by-studio - Fotolia
Natural disaster recovery planning: 4 frequently asked questions
When crafting a disaster recovery plan, don't rule out natural disasters as a major threat. Don't let a storm catch you off guard after making your recovery preparations.
With the ransomware threat running rampant in IT, some organizations might be inclined to overlook the old standby data disaster: Mother Nature.
To do so would be unwise, since natural disasters continue to wreak havoc on data centers and stress out disaster recovery (DR) planners everywhere. Ransomware may be snatching up the most headlines as of late, but natural disaster recovery planning is necessary as ever.
When crafting a DR plan specific to natural disasters, requirements will vary by region. In the United States alone, weather events can differ greatly. If your company is in Tornado Alley or in an area prone to hurricanes, such as Florida, or susceptible to ice storms in the Northeast, you should take all of that in to account when planning for a recovery. If you fail over to a remote site, is that location also in danger? Physical damage, such as flooding or downed powerlines, will also affect your plan.
Below, we answer common questions that arise with natural disaster recovery planning.
Is a natural disaster recovery plan necessary for everyone?
There are certainly locations throughout the country where particular natural disasters are prone to hit, so if your company is not within any of them, does it really need to worry about natural disaster recovery planning? While you may not have to concern yourself with hurricanes or tornados, extreme weather can happen just about anywhere. Flooding, ice storms and other severe weather events may cause physical damage or power outages, which can deeply affect an organization if it is unprepared.
With disruptive weather events on the rise, thanks to global climate change, it will benefit every organization to take natural disaster precautions in their business continuity (BC) and DR planning. Unlike other threats, natural disasters can be predicted -- to an extent -- so, along with keeping an eye on upcoming weather events, assess the historical climate data of your location, and prepare testing and exercises for any situations that have a history of occurring.
Where do natural disasters rank among modern DR threats?
Unquestionably, the major DR issue gathering attention today is ransomware. It is wholly unpredictable, affects organizations regardless of industry or location and is clearly on the rise. Organizations in areas at low risk for natural disasters may have previously been uninterested in investing in BC/DR, but the ransomware threat is changing that.
But, in some of those areas, stable weather conditions are no longer a certainty. With global climate change, the frequency and magnitude of severe weather events is increasing and can be particularly harmful for organizations that are not prepared. While cyberattacks are evolving and becoming ever more present, the threat of a natural disaster striking may be on the rise as well. Both threats come with their own risks and necessary preparations, but the basic challenges they present to security, continuity and compliance should kick-start DR teams to take a look at their planning and assess all potential threats equally.
What precautions can you take to prepare for a natural disaster?
An approaching natural disaster or frequent weather event can be somewhat predictable, but the severity of it rarely is. So, how can an organization prepare its data center? Conducting the right assessments and tests can strengthen your natural disaster recovery planning efforts significantly. For any organization, conducting a risk assessment is essential to crafting a suitable DR plan. Risks will be different for everyone, so a proper risk assessment will be a tailored rundown of potential threats. Performing a risk assessment will inform the business impact analysis (BIA), which determines the potential effects of the risks you discover.
When conducting risk assessments and BIAs, identify mission-critical functions and how weather events might disrupt them. Are your facilities vulnerable to flooding? Is there a plan in place for staff to work remotely? Take stock of your organization's resources and established plans. Once you've analyzed potential threats to your BC, consider how they might affect other important DR functions, like emergency communications with employees and company stakeholders.
How much is this going to cost us?
It should come as no surprise that BC/DR is an expensive process, but the risks and costs associated with not planning ahead outweigh funding concerns. Taking steps to include DR insurance and funding in a plan early on can ease some of the burden, but remember that DR technology isn't what it used to be. DR funding has been a roadblock for many organizations, especially smaller companies, but the rise of cloud DR and disaster recovery as a service (DRaaS) is changing that.
On top of being more affordable than on-site DR infrastructure, the cloud is proving to be a reliable, secure resource for data backup and recovery. DRaaS takes a lot of the guesswork out of DR planning, enabling a third-party vendor to take the reins in handling administrative burdens.
