React and Recover: How Agencies Can Mitigate Risk with Better Data Management Practices

If the last year and a half taught IT leaders anything, it’s that unprecedented events can happen at any time. Whether a global health crisis, a ransomware attack or a natural disaster, organizations must ensure they have the technical infrastructure in place to carry out operations amid these unexpected events. 

This sentiment rings especially true for government agencies. While many consumer-facing organizations can get away with a delay in service, the government isn’t afforded that luxury. Constituents rely on government organizations to serve their needs quickly and effectively — especially during a crisis. 

But we live in an imperfect world, and threat vectors like human error, natural disaster, network failures and software vulnerabilities can cause downtime across an enterprise, often preventing government organizations from effectively serving citizens. While IT teams can’t necessarily predict these events or prevent them, a disaster recovery plan can help them prepare for the worst-case scenario. 

Understanding the Importance of Disaster Recovery 

There’s never been a more critical time for agencies to prioritize disaster recovery initiatives. 

“In this day and age, with so many cyber and ransomware attacks, agencies need to make sure they have their data backed up and available,” says Jim Cosby, deputy chief technology officer for federal civilian and public sector partners at NetApp. 

Drawing on more than 30 years of technical experience, Cosby helps government customers understand where their data is and where it needs to be, by incorporating storage efficiency solutions to contain costs and reduce consumption of capacity. Over the course of his career, he has witnessed firsthand how these threats have evolved. The dark reality, he explains, is that today’s threat landscape is more dangerous and complex than it has ever been. 

“Today’s cyberattackers are hacking into your organization, encrypting not only your primary data, but also the backup copies of your data,” he explains. “In many cases, they then demand payments in cryptocurrency if you want to get your data back.” 

Take the 2017 WannaCry ransomware attack, for instance. The WannaCry cryptoworm inched its way into over 300,000 PCs, then charged victims $600 worth of bitcoin to return the stolen data. 

More recently, JBS, the world’s largest meat processing company, paid $11 million in ransom to cybercriminals after being forced to pause operations at 13 of its plants. 

These incidents could have been avoided, or at least easily mitigated, had users backed up their data. 

But for government agencies, there’s more at stake than meat or money. 

“In civilian government, this data and information that’s being stolen might be medical care or life-saving technology,” Cosby explains. “The Defense Health Agency, Department of Health and Human Services, Centers for Disease Control, Veterans Affairs — all of that is critical for life-saving care. You don’t want to lose that data because those are people’s lives on the line.” 

Agency Spotlight: DOD and VA Make Strides Toward Better Data Management 

A number of federal agencies have already successfully implemented these disaster recovery initiatives. 

The Department of Veterans Affairs, for example, recently adopted the VistA imaging system, which provides VA hospitals around the world with an enterprisewide paperless electronic health record. The system captures scanned documents, motion video and clinical images, and then incorporates them into the patient's electronic record. 

The program is powered by an object storage imaging technology that replicates VA patient data and provides this information to its network of providers. Now, when a veteran enters a VA hospital, providers and administrators are equipped with the information they need to quickly treat them. The VistA imaging system not only creates a seamless patient experience; it also offers a digital alternative to VA’s historically paper-driven record systems, ensuring patient data is accessible in the event of a disruption. 

Meanwhile, the Defense Department is also enhancing its data management capabilities, having deployed more than 1,000 systems in remote, tactical locations to capture, store and process data. 

“The data lives in everything from ships, aircraft and submarines to Humvees and military vehicles,” Cosby notes. “It is then replicated back to a central location so it can inform military leaders as they make larger decisions.”

The Key Ingredients for a Successful Disaster Recovery Plan 

To ensure continuity of operations amid these types of unprecedented events, agencies must develop a comprehensive disaster recovery plan. Cosby notes there are a few key steps every agency should follow to ensure long-term success. 

1. Assess and identify current operational components. How essential is one part of your operations versus another? Define critical parts of your operation and differentiate those from less essential components. What data and documentation are necessary to the continuity of your organizations? What information is less critical? 

2. Determine disaster scenarios and impact levels for each operational component. Develop an “if-then” scenario to determine the impact of a system disruption on each aspect of your operation. For example, “If system A shuts down, how will that impact systems B and C? What implications will these disruptions have for citizens? What about employees and partners?

3. Create a backup and recovery plan for each required component. 

4. Develop a communications strategy for each component and function. Disseminate information in an organized and controlled manner that helps people respond to the situation as opposed to causing panic or concern.   

5. Test your plans to make sure they work before implementing them across your organization. 

Of course, this disaster recovery plan may vary depending on the agency’s mission and existing processes.To effectively tailor this plan to meet these specific needs, IT leaders should ask the following questions: 

• Where does the data reside today and where does it need to be?
• How much data actually exists?
• What time and budget constraints should be considered?
• Is there technology in place to effectively manage and protect this data?
• What security and compliance measures are being taken to protect sensitive data? 

“There’s a reason people are saying ‘data is the new oil,’ because it really is the thing that’s driving value for an organization,” Cosby says. “It doesn't matter what applications or servers you have, if you don't have data, you won’t have the tools you need to make informed decisions. That data is worth protecting.” 

Learn more about how NetApp’s Data Fabric can help your organization implement a successful disaster recovery plan.