Lessons Learned from the Sony Hack & Other Disaster Recovery FAQs

IO Singapore Colocation Data Centre

73% of organizations are not sufficiently prepared to recover their data in the event of a natural disaster or a Sony-like data breach. Disaster Recovery-as-a-Service is one solution, offered by a number of IO customers in Singapore and elsewhere.

This week IO announced a strategic relationship with IIJ Global Singapore, a prominent Internet-access and comprehensive network solutions provider that will use IO to provide Disaster Recovery-as-a-Service (DRaaS). This is the second story we’ve shared of a company turning to our Singapore data center to provide DRaaS – Pantropic leverages IO Singapore for the same purpose. (Of course, it’s not only Singapore.) The announcement prompted me to ask some of our internal subject matter experts about disaster recovery. Here’s what I learned.

What is disaster recovery?

Disaster recovery (DR) is the ability to get your data back (i.e., recover it) after a flood, a fire, a hack, or any other “disaster” that disables or destroys the data in your primary data center.

Are disaster recovery and business continuity the same thing?

No. Disaster recovery is a part of business continuity. Business continuity involves the recovery of data – as well as many other activities required to keep a business running during and immediately after a disaster.

Does backing up = disaster recovery?

No. Backing up your data is a necessary but not sufficient element of disaster recovery. After all, you can’t recover your data if you haven’t backed it up. Sending data offsite ensures a copy of your backup is available in the event of a flood or fire at your primary data center, and it is considered a best practice in disaster recovery planning. Storing your backup down the street probably isn’t sufficient, either; it should be accessible even in the event of a disaster that affects, say, an entire city.

What kind of disasters are we talking about?

In the context of DR, a disaster is any event that compromises your data. It could be a disaster like a flood or a fire that destroys the data in your primary data center. It could be a storm or a massive power outage that renders your primary data center temporarily inaccessible.

Or, it could be “man-made mayhem” – such as a hack that erases the data from your system (Sony has some recent experience with that). Consider: “More than 20% of respondents to Arbor Networks’ Worldwide Infrastructure Security Report say their enterprises experienced an advanced persistent threat (APT) attack. This puts the risk of occurrence higher than either fire or flood, or of being hit by a violent storm even if you’re in a high-risk region such as Tornado Alley.”

How prepared are most companies for a disaster?

Not well prepared. For example, just 23% of respondents to the 2014 InformationWeek Backup Technologies Survey said they were extremely confident in their ability to get the business up and running again in a reasonable time frame if a major disaster took out their main data center. The Disaster Recovery Preparedness Council’s 2014 annual report came to a very similar conclusion: 73% of companies are failing at disaster readiness.

Disaster recovery in the cloud?

Companies like IIJ Global Singapore and Pantropic provide Disaster Recovery-as-a-Service out of IO’s data centers. It’s a good business model: The global DRaaS market is expected to grow at a compound annual growth rate of 52% between 2014 and 2019, according to a new report from TechNavio.

But key best practices still apply. For one: Don’t choose a DRaaS provider in the same location as (or near) your primary data center. And another: The data center provider matters (that’s a point Pantropic Chief Technology Officer Christopher Foo articulates well in this video).

What’s the role of a data center service provider in disaster recovery?

In addition to serving the needs of Disaster Recovery-as-a-Service providers like IIJ Global Singapore and Pantropic, a global colocation services provider like IO can help organizations maintain data backups and recover them in the event of a disaster. For example, customers in the U.S. can colocate their primary data center operations in Phoenix and New Jersey and keep backup data for DR purposes in Ohio. IO’s data center infrastructure management (DCIM) software makes it easy to monitor and manage data across locations.

We live in a world where disasters – both natural and human-made – are inevitable. How will you respond?