Mobile Menu
Back to Blog

Revisiting The Concepts of Disaster Recovery and Risk as Organizations Move Their Infrastructure To The Cloud
10/30/2019

Cybersecurity Association of Maryland, Inc.
The calculus for disaster recovery and risk management is changing. Most small businesses within the past decade would often keep many of their critical technology assets locally, perhaps in a server closet, or a centralized data center for multiple offices. They built their own “vault” of applications, databases, email, files, etc., often on a few physical servers they would be wholly responsible for maintaining and eventually upgrading or replacing. Most of them would care enough about these technology and data assets to invest significant sums in redundant servers, quick recovery backups and imaging solutions, security hardware/software as well as the physical infrastructure to support these products like power and air conditioning.

While there is still need for these physical solutions locally, it’s no surprise that from a return on investment perspective, moving these systems off to the cloud where the economy of scale for managing technology risks can often be simpler and cheaper. Why deal with the technical complexity and multiple investments of protecting, say, financial records locally when you can essentially outsource that hosting to a bigger company that can take on many of those responsibilities for you?

Concerns for Small Businesses

But the key phrase here is “many of those responsibilities.” We are making a trade here when we move to the cloud. There are new factors for protecting data and keeping our important technology available to us. Consider the example of financial records and a small business that uses this data as part of day-to-day operations. I would typically expect, before the adoption of the cloud (let’s say 2009), these kinds of systems locally, and for this exercise, I’ll list out a few potential concerns with the technology:

This is certainly not exhaustive, but for the purposes of this exercise, we’ll stick with these core technology functions.

Disaster Recovery Solutions to Consider

In 2019, I think it’s safe to say that the business functions represented here haven’t changed too much. Just because the technology around it has changed, it doesn’t mean we don’t need a CRM, for example.

So what kind of cloud-based infrastructure would I imagine being in place now for this scenario? Let’s come up with another list that runs in parallel to the previous points, but this time, we’ll discuss the changes in risk to consider to the small business. We’ll assume for this example we can move everything to the cloud even though that’s not always the case. Afterwards, we’ll revisit these infrastructure changes and how they changed our mindset on disaster recovery and risk management.

Evaluate Risk Management Plans

If it is not already obvious, when we made the changes to utilize the cloud for this example, it’s not that our risks were eliminated by getting rid of the onsite servers but rather that our risks changed. So when we make the move to the cloud, it is a good time to evaluate our risk management plans. Here are a few things that I would recommend this small business do after they moved to the cloud to deal with new risks.

Final Thoughts

Obviously, this is a huge oversimplification of the thought process behind a move from a traditional on-site environment to one in the cloud, but I wanted to use this blog as an opportunity to stress that changes in your IT infrastructure or other business changes are the time to revisit things like disaster recovery and other technology risks.

If you are concerned that maybe now is the time to change your environment, or if you feel like your risk management plans aren’t necessarily aligned with the way you work today, feel free to contact us to discuss the matter further. Thanks for taking the time to read and consider my thoughts on the matter!


About the AuthorBen Schmerler: Ben Schmerler is the Director of Strategic Operations at DP Solutions, an award-winning managed service provider (MSP) headquartered in Columbia, MD. Ben works with his clients to develop consistent strategies not only for technical security, but also policy/compliance management, system design, integration planning, and other business level technology concerns.

You can follow DP Solutions updates on LinkedIn or their website: www.dpsolutions.com.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc