May 04, 2015
What Star Wars Can Teach Us About Disaster Recovery Planning
In appreciation of Star Wars day (today!) we’re taking a look at the similarities between Star Wars and disaster planning, enjoy.
For those of you that aren’t absolute Star Wars fanatics, allow us to introduce you to Grand Moff Tarkin, one of the most feared and powerful leaders in the Galactic Empire. He had sole command of the original Death Star, and even Darth Vader answered to his orders. He also was terrible at disaster recovery planning.
Tarkin didn’t believe that a battle station the size of a small moon, with the power to blow up planets, had anything to fear from a rag-tag band of rebels.
This is not to say that Tarkin didn’t have a healthy respect for his enemies. There’s a reason he helped build a battle station the size of a small moon that could blow up planets. Tarkin knew that threats were out there, and he believed in being prepared.
It was precisely because Tarkin thought he was prepared for anything that he got himself—and his entire operation—blown up.
So what lessons can IT pros take from the Tarkin Blunder?
Lesson 1: Build a Disaster Response Team (and Listen to Them)
Tarkin made a show of soliciting the opinions of his command staff, and at least one, General Cassio Tagge, warned that, “If the Rebels have obtained a complete technical readout of this station, it is possible, however unlikely, they might find a weakness and exploit it.” Unfortunately, Tarkin allowed his staff to devolve into petty infighting and Force Chokes.
Your security staff and disaster response team are useful only if given the latitude they need to do their jobs, and if their assessments are objectively heeded. Your task is to keep your company safe, secure, operational and profitable. That occasionally means admitting you are vulnerable, and requires spending resources to address your vulnerabilities.
Lesson 2: Constantly Self-Assess Your Vulnerabilities (Before Someone Else Does)
Once you’ve got your core group of disaster recovery planners together, the first order of business is to determine the ways in which your organization is vulnerable. General Tagge knew the stolen Death Star plans posed a risk, but Tarkin wasted resources prosecuting the Rebels rather than analyzing the plans they stole and determining if any weakness was present.
And it clearly wasn’t a difficult weakness to uncover, given that the Rebellion computed it in less than a day on systems that could barely muster VGA graphics.
The best method to prepare for a disaster is to model the ways one is likely to affect your organization. Only then can you make adequate preparations. Tarkin assumed his and Admiral Motti‘s original plans were adequate, and that the Rebellion posed no threat—even when presented with new information in the form of stolen Death Star plans. We all saw how that turned out.
Lesson 3: Be Prepared for Asymmetric Threats (Even the Crazy Ones)
As Rebel General Jan Dodonna remarked, “The Empire doesn’t consider a small, one-man fighter to be any threat. Or, they’d have a tighter defense.”
Even once the Rebel assault was underway, and the Empire finally understood what they were up against, Tarkin refused to acknowledge that he and his Death Star were in danger. His last words were, well, ironic.
Tarkin went down in flames—literally—because he could not accept the threat assessment of his security and disaster planning teams, even as an ultimately successful attack was underway.
No matter how unlikely a natural disaster or coordinated security breach may seem, you must take every plausible threat seriously. When early signs point to trouble, get your disaster response team in gear before some punk from Tatooine makes a lucky shot on your thermal exhaust port—because there won’t be any time to act afterwards.
If you don’t want to end up like Moff Tarkin, check out our DRaaS page for more information about disaster recovery plannin. Remember, forming a team and plan is only the beginning. You must empower that team, constantly re-model the threats they’ve assessed, and listen to them when they raise the alarm of impending danger.
To do otherwise is to reenact the Tarkin Blunder.
Happy Star Wars Day, and may the Force be with you!