Earlier this year, the fire at the OVHCloud data centre caused widespread disruption and data loss for customers with servers hosted at the site. Many companies may have permanently lost data, impacting their business, a number of which appear to have been hosting their own physical servers or virtual private servers.

Some of these customers believed that data centres were so safe and secure that a disaster like this was impossible, but that in the event there was an issue, their data was being backed up as part of the service. Others were carrying out some form of backup or replication to servers in the same data centre.

What this means is that a complete loss of services can still happen regardless of where you are hosted and that responsibility for ensuring you can recover systems and data quickly falls to the customer.

There's still a belief amongst users of data centres, cloud and SaaS providers, that their data is secure, is backed up, and will come back online quickly in the event of a disaster. But many providers may only provide a 'reasonable endeavours' service to retrieve lost data - and it's not always prominent in the Ts & Cs. For this reason it's vital to know exactly what's being provided.

Without their own disaster recovery (DR) provisions, users of physical servers don't even need their data centre to be destroyed by fire to lose their data; server failure on its own could have caused this disruption and loss, or even some form of malware could compromise their service.

For many, a simple solution of off-site replication or backup to a cloud service, such as disaster recovery-as-a-service (DRaaS) or backup-as-a-service (BaaS) provided from another data centre, can minimise downtime and prevent data loss. The fact that their systems and data are being duplicated elsewhere provides assurance in knowing it's recoverable.

Until data centre providers offer backups as standard to customers, consider taking these six steps:

1. Consider what you deem to be a disaster. Some are satisfied knowing their data can be recovered from backup, even if it takes hours or days. Others cannot afford any downtime and need systems back online within minutes, even seconds.

2. Having servers and critical data within a data centre environment does not mean your systems are impervious to downtime or data loss. A data centre brings heightened levels of security and resilience, but it's still a building that can be affected by fire, flood and cyber-attacks.

3. Whatever solution you decide on to protect your data, ensure it's geographically diverse. A DR solution with an RPO (Recovery Point Objective) of seconds and RTO (Recovery Time Objective) of minutes is compromised if it's in the same data centre or a second location close by.

4. Big-name SaaS platforms, such as Microsoft 365 and Google Workspace, typically include some level of backup protection. But many of these 'backup features' are designed with the SaaS provider in mind and may not meet your needs. Watch out for ambiguous SLAs and missing features, such as granular recovery and flexible retention - critical for a good backup platform.

5. Ensure you have the knowledge and time to research the right DR solution for your requirements and build in tests regularly. While you can do this using internal resource, you get specialised expertise using a DRaaS or external partner to deliver data protection/recovery.

6. Many systems cannot be fully tested replicating a true disaster scenario due to the disruption it causes. By securing your data recovery/backup services via DRaaS or an external partner, you're likely to have inherent DR testing as part of the service with the ability to emulate a complete service outage without disruption.

Finally, do not assume your systems are protected, that your data cannot be lost, and your organisation can survive downtime with little or no business impact. An outage or loss of data can have a huge impact, not only in our ability to perform tasks, but also on the bottom line. NC