In the wee hours of Wednesday, March 10, 2021, a fire destroyed or damaged four major data centers operated by OVHcloud, the French company that is Europe’s largest operator of cloud infrastructure.
The conflagration in Strasbourg in Eastern France took down millions of websites across Europe and Africa, including government agency portals, banks, retailers, news websites, and an estimated 2% of the entire .FR country domain. Despite a quick response, 100 local firefighters were neither able to contain the blaze nor identify its cause.
Backup needed for SaaS data
In addition to downed websites, many OVHcloud customers reported prolonged email outages and significant data losses. By mid-day, OVHcloud had notified major customers that they should activate their disaster recovery plans, and by evening, announced that two of the affected data centers would not resume operation until Monday, March 15, and a third would remain offline until Friday, March 19. The fourth appears to have been completely destroyed. The Strasbourg centers were among OVHcloud’s 17 data centers in France and 32 globally.
The horrific fire comes at a time when many companies and government institutions are moving more and more of their critical business processes and associated data to SaaS applications running on cloud infrastructure supplied by OVHcloud, Amazon, Microsoft, Google, and the like. And while big cloud providers are capable of fairly quick failover to and load-sharing with their other data centers, the outages experienced by OVHcloud’s customers show that, as a default, those providers do not assume responsibility for providing similar resiliency for applications and data. As a business, you may effectively outsource your data center hardware and operating systems to a cloud provider, but you still own the responsibility to protect your data.
Considering disaster recovery
The OVHcloud fire is a textbook example of the kind of natural or manmade disaster for which disaster recovery scenarios are designed. In an era of climate change, the probability of such events is going up worldwide, with droughts increasing the chances of wildfires, destructive weather events like tornados and hurricanes increasing in violence and frequency, and sea-level rise threatening increased flooding of coastal areas.
But those are not the only potential disasters that may lead to data loss or destruction. Increasingly sophisticated cybercriminal gangs mount hundreds of thousands of malware attacks per day around the world, many using ransomware to lock up company data forever if an extortion fee is not paid. Hostile state actors have mounted large-scale, sophisticated attacks on software supply chains and popular email servers that have the potential to bring down hundreds of thousands of critical applications.
The past year also saw a sharp rise in the number of data-loss incidents due to non-malicious configuration errors made by tech staffers. Many of these can be attributed to their inexperience with managing the cloud data stores that businesses hastily migrated to in the wake of the pandemic and surge in remote work. For many businesses, especially smaller ones, a disaster-driven outage of days or weeks is an existential threat to the business.
Final thought
The OVHcloud fire is a timely reminder that businesses of every size should revisit both their data protection and disaster recovery plans to ensure that they are adequately protecting their SaaS applications against downtime and the associated data against damage or destruction.
Modern DR offerings like cloud-based disaster recovery as a service now offer affordability and an attractive return on investment that were once only available to large enterprises.
