Episode 59

Building a Resilient Disaster Recovery Infrastructure

The latest disaster recovery statistics reveal that modern businesses still face costly interruptions due to a variety of threats, ranging from ransomware attacks to sudden hardware failures. The monetary costs of disasters and outages can be significant. According to results from Uptime Institute's "Annual Outage Analysis 2023" survey, 25% of respondents reported that their latest outage incurred more than $1 million in direct and indirect costs. In addition, 45% reported that the cost of their most recent outage ranged between $100,000 and $1 million. Another research report reveals that just over half of organizations have disaster recover plans and around 7% of organizations never test their disaster recovery plans. It was a real pleasure having Sagi Brody, Co-Founder and CTO at Opti9 on the podcast to shed light on the various aspects of disaster recovery and how to do it well.


Time Stamps


00:02 -- Introduction

00:54 -- Disaster Recovery Statistics and Guest Introduction

03:08 -- Guest's Professional Highlights

04:40 -- Overview of Disaster Recovery

09:12 -- How do you ensure that the disaster recovery infrastructure does not become the next security incident?

11:51 -- Disaster Recovery Best Practices

15:23 -- Around 7% of organizations never test their disaster recovery plan. Why is that the case? Why wouldn't organizations want to ensure that whatever they have documented whatever they have planned actually works?

19:49 -- How effective are tabletop exercises in the context of rehearsing for disaster recovery? Should organizations be doing more than tabletop exercises?

22:09 -- Disaster Recovery and Outsourcing

25:09 -- Final Thoughts

Memorable Sagi Brody Quotes/Statements

"When you think of backups, I like to think of the word RECOVER. When you think of disaster recovery, I like to think of the word RESUME, you're not restoring data, you're resuming your business operations after a disruption."

"I think one of the biggest mistakes that people make is they sort of build their entire production infrastructure, or their application, get it all up and running, make it perfect. And then later on, they want to focus on disaster recovery."

"Imposing disaster recovery strategy on an already built, let's say, application is much more difficult than having resilience be part of your thought process as you go along building your production environment."

"We need Runbooks (or Playbooks) for what we do during a disaster. Not only that, but we need Runbooks for different types of disasters. If we need to fail over one application versus our entire environment, we need a separate Runbook for testing."

"Today, a lot of people have their applications highly integrated with third party SaaS platforms. So let's be sure that when we test our disaster recovery infrastructure, we're testing the applications, we're not poisoning our production data sitting somewhere else inadvertently."

"You have to be super careful when making decisions on what platforms, what vendors, what software you're using to build your applications and your infrastructure. When you make those decisions, you have to weigh them against your resilience framework and your security framework."


Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

Preventing Security Breaches Must Start at the Top

Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic

Latest Webinars:

How can brands rethink data security to maintain customer trust?

Cybersecurity Readiness in the Age of Generative AI and LLM

Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

Listen for free

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.