In this week’s Voices of the Industry, Mark W. Jobson, Director of Product Marketing for Iron Mountain’s data center business unit, discusses the state of DR preparedness and how it pertains to the colocation industry.
It feels like a more dangerous world as I write this article as compared to my first day marketing data centers back in 2008.
Coming from the world of casino marketing, I remember vividly having a conversation with my new boss about what drove colocation demand and passing along information about how the casino world handled business continuity/disaster recovery.
Before working in technology, I had thought the whole idea of a disaster recovery (DR) plan was a waste of time. Apparently I had better things to do then create backups of backups of the database on DVD’s and take them to the secure offsite location. Like a disaster could ever happen in the tiny town of Alton, Illinois.
After a few short months of working in the colocation industry, I came to realize that disaster recovery planning really was a big deal. Developing marketing materials around DR use cases, I encountered devastating stories of businesses without BCDR plans that were hit by a hurricane, flood, fire, act of terrorism or like tragedy that rendered their business inoperable.
This article is a reminder that while according to the reports, DR plans are becoming more common, we still have a long way to go to ensure businesses, employees and customers are protected by a reliable DR solution.
Regardless of how you feel about global warming, the data shows Mother Nature is not a happy camper of late.
According to the National Centers for Environmental Information, 2015 was the most prolific year on record since 1954 for tornadoes in the United States with nearly 900 documented occurrences. The Environmental Protection Agency also sites that “heavy precipitation” has increased dramatically in the recent past.
“In recent years, a higher percentage of precipitation in the United States has come in the form of intense single-day events. The prevalence of extreme single-day precipitation events remained fairly steady between 1910 and the 1980s but has risen substantially since then. Nationwide, nine of the top 10 years for extreme one-day precipitation events have occurred since 1990. The occurrence of abnormally high annual precipitation totals (as defined by the National Oceanic and Atmospheric Administration) has also increased.” – EPA
Other storms that cause catastrophic damage are also on the rise. The “Nor’easter” continues to cause disruption in the largest East Coast population centers, with massive snow, ice, flooding and extensive power loss. As for hurricanes / tropical cyclones, the EPA once again sees a trend of increased frequency and intensity, presenting those in the Southeast and Gulf states with an ever-present threat to business continuity.
“Tropical storm activity in the Atlantic Ocean, the Caribbean, and the Gulf of Mexico has increased during the past 20 years. Storm intensity is closely related to variations in sea surface temperature in the tropical Atlantic.” – EPA
Flood potential is a major threat to a data center for obvious reasons. Scientific American cited 2016 / 2015 with 500-year and 1000-year floods in West Virginia, Texas, Oklahoma, South Carolina and Louisiana as the basis of its thesis that it is time to re-think the way we classify flooding and how/where we build to prevent being in the path of disaster. In all, the flooding caused billions in property damage all within a twelve-month span.
Organizations do have a choice when it comes to where their data center resides and this is where colocation for DR shines. Part of the colocation site-selection process is identifying a parcel in the lowest risk area possible within any desired Metro Area or – for DR-specific data centers – the lowest risk US region possible with enough geographic separation to comply with industry/internal regulations for target customers. Facilities built in high-risk areas are bolstered with designs specifically created to address high winds, risk of flooding, earthquake readiness and other possibilities.
If the world feels more dangerous today, it’s probably because … it is. What happens if those who don’t play by the rules start targeting the data center?
According to CNN, in the year 2015, “terror attacks in developed world surged 650%”.
And, for the most part, the “developed world” describes where most of the world’s data centers are located. Add in the topic of cyber-terrorism and the numbers are even more staggering. According to a bitpipe security report, 62% of security professionals reported an increase in insider security threats. This was coupled with a staggering statistic that 63% of companies did not have a cyber threat response plan in place and that 50% of those did not feel that it was necessary.
As in the example of insider threats, the physical security layer is still – and will always be – a critical component of protection. Ransomeware has brought to light the importance of having readily available data center environments separated from seized assets, allowing companies the ability to switch over to uncompromised IT environments as opposed to making a choice between payment and operational interruption.
While it is hard to say that any location or company is completely safe from attacks, you can take steps to mitigate the associated risks. For example, think about how many layers of protection there are that prevent an unauthorized person(s) from accessing the actual hardware in your data center. Does it start and finish with a securely locked door?
Colocation facilities from top tier providers feature a wide range of protection such as CCTV cameras with redundant coverage of every square inch of their campus. There are biometric scanners that combine with key cards and pin pads to mandate three layers of personalized input to authenticate a user before they may open a given door. Mantraps and tailgating alarms prevent someone from sneaking up behind a person entering after an authorized user post-authentication. On-site officers, access logs, diamond plating, bullet-proof glass, facial and retinal scanners – the list of potential security components is extensive.
So, with an increasingly dangerous world to live and conduct business in, how prepared are we to protect the organization, employee and customer?
In 2013, according to the Disaster Recovery Planning or “DRP” survey, 72% of businesses received a D or F grade with regard to their level of DR preparedness.
In 2017, Forrester said that “The use of advanced technology is growing, but infrequent DR testing results in low preparedness.” An invenioit survey of 400 IT professionals found that 74% of companies with 500 or more employees at least had a DR plan, but only 54% of companies with less than 500 employees were in the same boat. The same survey found that less than 2% of respondents had established a reliable DR solution. Less than 50% were using cloud and less than 50% of those were using hybrid IT.
So, C’s and below are what make up the 2017 DR preparedness report card, not exactly what a teacher would reward with a class pizza party.
This state of DR preparedness is not only dangerous for the organization and its employees. The customers who regularly consume products and services from such organizations are at risk from simple loss of access to identity theft and other serious ramifications. And, as the members of the developed world become more and more dependent on technology to execute their daily lives, there is more disaster-related risk than ever.
Conclusion – what to do about it.
According to devops.com, Fortune 1000 companies report the average cost of unplanned application downtime to be $1.25B to $2.5B every year. While not all of this is due to a disaster, it follows that a little more investment in DR can pay off in a big way for even the largest, most sophisticated of organizations.
The good news is that with technological innovations, organizations have a wide-range of options for that elusive, reliable DR solution. No longer does a budding young casino marketer have to export the company database to DVD at a given frequency and deliver it to the designated location.
Hybrid IT solutions provide a diversified environment for proper segmentation of systems and workloads to manage budgets as well as a properly prioritized, compliance-ready recovery process. This includes a mix of a colocation hub with cloud, managed services, tape and in-house options layered on top.
Specific to the colocation DR hub, while it is only one component of the DR plan, hosting a backup/DR environment at a reputable colocation provider can address a variety of different risks while optimizing for hybrid IT.
The right facility will feature increased security that help protect against an attack. Purpose-built data centers can be wind-rated to resist big storms and there are even underground data centers in remote locations that protect from natural and manmade disasters with the geographic separation to address any compliance requirement. Many colocation providers also offer easy access to cloud and network ecosystems for efficient tethering to cloud-based and on-prem environments.
With all of these options, here’s to hoping that when the 2020 DRP report comes out, the findings show respondents making the grade when it comes to DR preparedness.
That will be one well-deserved, long-awaited class pizza party. Pepperoni and sausage please.
Mark W. Jobson is Director of Product Marketing for Iron Mountain’s data center business unit.