Disaster recovery is not an option
Image: Benjamin Lehman/Unsplash

Disaster recovery is not an option

Protocol Enterprise

Welcome to Protocol | Enterprise, your comprehensive roundup of everything you need to know about the week in cloud and enterprise software. This Thursday: how two incidents this week reminded us that backups are worth their weight in data centers, what the COVID-19 bill will do for enterprise tech and the amazing staying power of Microsoft Excel.

(Was this email forwarded to you? Subscribe here.)

The Big Story

Up in smoke

This week served as an unfortunate reminder for a lot of companies that backups and disaster-recovery plans are not "nice-to-haves" in the modern economy.

First it was the massive Exchange hack, which has compromised tens of thousands of email servers that, even in the Slack and Microsoft Teams era, are probably how most companies run their businesses. And then another nightmare scenario unfolded Tuesday night when a data center at OVH, the European cloud provider, caught fire and was destroyed, forcing it to shut down all activity in its Strasbourg, France region.

Enterprise tech customers can't control security flaws in the products they buy, and they certainly can't control fires at remote data centers. But they can control how they manage and protect their corporate data and user data, both of which are priceless.

The Exchange hack is expected to get very real in the next several days: Security experts believe that the hackers behind the exploits will activate back doors placed on those servers before Microsoft was able to release a rare out-of-cycle patch for the flaws.

  • Even if Exchange users find and disable one of those back doors, there might be several more: CISA released a list of tips for companies running their own Exchange servers to use to try and contain the damage.
  • However, "companies whose Exchange servers give way to even a remote chance for spying should probably rebuild their mail servers completely. The web shell is simply the first of many possible backdoors the attacker might have installed," argued Nicholas Weaver of the University of California, Berkeley.
  • However, that might require them to restore a backup that predates the exploit, which could cause problems for weeks or months of emails.

But the solution here isn't just to migrate to the cloud. You'd be forgiven for wondering: Why would anyone bother to manage their own Exchange server, when you can just let Microsoft or Google run them? But things can go wrong in the cloud too.

There are lessons here for all enterprise customers. OVH is a niche player in cloud computing, even in Europe. But disasters — natural or man-made — will happen at large buildings that consume incredible amounts of electricity, and security events like the Exchange flaw will happen much more frequently.

  • Companies that need to protect vital customer data, or remain online no matter what, need to build their applications around multiple regions, or at least across availability zones offered by major cloud providers to limit the fallout from any one disaster.
  • Moving email to the cloud will solve a lot of security problems, but it's a big project that needs careful planning, not a panicked rush job in the wake of a hack.
  • In a real-time world, nightly backups and monthly patch cycles probably won't cut it.
  • Regulators can help here by reexamining the type of data that needs to be kept on-premises in certain industries, and whether or not cloud solutions offer sufficient protection.

Disaster recovery can't just be a document that sits in some untouched corner of a Google Drive only to surface during a frantic search amid a crisis; it needs to be a core part of every company's IT strategy.

  • Build an easier-to-use, mostly-foolproof corporate backup and recovery system, and enterprise customers (not to mention venture capitalists) will beat a path to your door.

— Tom Krazit



Section 230 of the Communications Decency Act is the most-discussed and least-understood law governing the modern internet. This event will delve into the future of Section 230 and how to change the law without compromising the internet as we know it. Join Protocol's Emily Birnbaum and Issie Lapowsky in conversation with Senator Mark Warner. This event is presented by Internet Association.

RSVP for this event.

This Week On Protocol

Cashing in: The passage of the COVID-19 relief bill this week will see about $1 billion flow into the Technology Modernization Fund, which does exactly what you think a fund with that name would do. It's a smaller windfall than hoped for by both the tech industry and government reformers, according to Protocol's Emily Birnbaum.

Broken records: Last week, Microsoft CEO Satya Nadella said cloud computing was at "peak centralization," predicting that cloud services are headed for balkanization over the next several years. Protocol's Anna Kramer reports that Brewster Kahle and the Internet Archive are also worried about this trend, which could make it much harder to accomplish the organization's mission of preserving as much of the web as possible.

Five Questions For...

Hubert Palan, Founder and CEO of Productboard

What's the best piece of advice you could give to someone starting their first tech job?

Make sure to understand the technology, but realize that even more important is deep knowledge of customer needs. Learn about psychology and nurture your empathy.

Pick one piece of consumer or business software (that isn't sold by your company) that you can't live without.

My whole house runs on Google Home and I enjoy the convenience and control over all aspects of our household (even though usability could be much better!).

What was the first computer that made you realize the power of computing and connectivity?

My mom was a developer and in the late '80s, together with three other families, we bought an IBM PC AT knock-off and I dialed into the first [Bulletin Board Service]. This was before the World Wide Web was invented. It was magical.

What was the biggest reason for the success of cloud computing over the past decade?

Cloud computing eliminated high entry barriers into the software world. The cost of building a software service declined dramatically and modularization eliminated the need to build everything from scratch which further sped up software delivery times.

What will be the biggest challenge for cloud computing over the coming decade?

I expect regulatory challenges for the dominant players. I foresee heightened competition and fragmentation of services with specialized services for every little niche. I am curious how humanity will be able to adapt to the constantly accelerating rate of innovation.

Around the Enterprise

Correction: Salesforce is subleasing space in a building near Salesforce Tower, not in the tower itself. The story was updated March 11, 2021.

Thanks for reading — see you Monday.

Recent Issues