When Hurricane Maria unleashed 155 mile-per-hour winds on Puerto Rico in September 2017, the island's power grid didn't stand a chance. Not only was the electricity out, but 1,360 of Puerto Rico's 1,600 cellphone towers were offline. For months, people went without access to fresh water, and homes and businesses went without power for all but the most basic needs.
But President Gilberto Marxuach of the Universidad del Sagrado Corazón galvanized an IT disaster recovery plan to continue getting coursework to his students. The century-old university, located a few minutes drive from Old San Juan, didn't suffer much physical damage. But the software that managed its financial aid; admissions, registrations, and transcripts; learning systems; and finances was hosted in a data center hit by the outage.
The university was working with a team from Dynamic Campus, a service provider on the mainland that would have ordinarily migrated the applications to Amazon Web Services to restore access. But this situation wasn't that simple. The island was relying on overtaxed generators for power, so they had hours without power—when maintenance couldn't be done. The team also couldn't get to Puerto Rico, as all flights were suspended, and remote communication was difficult due to the language barrier.
Yet, despite all these roadblocks, the Dynamic Campus team was able to back up and transfer the university's data securely, configure and install updated software, and get the students back to their coursework by October 16—just under a month after Hurricane Maria hit the island.
Dodge the dangers of unforeseen disasters
You probably think about hacking when deciding how to shore up your IT infrastructure to protect against disaster, with good reason. WannaCry, NotPetya, and other cyber attacks have wreaked havoc, prompting the US Department of Homeland Security to issue an urgent message on the importance of protecting critical infrastructure. But as Hurricane Maria demonstrated, disasters beyond cyberthreats lurk just beneath the surface.
Natural disasters, human error, and even cute critters, like raccoons, can destroy the hardware used to operate a company's systems. This downtime is more common than you may think—according to a Unitrends survey, more than a third of organizations lost one or more of their critical applications, virtual machines, or critical data files for several hours over the course of a year. Nearly one in five reported the same loss lasting over a period of days, and one in four said they lost most or all of a data center for an extended period of time.
On top of that, the cost of unexpected downtime is on the rise. A report from Invenio IT analyzed data from numerous sources and found businesses could lose between $926 and $17,244 per minute of an outage, factoring in loss of revenue and productivity, as well as recovery expenses and equipment replacement. In light of these costs, having an IT disaster recovery plan is a business imperative.
Prioritize what you need to protect
In a report for ITPro Today, John Savill suggests building your disaster recovery plan by first identifying each of your critical systems, as well as how long each one can be down (recovery time objective) and how much data can be lost (recovery point objective).
"It's important to have a realistic number for availability," says Savill. "The first inclination may be, 'It has to be available in 30 seconds and I can't lose any data,' but the reality could be to achieve that costs $500,000 a year, whereas a 15-minute downtime and 5 minutes of data loss would only cost the company $5,000 in lost revenue." In other words, be smart about your investments and realistic about what your company can afford to lose.
Defend your hardware
The Invenio IT report also asserts that nearly half (45 percent) of unplanned downtime in IT management is caused by hardware failure, ranging from server drives to faulty network switches.
The best strategy for mitigating even this unpredictable type of outage is to solidify a plan for replacing older hardware with updated and more secure infrastructure. Unprotected endpoints, like overlooked printers or copiers connected to your network, are particularly vulnerable, as everyone in the company uses them but doesn't realize how tied into the larger IT environment they are. Devices with embedded security features can reduce the risk of downtime much more efficiently than older models.
Find a trusted partner
Many IT management pros have migrated their data to the cloud to reduce the threat caused by earthquakes, water damage, or fire. At the same time, EdScoop reports that just as many IT leaders are hesitating because relying on cloud applications can put private administrative information at risk.
Finding a reliable and transparent provider can give those who are hesitant some peace of mind. "Trustworthy cloud-based storage providers have effective access control so that only authorized individuals will be able to retrieve data, and they should monitor access patterns to detect irregularities," the report suggests. "They should also use adequate cloud storage encryption and maintain data backups to ensure safe and reliable access."
Prepare for the unpredictable
In the case of Universidad del Sagrado Corazón, having a strong IT disaster recovery plan saved it. In the face of the worst physical disaster possible, as well as a lot of disaster recovery roadblocks along the way, the university still managed to get its systems back up and running in an impressive time frame.
You can't always plan for disaster. But you can plan to take some small steps that will help you get back on your feet when disaster strikes. By upgrading your hardware, partnering with trustworthy cloud providers and service teams, and developing a plan for what you'll prioritize, you can put yourself on the path to being resilient enough to weather any storm.