November 2, 2016

What's your biggest fear? A breach that steals customer and employee data and makes you the latest victim headline? Ransomware that demands a massive payout, potentially shutting your doors? Or is it... nature?

I know. In the age of clever cyberattacks, worrying about something as quotidian as a storm seems almost quaint. But Mother Nature is right there in the IT rogue's gallery for a reason - and if she's not a factor in your crisis response plan, she should be.

Consider just a few of the weapons at her disposal:
• a storm that leaves you without power and electricity for days
• trees that crash through your roof
• floods
• an earthquake that shakes your datacenter to the ground
• a tornado that demolishes your buildings
• a lightning strike that causes a fire

See a theme here? You can't control any of these occurrences. This isn't like a chess game where you anticipate your attacker's next move and install a new security control to block him. When Mother Nature comes raging through your datacenter, there's nothing you can do to stop it.

You can make plans for continuity and recovery, however. Here are our tips on anticipating – and fortifying yourself against – the inevitable.

Make a plan.
Your organization probably has a plan for employee evacuation in case of a fire, right? A plan for protecting your data and other assets is just as important. Put together a crisis management team and draft a plan that covers everything from maintaining daily business operations to prioritizing critical processes to possible emergency scenarios and each team member’s response role.

Map out where your data is.
Is your data scattered across systems? Where is the most important data? Where do you need to maintain uptime no matter what? These answers can change from year to year, so make sure your team stays current and connected to an accurate overview of your digital assets. When disaster hits, you won’t have time to sort this out. Inspect your facilities.

Just as your facility has to meet fire codes and safety regulations, it needs to meet your own codes of data safety. Is the essential equipment protected? Is the large equipment anchored or stored on lower shelves? Is your electrical equipment elevated to reduce hazards? How secure is the building in general – could the roof cave in from too much snow? How well would it hold up to a tornado?

Conduct a risk assessment.
Identify your system vulnerabilities, and patch them up as best you can. If necessary, seek outside expertise for recommendations to secure your data.

Assess your backup strategy.
If your backups are local only, it’s time to consider off-site storage and cloud solutions. One fire, flood or storm could wipe out all of your data otherwise – so invest in a solution that can keep clones of your environment safe in another location. Be sure your multiple locations are disparate enough that they are not sitting in the same hurricane path or on the same power grid. If you’re still using tape backups, assess whether your team would be able to access those tapes in the case of floods, earthquakes and blocked transit routes.

Look for a BDR solution that offers fast recovery and fast performance. A severe storm or disaster could keep your production environment down for a long time. Be sure you can not only recover quickly, but offer reasonable speed and performance in the alternate environment. There’s no point in investing in a backup and disaster recovery solution that only offers slow and partial recovery – in today’s competitive world, users will hold delays and lost functionality against you.

There’s no doubt that nature is capricious. Many teams don’t take planning for business continuity seriously, or invest in modern BDR solutions, until they’ve lived through the destruction of a natural disaster. By then, of course, it’s often too late. But by creating a strategic plan and adopting the right tools now, your organization can keep your business up and running even in the face of Mother Nature’s worst calamities.