According to a study by Ponemon Institute in which 6,000 IT practitioners were surveyed, 86% of companies experienced one more instance of system downtime in the previous 12 months. Disaster can hit at any time and in any form; it could be a deliberate act of theft or randomly affected by cyber-crime, manual interference. In many cases, data gets lost due to natural calamities like fire, floods, earthquakes etc. In any case, the objective of data recovery is to minimize the disruptions of operations and limit the casualties.
Disaster Recovery (DR) is an important aspect of any cloud deployment. In the words of Amazon’s CTO Werner Vogels, “Everything fails, all the time”. It is possible that at times, an entire data centre or region of the cloud provider goes down. Cloud providers like Amazon and Microsoft will readily suggest that you must have a Disaster Recovery and Business Continuity strategy. The strategy should span across multiple regions, which will make your replication survive a whole region failure. This sounds good in theory, but there are several hurdles in the methodology for deploying the same.
Let us first understand the need for a Data Backup and Disaster Recovery Plan.
Why do we need a Data Backup & Disaster Recovery plan?
End users can be unpredictable and tend to take data security leniently. Hence it is the service provider’s responsibility to set up a data recovery plan to avoid data breaches. With a growing number of cyber-attacks and malware, viruses moving in the online environment, data security needs to be taken seriously. Listed below are the top reasons why a thorough data recovery plan needs to be set in the plan.
Faulty security systems:
Security management is an ongoing process as newer firewalls should be installed every time a new type of malware is detected. During the installation of security systems, the posture of the IT environment must be weighed in to identify potential threats that can be harmful to the company.
Restrictions with a cost:
While a one-time security installation may be part of the budget, data recovery can be overly expensive. However, planning preemptively and securing a separate budget for unexpected disasters and data recovery plans can prove to be cost-friendly and economic to the organization.
Sensitive information can be susceptible to data breach and can lead to permanent data loss that can lead to the company losing the exuberant amount of money. Without a data retrieval plan or a cloud backup service, the vulnerability of data increases significantly.
Threats from multiple sources:
Cyber-attacks come in various forms: viruses that can infect your software are prevalent in the online world. Software systems get hacked, weak passwords let malicious intruders into the internal systems causing havoc in all possible manner when sensitive information gets leaked. One security incident can have a domino effect, causing the entire security system’s downfall.
These issues from cyber-attacks can hamper the ongoings project timelines, resulting in missed deadlines for project completion. Business can take a severe hit leading to an insufferable downfall, all because of faulty security systems that are not working as they should.
Before considering a disaster recovery plan, a thorough risk analysis is conducted to list out gaps in IT systems to identify and analyze the gaps in security that are vulnerable to cyber-attacks. Here is a blog on “Detection and prevention cyber-attacks with SecureThat” that gives a detailed idea about the security offerings by Microsoft which is helpful to build a DR and Data backup plan.
Disaster recovery and data backup are necessary for seamless business continuity and a satisfied customer base. Despite significant disruptive events that can be unpredictable like a data breach, cyber-attacks or natural calamities, a solid disaster recovery plan must be adopted by companies to ensure the smooth running of critical projects and continuous business delivery.
Let us have a deeper look into one such scenario where a Data Recovery plan was implemented by the CloudThat team of experts.
Case Study: Setting up Multi-Cloud DR on AWS and Azure
In the years 2016, a very well-known Payment Gateway Services in the United States found itself in a crisis when the database stopped working at 12 am. While the payment gateway was working fine, the application started to send data errors in the backend. Almost 4.5 hours of data were lost, there was a downtime in the system as RDS instances were tempered with and panic surged through the tech team dreading the ongoing data breaches and their implications.
CloudThatteam of experts partnered with the technical team and assisted them to identify the Root Cause Analysis through a Data Recovery Plan. Measures were taken to identify the cause of the data breach, whether it is a ransomware attack, a deadly virus, or misplacement due to manual intervention. It is often in these kinds of situations when a significant amount of data is lost that people realize the importance of Data Backup. CloudThat team working on the project performed a thorough check of data backup to determine if the lost data could be retrieved through the backup logs. After a few hours, the data was restored, and the database was updated.
The team also found out that this was a deliberate act of data breach from an employee of the client working on the same project.
The member from the client’s technical team deleted the AWS RDS database and its backup copies from the system. Luckily, most of the data was recovered from another copy that the architects made as part of the Data Backup plan.
Moving data from one cloud provider to another like AWS to Azure requires a lot of automation. This would take substantial human effort that can prove to be tedious and expensive. A warm DR was set up where the majority of things could be started from scratch as and when needed. Many cloud-native services were used. For example, on the AWS side, S3 for storage was used, and instead of creating disks, Azure Blog Storage Service was used.
Architecture Diagram and Designs
Enterprises should always be on the lookout for upgrading the security systems to eradicate existing breaches and have a data recovery plan to restore sensitive data. Having the right disaster recovery plan is fundamental for any organization for smooth business continuity.
In this blog, we understood the process of preparing for and recovering from a disaster and its need in organizations. Stay tuned to other strategies in the DR plan i.e., Pilot Light, Warm Standby, and Multi-site active/ active.
Prarthit Mehta is the Business Unit Head-Cloud Consulting at CloudThat. He is an AWS ambassador and has experience delivering solutions for customers from various industry domains. He also holds working experience in AWS and Big data platforms. He is an AWS Certified Architect - Professional and a certified Microsoft Azure Solutions Architect.