the infected environment that will need to be restored to a known-secure configuration. These changes can include created/modified user and group accounts in Active Directory, mailboxes in Exchange and changes made in applications, such as financial and banking applications.

While this attack trend has been present most of 2019, I foresee organizations that see DR as an integral part of operations, rather than an insurance policy, finally waking up to the need to be able to put the environment back into a preattack state to ensure both the security and productivity of operations.

DR of heterogeneous environments will be more searchable

Gartner's latest Magic Quadrant for Data Center Backup and Recovery Solutions adds a very specific capability to the list of requirements that will greatly change disaster recovery strategy in 2020: the ability to easily search for specific data sets. I'm not talking about searching for a backup job; I mean being able to easily search for a particular data set that may exist within myriad stored backups across multiple mediums. This is going to rely heavily on DR software meeting this need and will likely be implemented in numerous ways, mostly depending on the limitations and capabilities of each DR vendor.

The effect this feature will have is huge. If you know where every bit of data is, the ability to then understand what data you have is augmented and can aid DR efforts. If you know a particular version of an OS file exists on a given system's backup, you proactively know that -- should you recover that backup -- the system is missing a specific patch that will protect against a newfound vulnerability.

The immediate benefit here is that you can search for data, but the larger aspect of this is the ability to know the state of your backups without needing to recover them. This may not come to mainstream fruition in 2020, but we can expect it shortly.

Lots of changes to DR in the coming year

Disaster recovery strategy is always about attempting to take an ever-changing environment and somehow be able to reproduce it. The changes above will likely have an effect on the tools you use, the way you determine risk, the resulting DR plans and your methods of execution. While all of these changes may not all be experienced by your organization, rest assured that you'll be seeing at least one of them affect your DR planning in the coming year.

Dig Deeper on Disaster recovery planning and management

Data Backup