Definition

natural disaster recovery

Erin Sullivan

By

Erin Sullivan, Site Editor

What is natural disaster recovery?

Natural disaster recovery is the process of recovering data and resuming business operations following a natural disaster. Natural disasters include hurricanes, tornadoes, floods and other severe storms that can affect a data center and cause data loss.

Natural disaster recovery requires its own type of planning, since disasters can vary by region and can't be restored with IT-based efforts alone. Businesses in locations prone to tornadoes or hurricanes might take such storms into account from the start. However, even if severe weather events aren't a frequent occurrence in your region, a natural disaster recovery plan should still take possible scenarios into account.

Why natural disaster recovery preparedness is important

Natural hazards such as hurricanes and floods vary in severity, but when it comes to disaster preparedness, it's best to prepare for the worst.

If a location is prone to a certain type of natural disaster, working that disaster into the disaster recovery (DR) planning process is imperative. For example, if one data center is in a known hurricane zone, that data can be backed up to a location outside that area or in the cloud. That way, if the primary data center is hit by a storm, data backups are not only protected, but can be used for a swift recovery.

Protocols must also be put in place for displaced workers, damaged facilities and injured employees. That is different from preparing for an event such as a ransomware attack, which does not include physical damage that renders workspaces unusable.

Types of natural disasters

According to the Centers for Disease Control and Prevention, there are 11 primary natural disasters: earthquakes, landslides/mudslides, volcanic eruptions, lightning, wildfires, floods, tornadoes, hurricanes, tsunamis, extreme heat, and extreme winter weather. All these disasters could damage or destroy a data center, and many could render the data center unsafe for employees to enter.

While agencies such as the National Hurricane Center can forecast the severity and path of hurricanes, preparation for these types of events remains difficult. After Hurricane Maria hit in 2017, the Federal Emergency Management Agency, American Red Cross, Cisco Tactical Operations and NetHope -- a nonprofit that focuses on repairing communications services following disasters -- compiled a series of DR lessons learned from the storm.

Key elements of preparing to recover from a hurricane include triaging DR strategies, having equipment reserves, building redundancy into a DR plan and using cloud technologies. By prioritizing elements of a DR plan, order is determined in chaotic situations. Redundancy, equipment reserves such as backup generators and satellites, and cloud-based technologies can provide backup security and resources that can get an organization back on its feet.

Risk assessment matrix for natural and human-caused disasters.

A major takeaway following the Category 5 Hurricane Katrina in 2005 was not only to embrace DR sites outside the same weather zone, but to run regular drills and tests of recoveries and perform regular maintenance.

While discussed with hurricanes in mind, these principles can help in other natural disasters as well.

Natural disasters vs. human-caused disasters

Human-caused disasters can be the result of deliberate actions as well as negligence or error. Malicious acts such as arson and bombings are intentional, while oil spills and chemical plant explosions are unintentional human-caused disasters. Like a natural disaster, these types of hazards can cause physical damage to facilities and are unpredictable.

Similar preparedness activities for natural disasters can apply to human-caused disasters and vice versa. However, ransomware and other types of malware are also considered human-caused disasters and come with their own requirements and threats.

A thorough disaster recovery plan considers all these disasters so that an organization is not caught off guard. While they might not be preventable, recovery is possible with preparation.

Risk assessments for natural disasters

A key step in emergency management is conducting a risk assessment. A risk assessment can identify situations, both internal and external, that could negatively affect an organization and its recovery efforts.

Ideally, a risk assessment takes all threats -- natural and human-caused -- into account, listing the damage they could cause, the time it would take to recover, and any measures that can be taken to prevent or reduce the severity of the threat. With a risk assessment, an organization can consider defensive responses, such as mitigation measures, recovery activities and contingency plans.

Knowing the probability of a risk and the impact it can have can help weigh the likelihood of different risks an organization might face. These differ by business and can be gleaned from company records of previous disruptive events, employee recollection of these events, media records and National Weather Service data, among other available resources.

Another helpful tool when preparing for natural disaster recovery is a business impact analysis (BIA), which identifies an organization's most critical processes and how a disruption could affect them. Prior to conducting a risk assessment, a BIA can help prioritize certain aspects of the business when considering possible risks.

Creating a natural disaster recovery plan

After conducting the necessary assessments, there are a few other steps an organization can take in establishing a natural disaster recovery plan. Taking the stages of natural disaster recovery into account, a plan should include both direct and indirect losses. Direct losses are the immediate effects of a disaster, such as structural damage and facility closure. Indirect losses are just as important, because they make up the losses that can occur over time following a disaster. Indirect losses can include lost income due to services not running and loss of reputation.

Social media has become an important element of any natural disaster response. Communication following a disaster can keep employees and the public informed of an organization's status. Call trees and other communications protocols are tools that can be used to quickly and efficiently inform employees and essential personnel of a disaster, but if the public is a concern, social media is available to send out updates and possibly preserve good will while services are down.

Crisis communications hub diagram. — Crisis communication should be handled using a communications hub, according to Ready.gov.

Securing and testing off-site data backups and resources must be done to ensure business continuity. Cloud disaster recovery should be explored as an alternative to other physical data centers in the area in case of a wide-reaching disaster. Tape backups can keep data secure in a different location -- ideally, one that is out of reach of potential natural disasters.

This was last updated in October 2023

Continue Reading About natural disaster recovery

IoT is revolutionizing natural disaster prediction

Backup tips for your natural disaster recovery plan checklist

Dig Deeper on Disaster recovery planning and management

Data Backup

Generative AI tools for backup and DR still in early days
Backup software vendors have pitched generative AI tools for automation and as virtual assistants, but how these additions ...
4 data loss examples keeping backup admins up at night
Protecting data is a critical task for backup admins, and threats are ever evolving. Preparation is key to preventing data loss ...
Offline backups are a key part of a ransomware protection plan
Ransomware resilience relies not on a single tool, but on several layered protections. Offline backups are a critical layer in a ...

Storage

An introduction to hybrid multi-cloud storage
When implementing hybrid multi-cloud, IT teams must continually monitor and evaluate their environments. Understand best ...
Nashville Electric selects Pure Storage to provide power
A Nashville-based power company decided to migrate off an outdated, ill-fitting Dell storage system to something more modern and ...
IXsystems flagship array goes all-NVMe flash
The F-Series storage array family is now all-NVMe, bringing new levels of performance and density to IXsystems flagship array as ...

Security

Threat actors targeting critical OwnCloud vulnerability
Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors...
How passwordless authentication aids identity security
Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security ...
CISA relaunches working group on cyber insurance, ransomware
Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which ...

CIO

How AI is radically changing business process management
Deploying AI's discovery and automation capabilities in BPM powers advancements in front-office processes, process data analysis,...
Former OpenAI CEO gains strong legal backing with Microsoft
Should ousted OpenAI CEO Sam Altman be involved in any federal investigations going forward, he now has the legal backing of ...
BPO vs. BPM: What is the difference?
BPO and BPM both aim to improve business processes. One is a management approach to optimizing end-to-end processes. The other is...

Close