BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Three Steps To A New Paradigm For Disaster Recovery And Backup

Forbes Technology Council
POST WRITTEN BY
Joe Merces

Organizations of all sizes are getting hit with ransomware, putting entire systems, services and potentially even lives at risk. Nation-state attacks are more common in today’s world, in comparison to the unexpected weather events that dominated disaster recovery preparedness considerations a decade ago. As a result, the almost daily occurrence of cyber attacks is actually a bigger driver for organizations to prepare for downtime and the quick recovery required to keep businesses up and running.

While organizations vet and revamp their backup and disaster recovery planning to contend with cyber attacks, they’re also including the cloud and realizing the benefits the cloud provides for disaster recovery.

But as you move to the cloud, disaster recovery is just part of the equation. You need to manage both the cloud and the on-premise data center. That can make it much harder to handle infrastructure management, security, and backup of data.

To succeed, I believe it’s time to spend the outmoded, decades-old approach to disaster recovery and backup, and to look at a more comprehensive way of working. Here are three ways to get there.

Unify historically stand-alone IT functions.

I know from having worked as a CIO in New York City for many years that the model of disaster recovery in the past was to have separate IT departments and siloed IT functions. That doesn’t really work in the cloud, nor does it work to address the scourge of potential near-daily cyberattacks. This becomes obvious when vetting a disaster recovery plan to include the cloud in addition to an on-premise data center or, worse still when you’re reacting to a cyber attack that has already crippled IT systems.

You really need a new paradigm to unify these historically stand-alone IT functions. Closing the gaps among IT functions enables a holistic approach in managing private data centers and the resources now hosted in the cloud. This new paradigm should also extend to legacy data center tools, which just aren’t cutting it in hybrid environments. Tools need to evolve to be more holistic in managing resources, whether those resources live on-premise or in the cloud. This way, companies can make process and procedure changes by taking steps to require involvement from the security team and backup team when creating new workloads. This will help them to avoid configuration issues related to backup and security upfront, instead of after the fact when it might be too late.

It seems clear to me that better collaboration is required in practice, process and procedure across IT functions and departments.

Periodically test backup and recovery, and keep track of workloads in the cloud.

When’s the last time you tested your recovery plan? If your company is like most, the answer is probably “too long ago.”

In the past, there just wasn’t enough testing of disaster recovery plans. If these plans were actually tested across enterprises to work with conventional legacy solutions, we wouldn’t be hearing about government agencies and private companies being down for days or weeks to recover from cyber attacks on business-critical servers.

I believe enterprises need to be more agile in their response to disasters. This means not only periodically testing backup and recovery, but also addressing overall data protection needs. Just performing backups and hoping they work when you’re faced with a disaster is not enough.

Thanks to the cloud, your organization can implement holistic approaches by keeping track of workloads (even if they are only temporary), combined with reviewing ownership and security requirements, while creating backup and restoration plans that are in line with your business’ requirements.

More importantly, the cloud can help you recover business-critical data at a moment’s notice by taking advantage of elastic cloud capabilities, quickly backing up, replicating and recovering data in multiple geographic regions and accounts worldwide. In my experience, testing workload disaster recovery preparedness in the cloud is one of the best ways to ensure you have the means to recover quickly anytime.

Practice good security hygiene, even in the cloud.

Even with all this talk about a new paradigm, the simple truth is that migrating your infrastructure to the cloud isn’t enough to guarantee secure backup and disaster recovery. Many cloud providers, most notably Amazon Web Services, assume shared responsibility for security. That means they will handle the security of the cloud; it’s still up to you to handle security in the cloud. (Full disclosure: We are an Amazon partner.)

So, you still need to practice good security hygiene and ensure the security of every asset you put in the cloud. Some basic security hygiene principles that have made the news recently are, in my experience, often forgotten or overlooked. Things like maintaining an inventory of all workloads and making sure that servers and their data are protected and private, instead of being public (a common mistake that can lead to the dire consequences of data hacking), are critical. Firewalling servers to block ports known for malicious activity, tightly securing RDP access and always requiring complex passwords all add to ensuring good security hygiene in the cloud.

In my view, a unified approach to data protection in the cloud reflects today’s changing IT landscape better than the historic siloing of IT functions. As a result, overall disaster recoverability will be greatly improved. This is the new paradigm that enterprise IT so sorely needs.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?