However remote the chance, any IT department should have a backup and recovery plan that takes natural disasters into account. Barracuda's Greg Arnette discusses best practices.
It's no secret that natural disasters are wreaking havoc these days.
From destructive hurricanes to wildfires, it seems like we can't go a few days without hearing about a damaging disaster. Pretty much anywhere in the world is susceptible to at least one kind of natural event. With that in mind, is your backup and recovery strategy ready for the worst?
"It certainly has opened IT folks' eyes to what can happen if a proactive plan is not in place," said Greg Arnette, a technology evangelist at data protection and security vendor Barracuda, of the recent major disasters.
In this Back Up to Basics podcast, Arnette details how you can be prepared, discussing new trends in the industry, as well as historically solid best practices.
One major trend in a backup and recovery strategy for natural disasters is the use of cloud-based services, Arnette said. The cloud can be a good alternate site for backup in the event of a disaster that takes down a primary data center.
"I think it's going be a process that plays out over the next few years, as we grapple with the effects of climate change and the increasing number of storms and the severity of storms that just ripple through all aspects of our lives, including the technology that we depend upon," Arnette said.
Arnette, who was founder and former CTO of Sonian, a cloud archiving and analytics company acquired by Barracuda Networks, also made the case for using a call tree as part of a comprehensive backup and recovery strategy. It's crucial to strive for a complete data protection plan, because natural disasters can be damaging to just about any organization. And if you're not prepared, the consequences could be business-ending.
"It's an important topic, and we need to educate as many people as possible," Arnette said.
Listen to the podcast and read the transcript below to learn more about improving your backup and recovery strategy as it relates to natural disaster protection, plus where Barracuda will be focusing in the months ahead.
Editor's note: The following transcript has been condensed and edited for clarity.
How much stronger are natural disasters today versus 10 or 20 years ago?
Greg Arnette: Well, it's certainly a topic that's on the top of everyone's mind these days. It seems like the earth is being plagued with disasters that are coming on multiple fronts -- wildfires, hurricanes, tornadoes, earthquakes, tsunamis.
I don't know if it's our media attention or in fact the number of disasters and their severity are increasing. It feels like that's a true statement. And I think it's something that we all can be aware of, especially around our IT services and how we can assure business continuity and uninterrupted business operations in the face of a natural disaster.
How are you seeing organizations change their backup and recovery strategy in the aftermath of some of these recent destructive disasters?
Arnette: It certainly has opened IT folks' eyes to what can happen if a proactive plan is not in place, or if there's been negligence on thinking about how to maintain business continuity in the event of a disaster that takes out buildings or disrupts power or telecommunications.
Part of the countermeasures that we see companies implementing are to use cloud-based services instead of on-premises systems as an alternate. The thinking is, if you're using a cloud-based service that employs a successful backup strategy at that end, then the ability to maintain business continuity will be more likely than if you tried to do it yourself in your own data center.
So, the rise of cloud and the rise of software as a service, especially for common systems like email and document sharing, are ways of mitigating potential problems should there be a big disaster that strikes physical facilities. Those systems had traditionally been hosted in a company's own data centers and are now being put up into the cloud either in Microsoft Office 365 or G Suite or IBM's offering, for example.
But I think it's going be a process that plays out over the next few years, as we grapple with the effects of climate change and the increasing number of storms and the severity of storms that just ripple through all aspects of our lives, including the technology that we depend upon, especially in a business setting for communications and coordinating work between employees.
A natural disaster can be very sudden, even with something like a hurricane that you know about a few days in advance. There really wouldn't be enough time to start a backup and recovery strategy then. Could you detail a few tips for organizations planning for a natural disaster regarding their backup and recovery?
Arnette: It's an area that we often talk about in IT, but don't actually dedicate the time or resources to implement, because it is sort of seen as, 'Oh, it's a one-off event. It may not happen to us.' But when it does happen and if you're caught off guard, it can be quite ruinous. It can potentially even destroy a business if the data is not protected.
So, in terms of proactiveness, it's the same kind of way we think about why we buy insurance. We want to protect ourselves against an unknown future event that can be catastrophic. And it's fairly straightforward these days to implement these types of systems that can help ensure that there's going to be appropriate measures in place for business continuity.
There's technology and people and process. On the technology side, implement a great backup strategy. Most companies today do have some kind of backup strategy. If they don't, then they're really operating at high risk. The first step is making sure that the backup strategy has an off-site component that's physically and geographically separate from the core office to ensure that data can be recovered if a fire or a flood destroys hardware. It can be physical off site, or the company could use the cloud.
Within the cloud, the data should be replicated sufficiently in geographic areas to ensure that the information is going to be accessible when it's needed. Hopefully, you're using the cloud as one of the back-end data points so that you have that extra level of resilience.
On process, it's having well-documented remediation steps should a disaster strike. That can include contingency plans on how to alert employees and key staff about the changes in IT during a disaster scenario. You should also have a call tree in place so that if email is down, people know how to reach other folks outside of emails to get the word out on how to continue business operations.
This should be all documented and hopefully stored in an accessible area that isn't relying upon the core infrastructure should it be compromised by the disaster. You could use another cloud-based system, such as a hosted documents system, with access points accessible to key folks that are responsible for the business continuity aspect.
On the people front, it's having adequate education. Perform 'fire drills.' No one likes to think about this stuff. It often does not happen. But when it does happen and you're not prepared, that's when you will suffer the most consequences.
You've mentioned the cloud a few times. Are you finding that most organizations are using the cloud in some form for backup at this point?
Arnette: It seems that most organizations are using an option that moves the data off site to a cloud environment, whether it's a public cloud or private, self-managed cloud.
I think the cloud looms large in disaster recovery planning going forward, especially around the SaaS apps that are being powered by the cloud that are now displacing on-premises systems, which makes it easier to recover from a disaster. If you have less infrastructure to support on-premises software and it's all been moved to the cloud, you can streamline your recovery processes that way.
You also mentioned the call tree option, and we've run a few pieces on emergency phone trees. It seems like something, in this age of new technologies and the cloud, that could be overlooked by companies as a viable backup and recovery strategy. Is that something that you found at all, or are organizations using call trees?
Arnette: There needs to be a way of disseminating information when primary systems are down. That often means folks will be scrambling for their mobile phones and looking for numbers. They may or may not be in that local contact directory, because you might have been relying upon the cloud version of that directory to access information.
So, having an offline, reliable, updated call tree is important for getting information out to key people and then to the employee base in general about what's happening, what are the next steps that are going to be involved in the recovery and so forth. Unfortunately, oftentimes the call tree could be using some kind of aspect of key IT services. And if that's compromised, then the call tree itself will be unavailable, and a key component for recovery will be inaccessible to users.
What does Barracuda do specifically to help an organization with backup planning for natural disasters?
Arnette: Barracuda has been providing services for a while in this area that offer remediation. Across our data protection group, our backup services replicate a copy of the data from the on-premises appliance to a cloud location. We provide customers an option to store data in the Barracuda cloud or to put data up in a public cloud environment. And then you get the ability to have a geographic spread of that information and to recover it from the public cloud should there be a problem.
On our email security front, we provide some capabilities around front-ending Office 365 with services that can process data should the platform have a problem specifically.
You were the founder and former CTO of Sonian, which is a cloud archiving and analytics company that was acquired by Barracuda Networks about a year ago. What has the transition into your new role been like?
Arnette: It's been an exciting journey. Barracuda is a much larger organization, on track for some very significant customer growth in the coming years, focusing on security and data protection. I've been fortunate to join the data protection group as a technology evangelist, as a thought leader providing strategy and direction on future product creation for this area. I'm really excited about the role. And I think there's a big opportunity for Barracuda, which is such a name brand in IT, to take that forward into a cloud-first, cloud-native approach.
What are some specific areas where you and your company will be focusing in the year ahead?
Arnette: We're very interested in an adjacent area to backup that is typically called disaster recovery as a service. It's the ability to take that backup data and then actually hydrate it to a virtual machine and operate the software as if it were on-prem. It's an area of focus right now, and there are a number of different paths we're considering to make that available to our customer base. We think that will complement backup very nicely and leverage the tremendous installed customer base we have with our backup product.
In addition to that, we're also looking at other enhancements to our cloud-to-cloud backup service. We think of cloud-to-cloud backup as a way for customers to have an additional layer of protection for the information they're storing in Office 365 and other SaaS-based systems. We often trust our cloud providers of these SaaS services to back up the data and protect it, because it's part of our subscription and part of the SLA [service-level agreement] that they provide us as customers. But it's really a great insurance policy [to use outside backup]. We want to be able to provide that to more SaaS services beyond what we're doing today with Office 365.