In the late 1960s, I was first exposed to what would later become known as disaster recovery. I was responsible for the systems software environment for a major university computer center at the time. It was at the height of the Vietnam War protests, and one of those protests spilled over to the building housing the computer room. A number of the protesters were running through the building and randomly damaging whatever was in their path. When they got to the computer room, they found a locked, heavy steel door and moved on.

It suddenly dawned on me that we had no clue—let alone plan—to deal with damage or destruction, should the protesters have gained entry to the computer room. As I thought about it and discussed this with others on the computer operations team, I realized there were many other threats and vulnerabilities that had never been discussed, let alone addressed.

Fast forward forty years. The single-mainframe data center has given way to clusters of dozens, if not hundreds, of servers and decentralized data centers; networking is often more critical than processors; dozens of computer room operators have been replaced by lights-out data centers; a week-long recovery from a data center disruption is now more likely to be an almost instantaneous failover to a backup; and disaster recovery has become a fact of life.

The bad news is that too many data center managers still have not been able to effectively address disaster recovery, whether because of lack of management ...