Arraya Insights | March 17, 2021
An IT nightmare scenario came to life last week after a fire tore through a data center complex in Strasbourg, France operated by European cloud giant OVH. All told, the disaster took more than 3.5 million websites offline, including those of banks, government agencies, and beyond. Luckily, no one was injured in the blaze, which destroyed one of four data centers housed at the site, damaging one other. However, at least one organization reported complete regional data loss, tweeting seven words bound to send chills down the spine of any IT pro: “Data will be unable to be restored.”
Those words were typed by Facepunch Studios, developer of an online survival game. The company slowly got back online during the latter half of last week, but acknowledged game progress had to be reset for some users due to the destruction of its OVH servers. Other organizations, like Algeria’s Trust Bank, saw their website outages drag on as they waited for power and normalcy (or some version of it) to return to the campus’ remaining data centers.
In the wake of this disaster, here are three questions every organizations should be asking their cloud providers (and themselves):
- “What physical security safeguards do you have in place?” A detailed accounting of a site’s safety mechanisms likely won’t be forthcoming. Yet, it’s good to know at least at a high level what a provider is doing in terms of fire suppression, access restrictions, etc. For its part, OVH does apparently have security personnel always on site, something that could potentially have sped up emergency response times. Meanwhile, it never hurts to turn that investigative eye inside, reviewing your in-house physical security systems and procedures. This will take on added significance as organizations begin bringing more teams back on site.
- “Where specifically is my data going to live?” Diversity is always a good thing and regional diversity when it comes to the cloud is certainly no exception. What took place at OVH’s Strasbourg site is a good example of the risks faced by those who put too many eggs in one regional cloud basket. Instead, your organization would likely be better served duplicating data across multiple cloud regions. Cross region resiliency ensures that, in the event of an outage, you wouldn’t end up in a scenario where your site goes offline for hours on end or user data must be reset.
- “What’s your disaster recovery plan? Is it up to snuff? How do I know?” This one is cheating a little bit since it’s three questions rolled into one, but they are all connected. Wherever data resides, all organizations (and their cloud providers) need a disaster recovery plan. In the event of a worst case scenario, be it cyber or physical, you need to know that you will be able to get your operations back to the status quo quickly and with no data loss. Further, it’s not just enough to have a plan in place. It must be routinely tested to ensure it performs as expected and that team members know how to execute it. These are questions you’ll want to have answered regardless of where your data calls home.
Next Steps: Prepare your organization for a ‘worst case scenario’
Accidents are going to happen. While it’s impossible to fully eradicate risk, organizations can take steps to lessen the impact of such events. Arraya can work with you to protect your resources onsite, in the cloud and everywhere in between. Our team can help you audit the security and availability of your current data center and/or cloud environment and recommend the tools and tactics you need to close any gaps.
Arraya’s team can help you design and walk through a fully customizable worst-case scenario. Our Incident Response Readiness Discovery Session will stress test the response mechanisms you have in place to ensure your plan is fully ready and optimized for real world threats.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.