Is your Disaster Recovery Plan Based on Inaccessible Backup Data?

Every so often discussions arise outside the domain of disaster recovery plans, but that trigger thought-provoking questions. One recent example was about the extent to which backup tapes destined for DR were accessible or not for legal information discovery. This is the procedure whereby the databases of an organisation can be searched by the opposite side in court cases, the aim being to uncover evidence that, as the saying goes, “may be taken down and used against you”. Depending on jurisdictions, information archival tapes may be fair game, while DR tapes are not. But to what extent can data remain inaccessible to discovery without creating difficulties for the organisation itself?

Somebody with legal rights to search an organisation’s data may find it more difficult to access back-up tapes, because disaster recovery plans based on tape normally stipulate that such back-up data is stored in a physically separate location. If back-up tape storage and recovery is handled by a third party, then this adds to the complexity for any person external to the company to search such back-up data. In a sense, back-up tapes are already protected from information discovery procedures simply by virtue of their remote location.

What happens if organisations move to cloud computing, especially those who decide to use this medium for global data storage, applications, and backup? In situations where all of these items are held in the cloud, someone granted access to everyday organisational data and information archives held in the cloud may be “virtually” close to disaster recovery data as well. Whatever the rights or wrongs of accessing such DR data, there may no longer be any physical separator between the legally accessible and inaccessible – yet another angle to be considered when making a disaster recovery plan.