As we enter yet another hurricane season in the Caribbean, it is time once again to address the critical need to mitigate the risk of destruction of critical ICT systems.
We have all seen the impact of natural disasters on Caribbean small island states. Hurricanes like Dorian, Irma, Jose and Maria all had severe and widespread impacts on many of the Caribbean countries with the impact on the regional economies disproportionately greater than those of larger, more developed economies. The ability to recover and rebuild infrastructure also takes considerable time and resources which are not necessarily available to these countries.
A 2019 analysis by the Inter-American Development Bank (IADB) of the impact that hurricane Dorian had on The Bahamas identified up to USD$ 3.4 billion in losses which represent more than 25% of GDP.
The impact of Hurricane Maria in 2017 resulted in significant damages and losses in Dominica amounting to 226% of the country’s 2016 GDP. The disproportionate impact natural disasters can have on small Caribbean island states both in terms of loss of physical infrastructure and the financial impact of replacing this infrastructure demonstrates why states must act smarter and develop highly resilient infrastructure environments. A systematic approach to managing, optimising and prioritizing infrastructure investments is key to ensuring sustainability and viability.
Hurricane Dorian, September 2019
While the impact on larger physical infrastructure components is highly visible and potentially more immediately impactful, the increasing reliance on ICT. As Caribbean governments move toward digitisation many of their strategic business processes have become part of e-government strategies which cover both governments to business (G2B) and government to citizen (G2C). The impact of COVID-19 has accelerated this process. ICT environments are, like other national infrastructure components, vulnerable to natural disasters.
They also carry a set of specific risks which need to be understood and for which mitigation policies and procedures need to be put in place. These risks can be impactful, as natural disasters result in the unavailability of critical ICT systems. Risk assessments need to be conducted at all ICT layers; from the location and structure of data centres to the infrastructure design of networks and system environments and even data security. Clear, comprehensive disaster prevention and recovery policies should be in place along with business continuity strategies, based on international and industry standards. Without a systematic approach, there is a significant risk of loss of digital information and infrastructure in the event of a major natural or man-made disaster.
Now is the time to examine your ICT environments for vulnerabilities and develop risk mitigation strategies. In some cases, there may not be an option in the short term to provide mitigation for a particular ICT component. For example, relocating a data centre may not be possible in the short term, however, assessing such risks ahead of time prepares organizations to reduce the overall impact on critical ICT environments. In this case, identifying alternative data centres / hosting locations that can be used as failover environments should be urgently considered. This may also include utilizing MSPs - like Cloud Carib - to implement a hybrid cloud solution that can allow your organization to maintain business continuity and react in times of emergency.
These hybrid solutions are a key element in the protection of your organization's digital assets and can be based either in-country or located in other off-island locations. When contemplating off-island storage of critical digital assets consideration should also be given to data sovereignty and privacy requirements. This should determine where and how the backup are stored. As a standard backup policy, backups should be regularly restored to verify that the backup environment has been correctly processed.
While the steps outlined above are ones that can be put in place in the short term having a fully formed and properly managed cloud computing strategy at both national and regional levels can significantly improve the physical resilience of ICT systems. This will alleviate the considerable financial risk of system destruction due to natural disasters and/or cyber-crime activity.