Cyber Security
From useless failover tests to a modern Isolated Recovery Environment
I still remember participating in “failover tests” years ago (decades, actually — but let’s not dwell on that) for a financial institution, based on restoring data from tape. This was a company with over 300 physical servers, relying on time-consuming recovery from a sequential medium to bring back systems like Swift and large Oracle databases at a provider’s disaster recovery site.
We had a copy of the data stored at this third-party location and could, entirely isolated from the customer’s network, restore core business systems. Technically it worked reasonably well — we could start up applications — but there was no functional connectivity to the outside world. It was a checkbox exercise rather than a practical solution if the primary environment ever failed. Everyone knew it, but it was a fun challenge and a good team outing.
Since then, connectivity, storage, and hypervisor platforms have evolved rapidly. For years now, we've been saying that isolated, offsite environments are no longer needed — we can build geo-redundant infrastructures capable of handling not just hardware failure, but the loss of an entire data center. Systems can now failover within minutes, without any manual IT intervention.
We Thought We Had It All Figured Out
Years ago, we believed we had finally mastered the fundamentals of IT continuity through geo-redundancy — twin data centers, stretched clusters, seamless failover. But before we could even enjoy that sense of progress, a new threat emerged: the cyberattack — in the form of deliberate data tampering or encryption.
A dangerous aspect of such a cybersecurity incident is that the better your traditional geo-redundancy is, the faster the attack can spread to your secondary site. Various measures can now be taken to slow or limit this spread, but it remains a critical vulnerability in such architectures.
One definition I found online for “incident” is “an event or action that constitutes a discrete unit of experience.” A cyber event is certainly that — but to truly understand its impact, we must look deeper.
In the Netherlands, people sometimes say “the place is on fire” to describe an intense, high-impact situation. And that perfectly captures the reality of a cybersecurity incident. During such crises, people report acute stress, panic, confusion, fear of making mistakes, finger-pointing, and even tension between teams that usually work well together. Long after the incident is resolved, teams may experience chronic stress, burnout, and a loss of morale and trust — sometimes even symptoms akin to PTSD due to sustained pressure.
So where do we go from here?
The question is: can we evolve our geo-redundant IT solutions to not only withstand traditional disruptions like fire, power failure, or connectivity loss — but also include a cyber recovery component?
This solution must consider the reality that some organizations have cyber insurance policies with their own, sometimes unconventional, approaches to handling incidents. Moreover, data recovery is pointless until patient zero is found and the root cause is patched.
The recovery solution must be:
- Completely separate from the geo-redundant infrastructure
- Able to be tested thoroughly, so everyone knows the procedures and systems before they're needed
This preparation helps reduce the psychological toll on IT teams, enabling them to face cyber incidents with more confidence and resilience — and function better as a cohesive unit under pressure.
Build it yourself or as a service?
The solution is what the industry calls an Isolated Recovery Environment (IRE) — a dedicated, disconnected space with a copy of business data and IT resources, ready to be activated during a cyber crisis. It’s essentially a modern version of the old disaster recovery testing environment — but this time, with everything in place to “plug in the cable” and actually work.
Building and maintaining an IRE internally is a significant and specialized undertaking. It’s typically a dark site, yet still needs to be monitored and managed, with up-to-date backup data readily available. By the end of a cyber incident, the IRE must be capable of functioning as a full IT environment, without relying on the compromised standard infrastructure.
Security risks also increase if the IRE is customer-managed — especially if the same laptops, networks, and internet access are used as in the production environment, increasing the likelihood of compromise.
Let's talk recovery
Yuma provides IRE-as-a-Service: a fully managed isolated recovery environment. It enables cyber recovery playbook testing without impacting the production environment, helping teams prepare effectively for real-world incidents.
Because the environment is truly isolated — including infrastructure like domain controllers — application testers can go beyond superficial testing in production “bubbles.” In the IRE, we recover the minimum viable business — the critical processes needed to keep the organization running for weeks or even months in the event of a cyberattack.
Enjoyed this insight?
Share it to your network.
Christiaan Driessen
Ready to start shaping the business of tomorrow?
[email]
