Disaster Recovery in the cloud: Is Your Strategy Stuck in the Past?

Written By Keijo Metsalu

If you’re responsible for the continuity of critical infrastructure in the Nordics, here’s an important question: is your disaster recovery plan designed for today’s challenges, or are you relying on solutions that made sense 10 years ago? 

The world has changed. Disasters—both natural and man-made—can impact operations without warning. Yet, many organizations still rely on local solutions, assuming that on-premises or same-country backups will suffice. 

Is that approach good enough for the demands of modern business continuity? 



The New Reality: Beyond Borders for Resilience 

With the growing complexity of geopolitical and environmental challenges, relying solely on local disaster recovery solutions introduces risks. A natural disaster, infrastructure failure, or a disruption to national infrastructure could significantly delay recovery efforts. 

Cloud-based Disaster Recovery (DR) offers a powerful alternative, enabling organizations to extend their safety net beyond borders. It’s not just about having backups—it’s about ensuring seamless business continuity under even the most challenging circumstances. 

Differences in the Nordic Market

For the Finnish readers; check out Huoltovarmuuskeskus’ Decision-maker's guide and cards for business continuity management and preparedness (2023) here if you already haven’t.

Finnish Ministry of Finance also published a “cloud 1st” strategy back in 2019 and updated it in 2023 - making it clear for everyone that cloud is OK.

As another example from the Nordics, Denmark’s approach appears more intricate and IMO leaves uncertainty for affected organizations about what they can and cannot do.

The Danish National Strategy for Cyber and Information Security 2022-2024 emphasizes the need for robust protection of vital societal functions, recognizing the growing reliance on digital systems across sectors such as energy, health, and transportation.

A key element of the Danish strategy is the adoption of cloud computing solutions. However, the strategy also—understandably—highlights the importance of addressing associated risks, including data protection and compliance with regulations like the General Data Protection Regulation (GDPR).

To mitigate these risks, Denmark has defined regulations for data segmentation, storage locations and encryption - but it leaves the discussion more open to interpretation compared to ie. Finland.

Note: this section is primarily aimed at the public sector :)



A striking example comes from Ukraine in 2022.  

Yes, I know this isn’t the newest example and you’ve probably heard it before, but it illustrates things perfectly.

Just days before the Russian invasion, Ukrainian law was changed to allow critical government and private sector data to be moved to the cloud.  

When the invasion began, Amazon Web Services (AWS) rapidly stepped in, providing secure devices and technical expertise to migrate massive amounts of data from vulnerable local servers into the cloud. 

Within months, over 10 petabytes of data—including government records, banking systems, and educational platforms—were securely stored in cloud environments, ensuring essential services could continue despite widespread physical disruptions. For instance, displaced students were able to complete their exams, and land registry records were preserved for future reconstruction efforts. 

If an entire nation can pivot to the cloud under such extraordinary circumstances, imagine the possibilities for proactively safeguarding your operations. 



Why Cloud Makes the Difference 

Cloud-based DR goes beyond the limitations of traditional setups by providing: 

  • Resilience in extreme scenarios: Even if local internet connections are disrupted, global cloud providers offer redundancy across diverse networks to keep your systems accessible. 

  • Expanded protection: Geographically distributed replication safeguards your critical data and systems in regions unaffected by local disruptions. 

  • Enhanced readiness: Cloud-based solutions make recovery testing straightforward and non-disruptive, so you’re always prepared. 

  • Scalability: The cloud adapts to your organization’s growth or fluctuating demands without significant upfront costs. 



Five Questions to Challenge Your DR Strategy 

To assess the resilience of your current disaster recovery plan, consider the following: 

  1. Where is your recovery environment located? 
    If it’s in the same country as your operations, would a widespread outage compromise your ability to recover? 

  2. How often do you test your DR plan? When was it last tested?
    Are you confident it will perform effectively in a real-world scenario? 

  3. Is your recovery plan scalable? 
    Can it adapt to rapid changes in demand or support your organization’s growth? 

  4. What are your failover times? 
    Do they meet the expectations set by your SLAs and your customers? 

  5. Is your DR strategy prepared for future challenges? 
    Does it account for evolving risks like geopolitical uncertainty, climate-related disruptions, or sophisticated cyber threats? 

Bonus question: How long do you have until the lawyers are called in to close down the company?

Anyhow.. we usually start our cloud DR discussions around this image and ie. AWS’s Disaster Recovery of Workloads on AWS: Recovery in the Cloud guidebook to visualize the different options.

Image: strategies for disaster recovery


The elephant in the room

Of course, we can’t ignore the geopolitical shifts in the world. The cloud industry is largely dominated by US-based providers, and recent global events—from trade restrictions to data sovereignty debates—highlight the need for a balanced approach to resilience.

The question isn’t just about whether to use cloud, but how to do so in a way that ensures control, compliance, and continuity, no matter what happens next.

For example Gartner’sCritical Insights: Impact of U.S. Federal Policy Changes on International Cloud-Centric Tech Services” study from March 2025 recommends a strategic approach, where companies can partially migrate workloads to alternative solutions, leverage encrypted data, and develop long-term multi-cloud strategies to minimize risks without losing access to innovation.

This is where we come in.

We help companies translate these high-level recommendations into practical, actionable cloud strategies that align with business needs, regulatory requirements, and real-world constraints.


It Is Time to Reassess 

The challenges of today’s world call for forward-thinking solutions. Cloud-based disaster recovery provides the security, flexibility, and scalability needed to ensure your business continuity strategy remains robust, no matter the circumstances. 

At Cloud2, we help organizations design tailored, cloud-based DR strategies and implementations that align with their operational needs and regulatory requirements. Let’s work together to future-proof your business continuity. 

Note: If you’re already ahead of the curve on this topic, give yourself a pat on the back – you’re one of the few.

We’d love to hear how you’ve tackled this challenge – and let us know if you think we’re missing something critical here! 

Keijo Metsalu
Previous

The Benefits of Platform Engineering
Next

Cloud2 - The Nordics Just Got a New Heavyweight