Learn About Our CCSK X CCSP Training Week

OVH Data Center fire is a wake-up call for owning your Disaster Recovery Plan

A fire occurred at the OVH Data Center in France earlier this week, which resulted in thousands of websites and services going down.

Thankfully, no one was injured but those whose sites were affected were left without answers or alternatives as the situation was brought under control and teams began troubleshooting.

OVH fire screenshot from video

As of today (March 11), OVH has yet to determine the cause of the fire and is continuing its efforts to do so, including the reserving of servers across other data centers for its affected users.

A statement posted on their cloud server support page makes it clear how serious the fire was:

“We are currently facing a major incident in our DataCenter of Strasbourg with a fire declared in the building SBG2. Firefighters were immediately on the scene but could not control the fire in SBG2.

The whole site has been isolated, which impacts all our services on SBG1, SBG2, SBG3 and SBG4. If your production is in Strasbourg, we recommend to activate your Disaster Recovery Plan. All our teams are fully mobilized along with the firefighters.”

Some lost data may never be recovered

The disaster has brought to light the issue of data backup and recovery, which many businesses and site owners are, in light of the fire and resulting damage control, taking for granted.

Some websites, such as Imagify, were transparent with their users but didn’t make it clear whether its data was recoverable or not:

Imagify tweet on the OVH fire

Others have openly stated that their data was gone for good:

Rust OVH fire update tweet

While it’s unknown at this time what data can be recovered, it’s clear that many websites have lost their data forever, leaving them and their customers understandably frustrated. OVH has yet to determine what data, if any, can be recovered from their cloud servers.

Have backups, will travel

Those users with backups are able to upload it to a new server and simply modify their DNS settings to point to the new server, thus restoring their services and getting back up and running.

Unfortunately, many of OVH’s customers do not have their own backups and thus their data may very well be lost forever.

This is a huge wake-up call for those who take their cloud hosting provider for granted by assuming that site outages and lost data are temporary because everything is backed up and all you need to do is wait until they hit the ol’ “restore” button.

As the fire points out, that’s a very risky, even dangerous assumption.

The importance of a Disaster Recovery Plan

If there’s a silver lining to be found here, it’s to remind those whose websites and digital services that rely on cloud hosting are ultimately responsible for their own data backups.

Hosting providers can’t guarantee that their own backups are 100% safe and secure, which means you need to own your data and plan for disaster recovery.

This isn’t to say that you shouldn’t trust in your hosting provider to do its job, but without having your own plan in place to restore your services, you’re left with rolling the dice should your host’s data center go down.

Your Disaster Recovery Plan should include:

  • Assigning a team responsible for ensuring daily backups of your data (in addition to the backups stored by your cloud host).
  • Having a plan in place to restore your services, including another cloud host you have already vetted and can utilize in as little time as possible.
  • Monitoring your cloud hosting status to ensure downtime can be addressed as quickly as possible.
  • Having a communication plan in place to provide regular updates to your users while your recovery plan is in motion.

If you’re using a Content Management System like WordPress or Drupal, ensure core and plugin updates are performed regularly to help minimize potential security risks. Much of this can be automated manually within the CMS.

Owning your data and having your own plan in a disaster means you can get back to business as usual and reduce the risk of both lost data – and lost customers.

Posted under:

Graham Thompson is an Information Security professional with over 25 years of enterprise experience across engineering, architecture, assessment and training disciplines. He is the founder and CEO of Intrinsec Security, a leading training company that is solely focused on delivering leading authorized IT security training from partners such as the Cloud Security Alliance, ISC2, ISACA, EC-Council and CompTIA.

CCSK | CCSP: The Industry’s Leading Cloud Security Certifications - learn more

Upgrade your Skills. Secure your Potential.

Our experts provide hands-on and on-demand training that helps IT and data security professionals meet today's cyber security challenges and prepares you for a successful future.

Training Schedule Contact Us