Spending Christmas week in Maui last year reminded me of the enduring impact disasters have, long after the event itself. Months after the Lahaina fires, on the Maui South coast and far from Lahaina, we met many people who had either lost property themselves or had family members still trying to piece their lives back together. As resolute and resilient and fiercely independent as the people of Hawaii are, it was easy to see the toll on businesses and people alike.

Disasters are rising and more businesses today must be prepared for disasters than a decade ago. Climate disasters are becoming more frequent and more potent. The year 2023 had the most billion-dollar-plus climate disasters than any other year, costing the US alone an estimated eighty-one billion dollars. Man-made disasters like cyberattacks from ransomware are also becoming more sophisticated, brazen, and routine.

Add to this, aging infrastructure that is more prone to failure such as the downed power lines that are a suspected cause of the Maui fires. There is also greater political uncertainty in many parts of the world today, with more wars erupting and lasting longer than a decade ago and a record number of governments in potential upheaval. In 2024, more than half the world’s population will go to the polls - 4.2 billion citizens across approximately 65 countries, according to Time.

fire_generic_July 2021_small.png
– LoggaWiggler, Pixabay

New age for disaster recovery planning

This led me to realize that while the threat and risk of disasters are growing rapidly, our data protection schemes have barely evolved. Most organizations think of backups as the core of their data protection strategy with some disaster recovery added in for the most critical data.

This strategy made sense when most of the world did not experience disasters and only some places like areas with a high likelihood of tornadoes or tsunamis had to worry about disaster recovery more routinely. A decade ago, a business had a greater risk of a user accidentally deleting data and needing to recover it from a backup than the likelihood of having to suddenly migrate a data center within hours because a war just erupted.

But in 2024, this is no longer true. Today, the frequency of disasters, the likelihood of disasters, and the potential impact of disasters have all increased substantially. Adding to this, 90 percent of our data today is unstructured – large, scattered, unwieldy, and expensive to manage and protect.

In 2024, our tried-and-true data protection strategies are all wrong. As a Gartner analyst recently remarked: “If backups are so great, why then has every company that has paid ransom had backups?”

This is because backups are not the most effective disaster recovery strategy. We now need to prioritize disaster recovery, and we need to find an affordable way to create DR for unstructured data that is separate from backups. We can no longer simply rely on backups as our primary means of data protection.

Today’s disaster recovery, particularly for unstructured data, breaks some historical rules:

  • Mirroring all data no longer works: Traditional disaster recovery strategies, especially for file data, involved creating an identical mirror of the storage architecture in a remote site. This like-for-like mirror was a feasible approach when data volumes were small, but at the size of today’s unstructured data, this is a huge expense that many companies find infeasible. Disaster recovery strategies need to be more nuanced and not require like-to-like mirroring and replication.
  • You must have some disaster recovery protection for all data: Given the high cost of disaster recovery, many organizations are silently choosing to not replicate increasingly larger volumes of unstructured data. However, this is a mistake as the exposure from disasters is climbing. All data must have some replication in the event of a disaster. Not having disaster recovery for some data is too risky.
  • Disaster recovery costs must come down as data grows: Unstructured data is growing explosively while budgets remain relatively flat. To have disaster recovery for all data, the cost of disaster recovery needs to come down significantly.

We need a tiered disaster recovery strategy

Needing to protect all data from disasters while bringing costs down means a one-size-fits-all disaster recovery strategy no longer works. A tiered disaster recovery strategy that does not require like-to-like replication takes into account that some data, such as unused cold data, can be replicated to a less expensive disaster recovery location such as object storage in the cloud. Creating a tiered data replication and recovery strategy ensures that all data is recoverable during a disaster but all data does not need to be instantly recovered with high performance.

We can adopt sustainable data management to lower risks

IT leaders can create more sustainable data management policies that reduce our carbon footprint by reducing how much resources we consume to store and protect data. This is possible by right-sizing data management vis-a-vis routinely identifying and deleting obsolete and unwanted data.

Maui reminds us of how our most cherished places are sadly also often the most fragile, and why planning for disasters is no longer a luxury but an imperative.

More in Security & Risk