Week 3 Discussion Comments

W3 Discussion Comments

Testing the plan: Many of you were surprised that companies were not better prepared for disasters. The preparation can be very costly. Also, as you mentioned, the preparation can be next to useless if recovery procedures are not tested periodically. This testing can also be expensive. Sometimes business look at this expense and make a bad calculation on risk vs. reward.

In the future, you may be involved in making decisions about how much to invest in Disaster Recovery Plans and Drills vs. projects that could increase sales and profits. How much risk will you be willing to take? Will you be able to sell your point of view to the person that makes the decision?

Many of you mentioned file backups in this discussion. Another key aspect of disaster recovery is having a way to get in contact with the people in the company who will be involved in the recovery. In a major disaster, how can you find out which employees are still alive and uninjured? Not being able to find people who know passwords or know where recovery passwords are stored can delay recovery even if backup files are available. What procedures and lists would you setup in advance? Remember that the normal phone systems may not be working.

War Story: Never assume that automatic backups are automatic. In Tech Republic, there was an article where a consultant discovered that backups at his client had not taken place for two weeks because someone unplugged the external hard drive being used for backups in order to charge his cell phone.

Trade-offs: Estimating the time to recovery helps management understand the trade-off between cost and recovery time. Having servers off-site ready to go allows for a quicker recovery. This is expensive in terms of initial investment and requires that data and programs be frequently replicated to the "hot backup" site. It is a business decision to determine how to balance costs vs. the business need for a quick recovery. For example, could Dominican survive a one-week outage? (I would say yes). Could the Chicago Mercantile Exchange survive a one-week outage? (I would say they their reputation might not recover and they would loose significant business).

Chicago is not immune to disasters: Chicago has tornados and winds especially along the I-55 corridor. Dominican has a multiple week power outage in a past summer and made extensive use of all the backup generators.

What if you are not in the IT Department? Even if you run a department other than IT, you should determine how your department will operate under various disaster scenarios (no power for 2 days, fire in your department, flood keeps 75% of your workers from reaching the office etc.).

Professors and Backup One of you mentioned that Professors should be mandated to perform backups. To make this work, significant training, motivation and follow-up must be provided. It might be easier to mandate the use of OneDrive and forbid storage of any material in local storage on the professors' machines.

Interesting Disaster Scenario: What if your cloud storage provider (Google, Microsoft) confuses you with a person in a violent group and cancels your cloud account, stops accepting email for you, and deletes all of your data?

Personal Disaster Recovery (D3):

Personal disaster recovery planning also involves more than cell phone and hard drive backup. Depending in your situation, health insurance, disability income insurance, life insurance and home/renters insurance could also be very important.

Many of you mentioned using the Cloud for backup. Systems like Carbonite and Acronis True Image allow you to specify what files on your personal hard drive should be automatically copied to an off-site server. Other types of cloud personal backup include copying documents and files to Dropbox Evernote, Google Drive,or Windows OneDrive.

What would you do if you lost access to one of your cloud accounts? For example, what if someone got your Google id and password and used it to send spam or commit fraud. Google could then suspend access to your account and you would not have access to your documents and e-mail.

Cloud storage is not perfect: Just last year, the cloud provider Microsoft deleted a number of customer databases due to a technical problem. Microsoft recovered most of them completely but some customers lost a five minute window of transactions.

It's about more than theft: Many of you had good plans to recover from a stolen device. Could you recover from accidental deletion of critical folders considering that you cloud copy could be automatically updated to reflect your accidental deletion?

What about software? You should probably keep a record of licenses and software keys incase you have to reinstall software on a new computer.

*******Stop here unless you want to see details of some of my Disaster Recovery procedures**********

I use Time Machine to backup my MACbook (2 alternating drives stored in different locations). I use Acronis True Image to backup my main Windows machine -- both to external hard drives and to cloud storage. Finally, I have Acronis take a snapshot of my Personal One Drive every night. Also, everything in my Dominican One Drive is duplicated on the machine in my office and on my Widows PC at home. I use a VPN to encrypt all network communications when I am on the road. I store all passwords in an encrypted database managed by LastPass. I need a better plan for birth certificates, passports and other critical documents.

I backup North Shore Choral Society web/cloud files including the donor/member database to my One Drive every 5 to 10 days depending the the directory in which the file is located.