Businesses have adapted to meet pandemic challenges, but are disaster recovery strategies keeping up?

Jonathan Bowl, AVP & General Manager, UK, Ireland & Nordics at Commvault, explains how DR strategy should be aligned to organisations’ pandemic response

In the last few months, almost every business will have evaluated and, where necessary, updated its technology strategy and processes. Getting as close to business-as-usual has been a huge priority and focusing on operational infrastructure, communications, and collaboration tools and services has delivered widespread benefits.

But what about disaster recovery (DR)? How many organisations have reviewed and updated their approach to DR in line with their current situation? These are important questions that deserve specific attention, as plans that were in place for the ‘old normal’ might not be appropriate for rapidly changing circumstances. So, what are the current drivers of DR strategy and how can businesses ensure they can identify and adapt to any gaps in their approach?

Disaster recovery planning and preparedness

Top of the list for most organisations should be to review and update their disaster recovery preparedness. Historically, DR has not been flexible, simple, affordable and comprehensive. Given the significant change in circumstances faced by businesses across the economy, and the different use of technology infrastructure, DR planning may well need a reboot to ensure these needs are being met.

Unfortunately, this isn’t something where a one-size-fits-all mindset works, because each DR plan is unique to individual organisations. However, there are a few foundational points that all planning and preparation should have in common.

These begin by establishing the wider mission of the organisation and prioritising the risks it faces. Those leading the process must then define what should trigger the declaration of the disaster and activation of the DR plan – again, something which varies for everyone. Plans can look very good on paper, but they need to be tested regularly and have the full support of executive management; all key stakeholders need to engage with the principles and objectives of the plan.

Increasingly, organisations now have the advantage of using cloud disaster recovery services, enabling them to quickly recover data from locations around the globe. While working from home, it gives technology leaders the ability to restore cloud-based workloads to offices, manufacturing facilities, or cloud-based services around the world.

Stopping ransomware in its tracks

There’s a new ransomware headline and code name almost every week. In the most extreme cases, the impact can be devastating, evidenced by the decline in fortunes of the currency exchange business, Travelex, which was forced into administration in August. As well as the impact of COVID-19, it was concerning to see the administrators call out the impact of the ransomware attack it suffered in January, which together had “acutely impacted” the business.

It’s no surprise, therefore, that ransomware prevention is a priority for both cloud and on-premises data management professionals. Combining encrypted backups, alerting, anomaly detection, immutable backups, air gaps and data isolation support means that if a ransomware attack does happen, victims can enable rapid data recovery.

Driving digital transformation

As Microsoft CEO Satya Nadella put it at the end of April, “We’ve seen two years’ worth of digital transformation in two months.” During that same month, Microsoft logged over 200 million Microsoft Teams meeting participants in a single day, and more than 4.1 billion meeting minutes. It’s just one of many examples which underline the rapid pace of change.

It certainly matches the experience of many organisations that have adapted to lockdown with admirable speed and agility. In turn, it has also served as an important lesson to business leaders that digital transformation is a ubiquitous requirement for succeeding in a changing world. For many, lockdown has removed philosophical and practical barriers to progress, and these changes are unlikely to be reversed, post-pandemic.

But data protection also needs to offer similar flexibility for new technologies, processes and working cultures. From industry-specific SaaS applications to virtual machines, PaaS databases to Office 365. The best prepared organisations were able to absorb new technologies using the same DR solutions, interfaces and processes that were already in place. That offers a lesson for everyone else who wants to plan for future uncertainties.

Accelerating cloud adoption

Cloud adoption is likely to be given extra momentum as businesses respond to the constraints put on their operations by the pandemic. Research from Boston Consulting Group (BCG), for example, found about one in three organisations had reported a pandemic-influenced push for increased cloud migration, and around 45% expect cloud migration to be a major priority over the next 12-24 months.

There’s also the increase in organisations building applications in various containers in the cloud, and managing these is becoming trickier as their number and scale increases. Businesses need the ability to migrate applications across clouds and hybrid environments, but they also need the confidence that all of these are protected by an effective DR strategy.

Because don’t forget, cloud-based workloads may rely on the high availability of the cloud, but they still need data protection from a third-party source. And just because data is in the cloud, doesn’t mean you should assume the protection is already handled by someone else; your data, your responsibility. Any organisation that doesn’t have cloud data protection on its radar should be setting aside time to speak with a local services, cloud or DR technology specialist to develop a cloud strategy.

Protecting SaaS applications

SaaS applications enable a remote workforce, but the data stored in the application needs to align with data backup and recovery SLAs. This is important because SaaS vendors are responsible for availability – not data recovery.

So, SaaS apps need data protection. Whether it’s a pandemic-influenced switch to Microsoft Office 365 or the realisation that an entirely mobile workforce needed to use Salesforce outside the office walls, the technologies must work hand-in-hand. Each individual organisation owns the backup and recovery of data from these cloud-based applications, and this means that DR must adapt to meet requirements as they exist today – not as they previously were.

DR has changed over the years thanks to technological advancements in both software and hardware, especially the cloud. What hasn’t changed as much about DR is the need to identify priorities and risks – and in doing so, develop a relevant strategy and plan. The data itself is extremely valuable, and increasing every day.

The pandemic has pushed organisations to evolve and transform their data use, and therefore they must have the ability to become more data-driven to stay relevant at a time when managing data has never been more perilous. And if this year teaches us anything about data and DR in particular, it’s that we should act on industry-wide advice to ensure we are agile and flexible enough to meet the unexpected head-on.