Think Cloud, Re-Think Disaster Recovery

    Aug 27, 2013
    Untitled Document

    Whether you are thinking about moving to the cloud or have already made the jump, add business continuity to the list of things to consider. Using the cloud for even the most basic purpose of backing up data could significantly improve your organization’s ability to recover from a disaster.

    While most large companies have a backup strategy, many are not sending their data offsite, or they are not sending it far enough offsite to mitigate geological or meteorological risks, said Richard Cocchiara, chief technology officer and managing partner of consulting for IBM’s Business Continuity and Resiliency Services, in a recent Network World interview.  “Cloud gives them the ability to store data someplace remote, store it online, and to typically recover faster than from tape,” he said.

    Companies that have sophisticated disaster recovery architectures and strategies also may benefit from the cloud from a financial and control perspective, Cocchiara added. They can test cloud disaster recovery more often, for example. However, organizations must also address the issue of integrating processes, architecture, and the reporting necessary to demonstrate to auditors they have this capability. 

    Small and medium-sized businesses (SMBs) typically don’t have a sophisticated recovery or business continuity strategy in place. The cloud levels the playing field for SMBs that may not otherwise be able to afford the same protection as larger companies. Smaller companies also typically don’t have secondary data centers; they rely predominantly on tape backups that they tend to store locally. Using the cloud enables them to back-up data or replicate servers to a remote site and network to the remote site when there’s a disaster, giving them the same capabilities as large companies.

    Cocchiara reminded all companies, regardless of size, to make sure their business continuity plans are among the documents stored in the cloud to ensure that they are accessible in the event of a disaster.

    “I know it seems like a nit,” he said, “but you’d be surprised how often business continuity plans are lost in a disaster. Those plans are critical and if they’re stored on a system in the primary center, how are you going to run the recovery if you can’t get to that system? The cloud gives them the ability to store those plans and the notification scripts on a server they can access from their laptop anywhere they can access the cloud, like a Starbucks. And for a business continuity manager that’s critical to their success.”

    These tips provide an excellent starting point for information governance professionals. To complete the picture, ARMA International draws attention to additional factors that must be evaluated:

    • Assess organizational needs. It’s advisable to take a broad organizational perspective when crafting an agreement for cloud services. A variety of cloud architectures is available – public cloud, private cloud, hybrid cloud. Organizations should understand both the benefits and the risks inherent in each of these architectures and determine which infrastructure best meets their needs for storage, access, and responsiveness to requests for litigation actions.
    • Evaluate possible risks and take mitigation steps. Shortly after assessing your organization’s overall needs for both disaster recovery and routine business operations, determine what areas of the vendor storage agreement need to be addressed to ensure that your information: is properly protected; is readily accessible when needed for either routine business or emergencies; and will be disposed of when it has met its retention period. Also, consider any other operational areas that deserve additional attention. This is not to discourage organizations from using cloud services, but to prevent unintended consequences.
    • Determine how cloud storage fits in with the IT strategy. Chances are that IT is already moving toward cloud storage for routine business operations, either for only certain types of records or as a full-scale transition. Cloud storage is not only about achieving additional flexibility for IT departments and relieving the costs of storage and maintenance of in-house IT operations. Information governance professionals should understand the overall IT strategy to ensure that fully informed, appropriate decisions regarding the organization’s records and information are considered.

    A handy checklist of considerations in moving toward cloud storage can be found in ARMA International’s Guideline to Outsourcing Records Storage to the Cloud. ARMA also offers publications that can assist in identifying records required for disaster recovery and business continuity (Emergency Management for Records and Information ProgramsandVital Records Programs: Identifying, Managing, and Recovering Business-Critical RecordsANSI/ARMA 5 – 2010) and evaluating risks associated with managing records and information (Evaluating and Mitigating Records and Information Risks). All of these publications are available through ARMA’s online bookstore at

    © 2017, ARMA International