Why you need disaster recovery planning (DRP)

by Hollie Croucher
As Client Services Director in ANZ, I'm here to make sure our clients receive the best support JAM can provide for their mission-critical applications and infrastructure.
Published on May 2024

Disaster recovery planning (DRP) is an itinerary for a journey you never want to make.

It’s the roadmap for getting your mission-critical applications online after a major event like a cyber attack, provider outage, or even a natural disaster.

In 2016, the Australian Census platform was subject to a DDoS attack (a network of compromised machines attacking a single target). The coordinated efforts saw the platform crash as millions of Australians inputted their data.

This was a system outage so serious that it led to a senate inquiry and an estimated bill of 30 million AUD.

More recently, Latitude Financial revealed they’d lost over 7.9 million Australian and New Zealand driver’s licence and passport numbers to a cyber attack.

In short, DRP is an essential part of any cloud infrastructure.

What DRP delivers

  • Minimise downtime – the difference between minutes and hours can be the difference between thousands and millions lost; between a minor inconvenience and a complete reputational crisis
  • Protect your data – outages can have terrible consequences for anyone in highly regulated and compliant sectors. HealthTechs, LegalTechs, and FinTechs need robust data protection
  • Protect your revenue – outages are financial burdens over and above the direct impacts of downtime. There are extra costs associated with loss of business continuity as well as the fines and legal penalties that come with non-compliance
  • Ensure peace of mind – knowing you have a robust plan in case of disaster lets you move forward with confidence

Which disasters should you be prepared for?

Here are the most common scenarios requiring a robust DRP:

Cyber attacks

Cyber attacks are a common way for malicious actors to compromise your systems. The two most common are:

  • Ransomware attacks: attackers may gain administrator access to your account via phishing and privilege escalation, deploy ransomware to encrypt data, and may even delete resources
  • DDoS attacks: as in the case of the Australian Census platform, malicious actors aim to overwhelm systems with phony requests

 Internal issues

It’s surprisingly common for both malicious actions and simple human error by employees or contractors to lead to serious outages. This can mean:

  • Intentional deletion: a disgruntled employee intentionally deletes resources or the entire account
  • Accidental deletion: an authorised user accidentally runs a script that deletes resources and backups
  • Misconfiguration: an employee improperly configures systems or applications, leading to vulnerability to attack or directly causing an outage

Force majeure

The cloud is not entirely abstract. Data centres have to live somewhere, and they’re not immune to the laws of nature:

  • Earthquake: seismic activity can damage physical data centre facilities or disrupt power and networking services
  • Flood: water damage from flooding impacts server operations and data integrity

How Just After Midnight can set up a robust DRP strategy

We prepare you for a range of scenarios in which your production account is compromised or the account and resources within it are deleted.

By following our tried-and-tested 6-step process below, we’ve ensured the timely return to business as usual for global brands’ mission-critical applications.

  • Consult with your Just After Midnight technical account manager to initiate the process of building your disaster recovery plan (DRP), including a playbook for the scenarios in which the account and its resources become unrecoverable
  • After your playbook has been created, we’ll run a full disaster recovery exercise to test it – including the provisioning of a new account to provide business continuity
  • Anything not go as planned? We iterate based on our live exercise
  • Your infrastructure team, internal IT team, application team, and all relevant stakeholders are briefed on your final disaster recovery plan
  • Check your plan is robust by having an external third party run the DRP exercise
  • Schedule regular disaster recovery exercises at 6-12 month intervals to keep your DRP up to date

How we can help 

Consult with your technical account owner about disaster recovery. Make sure you’re prepared for a rainy day!