Goodbye 2020, hello 2021.
The longest year in recent memory has finally ended and, if we’re lucky, life will slowly start getting back to normal. But, as we look ahead to new beginnings, let’s take a moment to reflect on the lessons we’ve learned over the past year and how we can best utilize them in 2021.
Here’s a look at four major disaster recovery (DR) takeaways around availability and resilience from 2020, as well as measures you can take to avert disruption moving forward.
1. Disasters don’t care about the timelines of other disasters
COVID-19 garnered most of our attention in 2020 (and rightfully so), but it wasn’t the only devastating disaster that happened throughout the year. In 2020, business continuity (BC) and DR plans were pushed to the limits because of multiple disasters happening simultaneously.
The Atlantic hurricane season was the busiest on record, with 30 named storms and 13 hurricanes -- six of them major. Wildfires raged up and down the Western U.S. and throughout Australia, flooding struck parts of Asia and the Middle East, and a massive power outage in Mumbai left millions without power for hours.
Multiple disasters at once can stretch or even break your BC and DR plans. With everyone remote during the pandemic, some elements of those plans might have to shift. You’ll need an adaptable recovery plan that factors in where your employees are working (e.g., on-location vs. remote). Always consider concentration risk and anticipate supply chain issues -- in certain events, it could take months to get a replacement part if a piece of hardware breaks down. Don’t forget to maintain regular testing schedules. This will allow your organization to build muscle memory for various disruptions, close resiliency gaps and modify plans as needed.
Additionally, handling multiple crises adds stress to recovery teams. To combat this, consider sharing recovery responsibilities with a specialized third party. That way your teams can turn their attention to core business needs while making certain DR efforts are also covered.
Whether it’s your workforce availability, technology, or even testing practices, remember: You must remain flexible.
2. More and more businesses are looking to the cloud
The surge in remote work due to COVID-19 has also sped up cloud adoption. Forty-eight percent of businesses accelerated their cloud migration plans during the pandemic, according to a survey by Centrify. Furthermore, 87% of global IT decision makers believe COVID-19 will be responsible for expediting cloud usage, per LogicMonitor’s Cloud 2025 study. Currently, the IT landscape is divided among private cloud, public cloud and multi-cloud.
Eighty-seven percent of businesses utilize a hybrid cloud strategy, relying on some combination of public and private cloud. Over three-quarters of companies (76%) have at least one private cloud, while some organizations have three to five clouds.
Performance remains a concern. Sungard AS can offer secure on-demand and scalable connectivity across some of the world’s leading cloud providers, while also supporting hybrid and multi-cloud workloads.
Businesses are also adamant about optimizing cloud spend. To help organizations achieve these needs, Sungard AS unveiled its new Private Cloud. With this offering, you get more control, security, recoverability, commercial and service flexibility, as well as the ability to focus more attention on your core business functions.
3. The resilience and risk of your third-party partners is critical
Confidence in your own ability to withstand disruption isn’t enough. Your success depends on the resilience of your vendors and services too.
This year alone, Tesla, Boeing and SpaceX had data exposed thanks to a cybersecurity incident at one of their precision parts makers, while sensitive employee information at General Electric (GE) was put at risk because of a data breach at contractor Canon Business Process Services. And these are just two examples.
That’s why more companies are evaluating the risk of their third-party partners. Your partners need more than just a plan in place; they need actionable steps, employees who understand the plan and regular testing.
They should also assess the “effectiveness duration” of different disruption response strategies. For example, do they know how long their plan – or plans – can withstand a disruption? Do they have response strategies in place to overcome disturbances for 60, 90 or more days?
Be sure you’re also identifying any concentration risk you might have among your vendors. If your partners are all situated in the same region, consider adding a supplier that’s geographically dispersed or multiple suppliers in different regions.
While every business should be looking at its own business resilience, if your partners’ resilience isn’t up to par, it could spell serious trouble for you down the line.
4. Cyberattacks are growing, options for recovery are shrinking
Hackers used COVID-19 as a cover to increase activity and take advantage of the stream of new employees working from home. Per the FBI’s Cyber Division, its Internet Crime Complaint Center received 3,000 to 4,000 cybersecurity complaints per day back in April (compared to just 1,000 daily complaints before the pandemic).
Unfortunately, if you’re a victim of a cyberattack, recovering isn’t as simple as you might think.
Ransomware, for example, accounted for 51% of all malware attacks in Q3 of 2020 and began targeting U.S. hospitals as COVID-19 cases spiked. But if paying the ransom is your first instinct in this situation, you may want to think again. A new advisory from the Office of Foreign Assets Control (OFAC) in the U.S. says you could now receive sanctions if you pay ransoms to certain malicious groups.
Recovering compromised data after a cyberattack can be another minefield. Your DR plan will not actually help you recover compromised data, which is an entirely different recovery case than disasters like hurricanes or power outages.
You need to take additional steps to protect yourself. Setting up a 3-2-1-1 recovery architecture can help you get there. This includes three areas of separation (people, process and technology), two recovery strategies, one off-network or immutable copy of your data and one off-network secure environment for analysis, clean copy identification, and recovery validation activities.
Looking ahead to 2021
No one knows what 2021 will bring, but the preparations you take now can guard you against the unknown and unexpected. Last year offered ample lessons on resilience, and optimizing and modernizing IT. But only by taking action on those lessons now – adjusting your BC/DR plans, checking in with partners and optimizing cloud use – can you ensure a smoother 2021.
