Why High Availability Solutions Shouldn’t Replace Disaster Recovery Planning

24/7 floating over businessman's hand
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year, 81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.

With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?

The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption

DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow

Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment

If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.

Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan, download our checklist.  

How Do I Get My Data Back If My Cloud Provider Goes Bankrupt?

It’s a business continuity and disaster recovery planner’s worst nightmare: You wake up to the news that your cloud provider — the one that houses your critical data — has gone under. How do you get your data back?

Going out of business sign
The scenario isn’t entirely unheard of. In 2013, cloud provider Nirvanix announced it was closing its doors and told customers they had two weeks to migrate their data to another location. This announcement, however, should not have come as a surprise to customers. According to InfoWorld, Nirvanix had been informing its customers that it was having financial difficulties and at one point informed customers and partners that they could no longer upload data to the Nirvanix cloud.

Your provider going bankrupt should not come as a surprise to you, either. Before working with a cloud provider (or any other vendor who manages your critical data), you should assess the vendor’s financial situation as part of the due diligence process. If there are any red flags, proceed with caution.

No matter the financial situation of the provider, the contract you sign should have provisions around what happens with your data in the event of bankruptcy, default, etc. These provisions could include arrangements for transferring the data to another cloud environment or copying your data to external media and returning it to you.

If a provider won’t add a contract provision that protects you in the event of a bankruptcy, consider looking at alternate vendors.

For more guidance on choosing the right cloud provider, check out our post "11 Questions to Include in Your IT Vendor Due Diligence."

[INFOGRAPHIC] What Is the Cloud?

People love to use the term "cloud" in the tech space, but the actual meaning of the word is about as hazy as the same-named vapors in the sky. In a recent infographic, Spiceworks cleared up some of the misconceptions about what cloud computing is, explaining how it works in terms that anyone can understand.

What Is the Cloud?

For answers to some of the cloud questions we’ve been asked, check out this post

[INFOGRAPHIC] Disaster Recovery Preparedness: Are You Ready?

With the commencement of National Preparedness Month, a pressing question you need to answer when strategizing your business continuity and disaster recovery plan is "Are you ready?" Business interruptions are not a matter of if, but when and what type. A study by the EMC Global Data Protection Index showed that 53 percent of respondents cited hardware failure as their cause of outage, along with 39 percent for loss of power.

Take a look at these statistics from Expedient's infographic to help you assess where you stand.

Disaster Recovery Preparedness Infographic

How can you best protect your business? Check out our Disaster Recovery Helpful Hints — Part 1, Part 2, and Part 3 for tips on how to realistically analyze the risks everyday and natural disasters pose to you.

Client Spotlight: Frost Bank Puts BC/DR Plan in Action During Hurricane

With a hurricane on the way and more than 300,000 people evacuating from Galveston, TX, Frost Bank had some decisions to make. There isn't much to love about a pending disaster, but Frost Bank was thankful for its business continuity and disaster recovery (BC/DR) plan that made those decisions much easier.

Frost Bank was able to continue service for customers who were not evacuated by setting up a mobile recovery center at the branch in Pearland, TX. Frost moved a second mobile recovery center to Galveston Island as soon as evacuees were allowed to return, so they could provide cash to customers who were unable to use credit or debit cards while Galveston's infrastructure was inoperable.

Frost Bank serves as an example of why having a BC/DR plan in place is a critical part of being able to continue service as soon as possible after a disaster. If you're looking for a way to implement a BC/DR plan for you company, review our disaster recovery plan checklist.

How Far Away Should Your Disaster Recovery Site Be?

Pins in map
The question "How far away should my primary data center be from my disaster recovery (DR) site?" has plagued DR planners for years. Companies first began seriously examining the role distance plays in DR after 9/11, when the attacks on the Twin Towers caused a large portion of Manhattan to shut down and all the recovery vendor sites filled to capacity.

Unfortunately, there’s no clear-cut answer to this question. Some suggest locating the backup site at least two FEMA-defined regions away, but most people shy away from setting firm guidelines measured in miles.

Instead, the geography should be dictated by the risks related to your organization’s business processes, data and physical location (a business impact analysis should reveal what these risks are). Once you’re aware of the risks you face, you can weigh the benefits and drawbacks of nearby and distant DR sites.

Nearby Disaster Recovery Site

A nearby DR site is beneficial for a variety of reasons. It’s within driving distance, making it easily accessible. If your DR site is nearby and is unaffected by an incident affecting your primary location, you can continue business operations more quickly than if your DR site were hundreds of miles away. In addition, the bandwidth costs are less, and you’re not as likely to experience significant system recovery delays due to latency issues.

However, the benefit of having a DR site within driving distance depends on the locale's risks. If your region is prone to hurricanes, earthquakes or floods, having a DR site in the same region can be risky. For instance, Hurricane Sandy was 1,100 miles in diameter — that’s more than a third of the continental United States. In regional disasters like this, your DR site could be affected by the same event as your primary facility, rendering it useless.

On the other hand, Spokane, WA is a geologically stable area whose biggest threats are wildfire and train derailment. Many businesses in these areas are comfortable with a nearby DR site as long as the site is on a different power grid.

Distant Disaster Recovery Site

Distant DR sites are beneficial because there’s less shared geographic risk. For example, if a business affected by Hurricane Sandy had had a DR site in Washington, the recovery environment would not have been compromised.

One of the significant challenges of a distant DR site is latency. When recovering data or systems across a significant distance, slower recovery times and bandwidth costs can negatively impact business continuity goals. The distance can be challenging for employees who need to be on-site as well. After a significant disaster, employees are often busy tending to their personal situations and aren’t able to travel far.

When answering the question of how far away a DR site should be from the primary site, then, it’s a matter of mitigating shared risks, not measuring miles. For more about the role of location in data vaulting, check out our post "Where in the World Is Your Data?"

National Preparedness Month Is Here

National Preparedness Month Promo image
Image courtesy of Ready.gov
Don’t wait. Communicate. Make your emergency plan today. These are Ready.gov’s tips for this year’s National Preparedness Month (NPM), which kicked off September 1.

The campaign is encouraging the American public to have a plan for staying safe and communicating during disasters such as floods and wildfires. Each week this month is dedicated to a specific hazard, with the last week culminating in America’s PrepareAthon!, a grassroots campaign encouraging communities to increase preparedness and resilience.

The full schedule is as follows:

  • Week 1 (September 1-5): Flood
  • Week 2 (September 6-12): Wildfire
  • Week 3 (September 13-19): Hurricane
  • Week 4 (September 20-26): Power Outage
  • Week 5 (September 27-30): Lead up to National PrepareAthon! Day (September 30)

Will you participate in NPM? To get started, check out our planning checklists on the Resources page of our website.