What "Next-Gen Disaster Recovery" Actually Means
Traditional disaster recovery was built around hardware failures and natural disasters. Today's threat landscape demands something broader: cyber resilience.
Cyber resilience is not a product. No single vendor can sell it to you. It is a capability built by layering multiple disciplines — security hardening, data protection, resilient networking, identity controls, and practiced recovery plans — that work together to help your organization absorb disruption and recover faster. ANM aligns this to four core goals drawn from the NIST and MITRE frameworks:
- Anticipate — Reduce the likelihood of outages and limit blast radius through security hardening, segmentation, identity controls, monitoring, and data protection.
- Withstand — Keep critical systems functioning during an incident using high availability, redundancy, isolated management planes, and quick action plans.
- Recover — Restore services safely and quickly using clean recovery environments, validated backup data, and practiced orchestration.
- Improve — Treat resilience as a continuous program: test regularly, train your teams, run tabletop exercises, and build a formal risk register.
The critical insight: cyber resilience is built, not bought. Organizations that set it and forget it will discover (at the worst possible moment) that their plans are four years out of date and reference systems they no longer run.
Layer 1: Build a Secure Foundation First
Resilience starts with the "boring" work, foundational IT disciplines that organizations consistently struggle to execute well, yet deliver the highest return when done right.
Lifecycle & Vulnerability Management
You cannot protect what you do not know exists. A complete inventory of systems, software, and data is the starting point not just for security, but for data protection and DR planning too. Patch cadence matters across your entire infrastructure, not just servers. One organization ANM worked with experienced outages during every patching cycle for four years because their engineers did not understand the interactions between systems. They had never documented what was failing or mapped the dependencies.
Patching is also a low-risk opportunity to identify single points of failure. Use those deliberate maintenance windows to map weaknesses before an attacker finds them for you.
Management Plane Isolation & Identity Controls
Most attackers are not breaking in — they are logging in. Compromised credentials give threat actors direct access to the management interfaces of storage arrays, hypervisors, and backup systems. Protecting these requires two things:
- Segment the management plane from user traffic using dedicated network segments, secure jump boxes, or isolated VLANs.
- Enforce MFA on every infrastructure system that supports it. If a storage array or backup platform does not support MFA, it is time to upgrade.
- Separate authentication domains where possible — isolating infrastructure administration into its own AD forest significantly reduces the blast radius of a compromised user account.
- Implement multi-user authorization for destructive backup operations, so a single compromised admin cannot delete retention policies or wipe backups.
Layer 2: Cyber-Resilient Data Protection
Data is the one thing you cannot recreate. You can rebuild servers, reconfigure networks, source new hardware. But ten years of historical operational data, if it is gone, it is gone. Modern data protection must be designed to survive both accidental deletion and targeted ransomware attacks.
The 3-2-1 Rule — Updated for Cyber
- 3 copies of your data
- 2 different types of media (do not store all copies on the same vendor platform — a single compromise could take them all)
- 1 copy off-site — cloud object storage (Azure, AWS, Wasabi) makes this far more accessible than rotating tapes ever was
At least one copy — ideally both the on-premises and cloud copies — should be immutable: protected such that no admin or attacker can alter or delete it within the retention window. This is your last line of defense when everything else is compromised.
What Good Backup Platforms Do in 2025
Modern platforms have moved well beyond simple data copies. Look for these capabilities when evaluating your current solution:
- Anomaly detection — flags unusual encryption rates, mass deletions, or abnormal record changes that may indicate ransomware in progress
- Data classification — automatically identifies PII, HIPAA, or PCI data so you understand regulatory exposure after a breach
- YARA file scanning — allows incident response teams to scan backup snapshots for known malware indicators to find the last clean restore point
- Granular recovery — restores at the object, VM, volume, or application level, not just full-system restores
Cyber recovery is fundamentally different from traditional disaster recovery. When ransomware has been in your environment for weeks before detonating, the answer is not to restore the most recent backup as it may be infected. The goal is to identify the latest clean copy and restore in sequence, then clean and validate the environment before returning systems to production.
Layer 3: Resilient Networking
Having clean data and hardened infrastructure is only useful if you can reach your systems during a disaster. Network architecture failures are one of the most common DR gaps ANM uncovers.
One large Colorado county believed they had two resilient data centers. An ANM assessment revealed a single firewall pair stretched between two building, effectively one logical data center in two locations. When a power failure took down one building, both sites went dark simultaneously, taking the sheriff's office and jail management systems offline.
Resilient networking requires:
- Diverse connectivity with no single points of failure across WAN, cloud, partner, and internet paths
- Routing designed for fast, clean cutover — so failover does not require manual reconfiguration under pressure
- Separately managed routing at DR sites so each site can operate independently
- Automated failover testing so you know paths work before you need them
- Out-of-band management access (cellular, dedicated management networks) so you can reach systems even when the primary network is down
Layer 4: DR Planning — From Quick Action Plans to Full DR Programs
A DR plan that no one has tested, that references systems you no longer run, is worse than no plan as it gives a false sense of security. Planning must be a living program. Here is how ANM recommends scaling it to your budget and maturity:
Start Small: Quick Action Plans
Even if you cannot fund a full DR program today, every team can build quick action plans: documented, step-by-step checklists for the most critical failure scenarios. These answer the question, What do we do first in the first 30 minutes? - without requiring heroes to improvise under pressure.
Run Tabletop Exercises
Walk your team through realistic scenarios: "It's Monday morning. Your monitoring systems are unreachable, and nothing at the data center responds to ping. What do you do?" These exercises surface gaps in plans, expose missing documentation, and ensure that critical institutional knowledge is not locked in one person's head.
When Budget Allows: A Full DR Program
- Discover & Assess — inventory systems, map business impact, identify gaps and risk
- Strategy & Architecture — define RTO/RPO targets, choose DR architecture (active-passive, active-active, cloud DR)
- Build — implement infrastructure, configure replication, establish recovery orchestration
- Test — validate restores, measure actual recovery times, test at scale
- Train & Exercise — rehearse regularly, refine plans based on what breaks
6 Actions You Can Take in the Next 30–60 Days
Even without a major budget increase, these six steps will meaningfully improve your resilience posture:
- Make your backups immutable — Enable immutability on at least one on-premises backup copy and your cloud copy. This is your most important protection against ransomware destroying recovery options.
- Protect the management plane — Segment infrastructure management interfaces from user traffic. Even basic VLAN separation provides exponential protection at low cost.
- Implement lifecycle & vulnerability management — Audit your full inventory. Build a patch cadence. Document what breaks during patching windows and start mapping dependencies.
- Ensure your network can survive failures — Eliminate single points of failure. Test failover paths now, not during an outage.
- Enable logging and visibility — Ensure SIEM or log aggregation covers your infrastructure systems. Anomalous admin account activity should generate alerts.
- Build at least one quick action plan — Pick your most critical system. Document what you would do in the first 30 minutes of an outage. Test it.
Watch the Full Webinar
David Abbott's full 55-minute WRITA session covers additional depth on DR architecture patterns, zero trust principles for resilience, cloud DR with VMware and Azure, and live Q&A. Whether you are early in your DR journey or looking to validate your current approach, the webinar is a practical resource worth your team's time.