Disaster Recovery Journal Winter 2025

versus the reality of how quickly IT can reconstitute those platforms. When business stakeholders were asked about the resilience expectations of their underlying it systems, they revealed what most IT leaders might consider a daunting challenge: n For high priority workloads, 68% of business leaders expect the IT services to resume functionality within four hours and 97% expected resumption within one day of a disruptive event. n For normal workloads, only 16% expected the same four-hour resilience, but 67% still expected the rest of the IT systems to be running within one day of disruption. For a “typical” natural disaster, it might be reasonable to presume the higher priority (smaller percentage) of IT systems could be brought online within one day, courtesy of either a secondary data center or the use of disaster recovery cloud services. While most organizations

do not have enough secondary infrastructure to reconstitute “the rest” (i.e., the non-high priority) of the IT systems, a cloud infrastructure delivered through a managed service (e.g., disaster recovery as-a-service or DRaaS) could conceivably reconstitute a significantly higher percentage of systems closer to the business expectations. That said, recovery from a cyber-attack such as encryption immediately break most recovery expectations. When recovering from natural disasters, the secondary copies, backups, or replicas, are considered to be valid up until the disruptive event. So, the only challenge is in rapid recovery at scale. For cyber recoveries, the orchestration of rapid recovery at scale is the same, but that process cannot begin until the breach has been stopped and a safe or “clean” copy of the data can be identified; which for too many organizations is an overly manual and imprecise task. Once the clean data has been identified and a clean environment

has been prepared to recover too, then the typical IT DR recovery at scale process can begin. Unfortunately, according to the IT participants within the survey, the average large-scale recovery (not including the time to identify “safe” data) is expected to take 2.6 days: far exceeding the business expectations for resilience. HOMEWORK: Ask your IT infrastructure and cybersecurity teams: 5. If IT needed to recover a significant number of platforms due to a natural disaster, what is our secondary 6. Considering cyber restorations as a superset of an IT natural disaster, what are the processes and timelines for identifying clean data before the secondary systems can begin recovery? ttt This article, the first in a three-part series, is meant to help you create new conversations perhaps by asking hard questions. While the author does not work for a vendor or service provider, he does cover technologies and platforms which can address some of the IT challenges and by extension of the business processes described. Some 502 resilience leaders and professionals were surveyed during the summer of 2025 on a variety of topics related to organizational resilience. Each of the survey respondents had a primary responsibility in either business continuity, disaster recovery, crisis or emergency management, or cyber-preparedness. v infrastructure plan and how long before it would have systems coming back online?

Jason Buffington has more than 35 years of experience in the IT disaster recovery space. He has been a CBCP since 2003, spoken at hundreds of DR and IT events over the years, and published in numerous

periodicals and blog sites. Buffington is the founder of Data Protection Matters, an independent analyst firm that covers data protection, cyber resilience, BaaS & DRaaS, and BC/ DR. Outside of BC/DR, he is an active volunteer leader in Scouting America; “Be Prepared” is their motto too. For more information on the research topics and methodology, please visit https://DataProtectionMatters.com/OR26.

20 DISASTER RECOVERY JOURNAL | WINTER 2025