Resilient IT systems – those that can maintain availability through incidents like outages, weather events, and security breaches – have always been a key part of organizational resiliency.
Data centers are a cornerstone of many enterprise IT environments, and these physical storage sites rely on robust continuity and disaster recovery plans to shore up business operations in the event of a disruption.
COVID-19 has only heightened the urgency of data center resiliency planning, as organizations realized they lacked comprehensive continuity plans during the massive shift to remote work. Cyberattacks are also on the rise across sectors, with nearly 300 ransomware attacks recorded in the third quarter of this year, double the previous quarter.
IT leaders should act now to fortify their data centers against mounting security threats in the coming year. Here's what organizations need to know when planning for data center resiliency in 2021.
Reconcile service expectations with what is feasible
The trouble with discussions about data center resiliency is that they often suggest there's a singular "resilient" endpoint for all organizations. The reality is that what is necessary and what is possible during a disruption will look different for every organization.
In an ideal world, all applications would remain available following an outage, or their recovery times would be less than an hour. But for most organizations, technological or financial constraints make those scenarios unattainable. An application might be too complex to recode to run in multiple data centers, or it might take months and millions of dollars to do so.
When identifying goals for data center resiliency, organizations must distinguish between applications that are mission-critical to the business and those that are not. This will help minimize serious financial and productivity losses and reserve budget and resources for systems that need maximum resiliency.
A human resources application, for instance, may not need a recovery time objective (RTO) of less than 24 hours as it won't seriously impact day-to-day operations. A payment processor, on the other hand, might need restoration within several hours to uphold continuous customer service.
Decreased device visibility underscores the need for data protection
The limited visibility IT leaders have into employee devices increases the security risk posed by remote work. Remote workforces are more prone to human error, making unpatched data and assets more vulnerable to malware attacks.
But not all data are created equal. Just as organizations must prioritize mission-critical applications for resiliency planning, IT leaders must identify the most sensitive data sets, like those containing customer or classified information, to devote resiliency planning resources.
Prevention and swift recovery are two main components of protecting sensitive data against malware threats. IT leaders can enact both through the following:
- Employee education. Prevention starts outside the data center. IT leaders should circulate employee education materials about how to detect and report malware threats like phishing campaigns or ransomware attacks.
- Immutable backups. In terms of data recovery, a backup is essentially useless if it's not locked. Immutable backups stored in data centers will safeguard compromised data from further damage from employee tinkering.
The cloud should reinforce data center resiliency
Despite new challenges to business and data center continuity brought on by the pandemic and remote environments, solutions and strategies have remained relatively the same. A mix of data center and the cloud continues to be a dynamic resiliency approach.
To determine which mission-critical applications and sensitive data sets should live where, here are a few guidelines:
- Legacy, non-elastic, and static applications are better off in data centers. These applications are difficult to restructure for storage in the cloud.
- Highly sensitive datasets are better off in data centers. Data centers are more conducive to strict governance and compliance requirements – cloud migration of these assets can be risky if executed improperly.
- Applications with high usage rates could benefit from cloud storage. Mission-critical applications used by a high number of employees, such as payroll applications, are easier to scale in the cloud.
Don't wait for a disruption to build data center resiliency
Too often, organizations haven't assessed the full extent of their data centers' resiliency until a real incident tests it and compromises business continuity.
IT leaders should plan now for worst-case disruption scenarios to improve their ability to execute best-case responses. They can do this through strategic prioritization of mission-critical applications and sensitive data, employee education, recovery and backup planning, and cloud reinforcements. That way, they can prepare their organizations to weather any storm 2021 may bring.
Tom Kiblin is the vice president of managed services at ServerCental Turing Group (SCTG).