I’m in the fortunate position of living in a region of the world that’s relatively free of natural disasters. We’re reasonably geologically stable, the nearest fault lines are the Great Rift Valley and somewhere in the Antarctic ocean. We don’t get tornadoes, we’re a long way from the ocean (and Madagascar partially protects the coast from typhoons and tsunamis)
Given that, and looking at the recent events in Japan and Southern USA, local IT managers might be grateful that their critical infrastructure is here, not there. But that is no reason for complacency, no reason to ignore putting a disaster recovery plan in place.
Major huge national disasters, while they attract a whole lot of attention (and rightly so) are probably not the main cause of IT disasters. IT disasters, for the most part, are likely to be caused more by smaller events like these1
- A drive in the RAID 5 array fails, and the SAN admin switches out the wrong drive.
- A SAN controller fails and overwrites a LUN or 2 with binary garbage.
- The server room floor collapses dumping the SAN 2 floors down into a garage, with the server on top of it.
- A water leak a floor above the server room results in the UPS getting a shower, and the resultant power surge fries the servers’ main boards
- A developer with far too many permissions truncates an important table on the production server, thinking he was working on the development environment.
- The mains power fails but the generators don’t come online because their fuel was drained a day earlier in preparation for maintenance.
Events like those (or probably even more mundane events) are the ones that we need to plan for. Relatively minor disaster that can leave business without critical infrastructure or critical data for hours or days.
You need to plan for the small disasters as well as the large ones. Plan for the dropped table. Plan for two drives failing in the RAID 5 array. Plan for the server’s power supply failing. Plan for the big disasters too, just don’t think that they’re the only thing that endangers your data and your business.
(1) I’ve personally seen 3 of those events happen, I’ve heard from people who have seen two more and I know of a company that’s at risk of one. They’re not just made-up improbably occurrences.