When organizations are hit by a disaster, they have the option of closing shop or cleaning up to recover. Those that chose to carry on face the recovery process. The disaster recovery process calls for a recovery site. These sites can be either cold, warm, or hot. Each has its own advantages and disadvantages. No matter the type of site, the recovery team pulls the most recent back-up of the organization’s data, loads it on the back-up site system and then brings the system up. Organizations must select the best option to suit their objectives. The factors influencing this decision include cost, time to recover, and recovery complexity.
Cold sites are the least expensive and often selected because of that. They take the longest time to get things up and run though. A cold site is, as the name suggests, cold. The back-up hardware that resides there is not running until needed and is not connected to the primary system for data transfer. The first thing the recovery team needs to do upon arriving at a cold site is get the hardware running. Then they have to load the data from a back-up. From there, they can restore the system to its last known state. Organizations with fewer online transactions than in-person transactions might find this option best for them.
Warm sites are more expensive than cold sites, but have less recovery time and effort. The hardware does not need to be turned on and the system will have a connection to the original. Some warm sites have data back-ups on site making the recovery process even faster. Warm sites are a great middle ground between the expense of hot sites and the long recovery time of hot sites. Organizations with primarily online transactions may consider this a good option.
Hot sites have the same hardware and network up and running as the original system. They serve as real-time data back-ups for the original. If a disaster hits the original site, it only takes a matter of minutes for all the functions of the system to be transferred to the hot site. Most customers would not even know the transition took place. Having duplicate hardware and data is a very expensive proposition. For organizations that are working in highly-time critical areas, the cost may be well worth it. Critical infrastructure organizations would fall into this category.
Like so many other things in cybersecurity, there is a trade-off involved and what works well for one may not for another. Each organization must determine its priorities for recovery in the face of a disaster and base their choice on those. These priorities should be reviewed periodically to ensure they still fit the organization.
So, how do you like your recovery site - cold, warm, or hot?
Comments