By Jean-Paul Bergeaux
Chief Technology Officer, SwishData
Mandates continue piling up for IT management at government agencies. There are so many mandates to comply with that agencies seem to pick the highest priority by which one OMB or another oversight group has asked about most recently. For that reason, I question: Who is paying attention to whether or not agencies are complying with disaster recovery (DR) mandates?
SwishData engineers and system architects run into all levels of existing preparedness or non-preparedness for disasters. Sometimes, there is a ‘compliance’ look to the design, but in practice no real recoverability from a disaster. Often, if there is a DR practice in place, it is rarely tested. Admins fear it may not work if it’s actually needed. Why is this acceptable when much of this government data is regarded as high-value?
The best agencies have true push-button hot sites at multiple locations that are far enough apart to truly be prepared for a disaster. A sterling example would be the Marine Reserves’ failover during Katrina. On the other hand, there are sites that hardly make backups because of tape failures, and the copies are kept at the same site as the production data. It’s frightening!
There has been lots of talk about cloud as the solution. However, often this means farming out the production data and hoping that the service provider has a DR plan without actually having a requirement to understand that plan. It’s a black box that just has to be trusted. Google and Amazon are prime examples. That’s not a solution — that’s piling on to the problem.
SwishData has focused on actual DR and push-button failover designs since the inception of the company. It’s actually what SwishData was founded on. Since then, we’ve added more parts to the solution, such as mobility and faster access to DR and remote sites. We’re paying attention.
The only people who seem to have a complete DR plan and design are the ones who do it out of their own core belief that it’s critical to their mission. Good for them. So maybe this is a self-serving rant, but who’s monitoring the rest of the data centers? Maybe no one is.
NEXT STORY: Review finds flaws with DISA's auditors