Disaster Recovery: Not Just Backups

Some folks blame General George Patton for the G6P Principal.  Others say it was none other than Alexander the Great.  Either way, they both certainly employed it.

“What is it?” you ask.

I’m so glad you did.  Otherwise there’s no point in going on with this article.  G6P stands for Good Prior Planning Prevents Poor Performance.  And nowhere is that truer than in IT and it’s definitely true when it comes to Disaster Recovery or DR as we like to call it.

Too many times we end up with what I call the “The Little Rascals approach to DR”.  You remember them, they’d decide to put on a show, and at the end of it all Steven Spielberg would be envious of the production.  Might be good entertainment, but it’s very poor business because most folks think DR is one thing.

The thinking goes like this, “I do backups.  I’m covered”.

Not always, Backups by themselves are by no stretch of the imagination, disaster recovery.  They’re a piece of it.  The rest of it is planning.  Backups are great, but what do you do with them once you’ve got them.  Can you restore a whole server, much less a file with one?

DR is a big subject, and people get frightened by it because it is a really big task.  One of the real problems with DR is we always labor under the impression that this happens to other people.  The thought that our business might burn to the ground is something that simply unimaginable to us.  But if you’ve ever been in a traffic accident, you know that things do have a tendency to come and haunt us once in a while.

Most of the time though, they just don’t know where to start.

So, let’s start simple.  Let’s look at the threats that face your organization.  Here’s a chart, based upon Forrester research, which shows the causes of companies activating their emergency plans for it.


There are a lot of things on that list you can nothing about.  But there are a lot of things you can do something about.

Before you can start doing effective planning, much less mitigation (a 20 cent word that means eliminating or lessening the impact of an event), you need to know what threats you face, and they’re almost always broken down into three areas.  They are:

  • Natural Hazards.  Almost always the list here is long, but again, we have to look at the historical happenings.  Example, if I live in California, making sure my data survives an earthquake is a high priority.  Here in Colorado?  Despite living in what the USGS calls a High Earthquake potential area, the last decent quake we had was in the early 1900s.  That means Earthquake planning isn’t high on my list.  But Tornados are.  And so are winter storms.  All of these can cause outages or rearrange my datacenter for me.
  • Man Made Hazards.  When we talk about this one, one thing comes to mind.  Fire.  Let’s face it, our datacenters are combinations of energy, fuel, and oxygen.  Let any of the three get out of balance, and congratulations, you’ve got a fire.  Most of us would think protecting the datacenter would be job one, and we may have sprinkler systems or some other kind of system to put a fire out, but let’s face it.  More often than not they’ll do just as much damage as a fire would have.
  • Last on the list.  Technological hazards.  This is the one we spend a lot of time trying to do something about, and it covers everything from failover systems, to Antivirus systems, to Firewalls, and so on.

So don’t just rely on backups, when it comes to Disaster Recovery. Always keep in mind, that the harm of these three groups of hazards can be mitigated just by planning thoroughly and on timely basis.

Improve your IT security posture by reducing your IT risks