(c)iStock.com/natasaadzic
Disaster recovery (DR) forms a critical part of a comprehensive business continuity plan and can often be the difference between the success and failure of an organisation. After all, disasters do happen — whether that’s a DDoS attack, data breach, network failure, human error, or by a natural event like a flood.
While the importance of having such a strategy is well recognised, how many organisations actually have the right plan in place? Not many, according to the 2014 Disaster Recovery Preparedness Benchmarking Survey which revealed that more than 60% of companies don’t actually have a documented DR strategy. More than that, the survey found that 40% of those companies that do have one said it wasn’t effective during a disaster or DR event.
Taking the above into consideration, what can businesses do to ensure their plans are not only in place, but also work as they should and allow organisations to recover quickly and effectively post disaster?
One aspect to consider is using the cloud to handle your DR requirements as it is a cost-effective and agile way of keeping your business running during and after a disaster. DR cloud solutions or disaster recovery as-a-service (DRaaS) deliver a number of benefits to business. These include: faster recovery, better flexibility, off-site data backup, real-time replication of data, excellent scalability, and the use of secure infrastructure. In addition, there’s a significant cost saving as no hardware is required — hardware that would be sitting idle while your business is functioning as normal.
Another aspect is testing. Not only should DR strategies be continuously tested, but they should also be updated and adapted in line with changes in the business environment and wider technology ecosystem, as well as industry or market shifts. Again, this is seen as important, but practically, isn’t happening as it should. According to the same benchmarking survey, only 6.7% of organisations surveyed test their plans weekly, while 19.2% test annually and 23.3% never test them at all.
The practicalities of implementation can often be challenging — from budgetary issues, buy-in from CIOs and the type of solution itself. DR means different things to different people — from recovery time, in terms of minutes or weeks, to its scope covering just critical systems or encompassing all IT.
So where do you start?
Identify and define your needs
The first stage of defining these requirements includes performing a risk assessment often in conjunction with a business impact analysis. This includes considering how age, volume and criticality of data, and looks at your organisation’s entire IT estate. DR can be an expensive exercise and the initial stage of strategy development can help you with evaluating the risk versus the cost.
Your data could be hosted on or off site; and for externally hosted solutions this means making sure your hosting provider has the right credentials (for example, ISO 27001) and expertise to supply the infrastructure, connectivity and support needed to guarantee uptime and availability.
It is also during this phase that you should define your recovery time objectives — the anticipated time you would need to recover IT and business activities — and your recovery point objectives — the point in time to which you recover your backed up data.
Creating your DR plan
A successful DR strategy encompasses a number of components, from data and technology, to people and physical facilities. When developing the actual plan and the steps within it, you need to remember that it affects the entire organisation.
Connectivity plays a critical role here, specifically in how staff will access the recovered environment, i.e. though a dedicated link or VPN. Is additional connectivity needed for the implementation of the strategy to work? And if so, how much will this cost?
Test, assess, test, assess
The final stage is an ongoing one and is all about testing the plan. With traditional DR it is often difficult to do live testing without causing a significant system disruption. In additional testing complex plans comes with its own degree of risk. However, with DRaaS, many solutions on the market include no impact testing options.
At this point it is also important to assess how the plan performs in the event of an actual disaster. In this way weaknesses or gaps can be identified, driving areas of improvement for future plans.
Conclusion
In today’s business environment it is safe to assume that your organisation will experience a disaster or event of some kind that will affect operations, cause downtime or make certain services unavailable. Having a DR strategy in place — one that works, is regularly tested and addresses all areas of operations — will help mitigate the risk and ensure the organisation can recover quickly without the event having too much of a negative impact on customer experience, the brand or the bottom line.