Questions to ask when planning a security strategy
From an application and user perspective – what is the harm if a user needs to re-authenticate during a system failure? Is that an acceptable degradation of service or does the application have long running user processes and any hiccups in that are extremely painful and potentially unrecoverable? What about data freshness? If data updates frequently (multiple times per minute or even second) – is it better to have an empty visible data set until the next update or potentially stale data? These business level decisions are equally if not more important than your architectural decisions when planning for disaster. Be sure to have a healthy dialogue with vested parties when planning out your disaster recovery strategy and talk in terms of impact to your business, not your technical stack.