Disaster Recovery In A COVID-19 World
Data and disaster recovery have always been quite complex in their scope. However, COVID-19 has increased the level of complexity. Many organizations did not invest in data recovery services before the pandemic. Further, those who did have some form of a data recovery program have had to re-assess their strategy and deployments given how dramatically the world has changed in the span of a year.
Once the pandemic was declared, it forced businesses of all sizes to transition to a 100% remote working environment for months with little notice. The rush to equip workers with the right tools to work from home was overwhelming to say the least.
While lockdowns have been lifted and other restrictions loosened, many companies still operate with a large majority of their employees who are working from. In some cases, remote work is indefinite. Moreover, now that so many employees and companies have experienced the cost savings of working from home, many may never go back to the office. Nonetheless, organizations need continued support for remote work even after the consequences of the pandemic are mitigated. Invariably, the scope of the IT infrastructure has changed significantly.
Prior to the pandemic, many IT departments were centralized on-premise or housed in a local data center. When COVID-19 struck, the immediate priority was offering resource access. Many companies emptied tech shelves of major retailers and handed laptops to their employees as they walked out of the office for who knows how long. Those who did not get a laptop during the first round had to use their own devices to connect to the company network and applications.
While the solution was geared towards addressing health and safety concerns, it was not a good long-term solution for disaster recovery. Provisioning access and even VPNs is complex and difficult to scale. As a result, many organizations have chosen to partner with a data recovery services vendor to ensure applications and infrastructure are resilient enough to withstand the next global emergency. Even when many IT departments did not move their assets out of the data center immediately, current budgets will reallocate IT budgets towards outsourcing and the cloud. Why? Well, because remote workers can access it more easily and the performance is reliable.
As such, the trend is accelerating towards the cloud and also protecting employees’ endpoint devices. This means companies need a new data recovery program to ensure their networks remain available to their employees and their customers.
Protect your data in the cloud
Why should data be backed up at all? How can you get IT to back up applications and data regularly if they’re not onsite? In the event of a catastrophic failure or pandemic, a data recovery services provider will ensure your cloud-based IT infrastructure is secure, your applications are available, and your data is protected.
For instance, what happens if one of your remote workers accidentally deletes critical documents associated with monthly reporting? If the files were deleted by accident, the individual in question may not even notice it. Typically, files are automated for permanent deletion after 30 days in a recycle bin. Unless those files are backed up, they are lost forever.
On a more serious note, if a staff member deletes logs and a trail of illegal activities, the company may realize disastrous legal implications. This is especially true if communications are unrecoverable after a subpoena is ordered.
On the other hand, what if you partnered with a vendor who performed comprehensive disaster recovery and backup services. You can rest assured you are protected against these types of risks. To illustrate, disaster recovery vendors can offer customized solutions to backup popular cloud-based applications such as Office 365. Of course, it’s important to verify your applications are protected during and after a pandemic.
When it comes to cloud, some IT professionals may have the same questions they had about SaaS — after all, there’s never been an IT infrastructure as robust and redundant as those operated by the big hyperscale cloud companies. While that’s true, just as with SaaS, cloud providers also operate on a shared responsibility model. They protect the infrastructure, but granular data protection is up to the customer.
There isn’t an on-premise IT infrastructure as robust as those operating in the cloud. A disaster recovery vendor will protect the infrastructure since there is no shortage of backup options for cloud data. Therefore, there is no longer any reason to remain unprotected.
Maintain a secure remote working environment
As company team members continue to work from home, they will store crucial data on their local machine. But, this data needs protection. Yet, there are two major obstacles in the way:
Backup data: Many employees are working from home with connections that are not as secure as those from the office. Pulling all that data from remote users to the onsite data center will decrease efficiency, speed, and productivity.
Privacy issues: When team members use their own machines, it is difficult to work around privacy issues and also determining where or how to add backup clients.
It is easier to protect endpoints if employees are using a company-issued device. If not, you will need help deploying and configuring clients for every machine.
It may also help to configure a group policy for endpoints that stores files to the platform of your choice such as Dropbox or OneDrive. Still, you can’t monitor employee activities 24/7. It is still up to their willingness to store company files in the right place. If they save them on their desktop folders, security will be limited.
What you can do is partner with a vendor who offers virtual machines and remote desktops. There isn’t any question that COVID-19 has accelerated the move towards a virtual desktop infrastructure as they offer many essential advantages to the company and to employees.
It helps to have an adequate platform where staff can store their data on local machines. The right vendor can configure your virtual desktops so data cannot be cut and pasted to each device. Therefore, you can count on an additional layer of protection. Also, a client isn’t always necessary. So then, employees can use their favorite machine as long as they have the right credentials and utilize 2FA.
However, even as countries distribute vaccines, companies need to take this time to re-evaluate their data recovery program. The past year has induced significant changes to onsite facilities, IT infrastructure, and working practices.
This is the new normal as many companies intend to make remote working a permanent option. Some organizations are now allowing their formerly-onsite employees to not only work remotely, but they can also work from anywhere in the world. Without question, organizations will have to approach disaster recovery differently. What happens when your Plan B or Plan C becomes plan A? Inevitably, COVID-19 has imposed new risks to data protection.
While some companies did create a strategy for a potential pandemic, few had any idea of the scale and scope of COVID-19. The overall impact is still being studied. However, the risks are not the same as a natural disaster or even a localized outbreak. Some of the risks are also associated with how lifestyles and working habits have had to adapt.
Here are critical steps to take right now:
- Analyze your current strategy
Adapt your disaster recovery planning to COVID-19, and work with a data recovery partner to review all associated risks. Unlike a server failure or a natural disaster, the pandemic has changed how organizations operate. One of the most dramatic changes is remote workers are relying on consumer-grade broadband that only offers consumer-grade levels of security.
As a result, cyber crime is on the rise in the form of phishing, DDoS attacks, network attacks, ransomware, and infrastructure attacks. With everyone using video-conferencing services, attacks on video-conferencing platforms have also skyrocketed. The attack surface grows larger with new working standards and less security.
With the pandemic on everyone’s mind, cyber criminals have exploited Covid-related phishing attacks whether it be for testing and vaccines to fundraising. But, phishing attacks can open the door to data theft, IT disruptions, malware, and ransomware. Also, employees are all affected when there is short notice for school closures or other restrictions. And of course, there is the potential for illness among employees. All of this is unchartered territory.
- Assess once more
Traditionally, many disaster recovery plans made allowances for IT failures. Remote work can be considered a form of business continuity. Still, remote working tools are not foolproof and are vulnerable to cyber attacks. Organizations must take into account the potential for attacks on domestic broadband services. So many workers are at home, and any broadband failures create a strategic risk. As such, many organizations are continuing to realize the opportunities and advantages of moving core services to the cloud. The cloud presents a reliable backup plan that improves resilience.
The other issue is providing a uniform layer of management. The right disaster recovery services vendor can offer continuous and secure management of data and storage.
- Remember communications
How will your disaster recovery plan work in a real-world scenario. How would you manage incident and failover from onsite to disaster recovery systems? The options are varied and also complex. Working with a vendor who offers a comprehensive and robust command center structure is priceless.
It’s also crucial to test your DR communications. Which stakeholders will notify everyone else? What is the chain of command? Who will induce your recovery plan? On the other hand, with a DR vendor, you will not have to worry about a chain of communications as they will resolve any issues expediently.
- Update DR testing
If conditions change to a lockdown scenario once more, DR testing must also change. Currently, many businesses are in a recovery stage and staff is working remotely. With so many variables in flux, who has the time or capacity to update DR testing? Yet, a DR vendor will run regular DR tests that simulate day-to-day remote access. As a result, teams can collaborate even in isolation as the systems will be running.
- Modify training
Does your staff need DR training? Do they understand how to prevent phishing and social engineering while working from home. Often, it’s easier to remind employees with a tap on the shoulder. But, face-to-face training is challenging in a pandemic environment and difficult to replicate remotely. Organizations should consider working with a vendor who offers specialized training that represents remote working practices and risks during a pandemic.
What about recovery?
In a remote working environment, recovery is challenging. Where will you store your backup data? The cloud is the most reliable option. Disaster recovery vendors make it convenient and cost effective to upload company data. Moreover, you won’t have to worry about the costs of maintaining your original servers. Instead, you can access specialized expertise to configure and deploy virtual machines and then provide access to your employees.
Since the cloud produces a multi-tenant architecture, it requires fewer resources while reducing expenses. When you partner with a DR vendor, you also don’t have to worry about trying to find a human being from your workforce to address any issues during a pandemic.
The right vendor will protect the underlying data and applications with identified failbacks to recreate functionality as needed. You don’t want to work on a plan when systems have already failed, and you have an entire organization breathing down your neck asking when applications will be up and running again.
Disaster recovery amid a second wave?
As social distancing guidelines and capacity limits on businesses are lifted, and business starts to recover or return to a semi-normal, there is another issue to think about. A second wave may surface. Therefore, it’s vital to remember what you did during your first experience with a pandemic. On the other hand, learn from your experience and partner with a trusted DR vendor to ensure your business remains resilient.
COVID-19 has certainly thrown a monkey wrench into disaster recovery and distributed employees and data across various locations. DR is now more complicated. But, you don’t have to sacrifice a good data recovery program. Consider partnering with the SSI team if you have additional concerns about disaster recovery services and remote work data protection.