"It's a lot more dynamic now with the ability to...install backups and roll it back to any point in time," Nelsestuen said. "I've even seen some institutions look at creating a paper trail, so that if all else fails -- get out a slide rule and piece of paper."
Geographic distances were rarely considered prior to 9/11. Most companies were comfortable replicating data intercampus or to a facility within a few miles of a primary data center. A few firms, such as Nasdaq, actually replicated data out of state. Even so, some still get it wrong, Nelsestuen said.
"I know a company that has data centers in Florida and Galveston, Texas, which means a single hurricane could take both of the sites down," he said.
Cloud services, or application and storage service providers, are nothing new. Even before 9/11, companies such as Storage Networks were offering to store business data in an offsite facility that could be accessed remotely in times of disaster.
Today, a combination of public and private cloud services offer a more robust protection scheme where the most critical business data - that which is needed to keep revenue coming in - is replicated to a service provider or stored in a corporate cloud accessible from any location.
Public clouds are particularly advantageous for small-to medium-sized businesses because the services offer enterprise-class disaster recovery capabilities at a cost that's affordable. But, experts warn companies not to hog the bandwidth. The more data they want to recover, the more it'll cost. So they should store only what's needed to get the business running again -- not up to full speed.
Another bit of advice: When choosing a cloud service provider, companies should make sure the provider is on a different power grid.
"A business may think they're pretty well covered because they're replicating data to an offsite data center miles away, but it may be on same power grid as their office building," said Al Berman, executive director of the Disaster Recovery Institute International (DRI) in New York City. If that power grid goes down, the company and is offsite data center could both be affected at the same time.
Nelsestuen believes cloud services are over-hyped, particularly in the financial services industry. While Tower Group estimates that spending on cloud servicers will grow to $27 billion by 2015, that's only 5% or 6% of all IT spending in financial services.
"There's still so many issues associated with security and operational aspects of that," he said. "There is a huge effort to try to create internal clouds. They're virtualizing their platforms, and the hardware and the networks, so they have a continuous backup. But that's all internal."
In the end, said Witty, 9/11 taught companies lessons that are still being put into practice.