Unfortunately, there are many things in the world that can go wrong and can spell disaster for your business. This could be anything from a hurricane or a heatwave to a terrorist attack or a cyber attack. Although we might prefer to not think of such terrible events, they remain a possibility that we have to plan for so we can ensure that damages are minimized and business can go on as far as this may be possible.
In the digital age, the disasters taking place in the real world are added to with virtual ones, so businesses have even more negative possible events to prepare for and develop responses to. Businesses have become more dependent on data and network systems, and IT protection has become a crucial part of disaster recovery planning to reflect this. More and more assets are becoming digital and therefore need to be well guarded. Those planning disaster recovery in London will be more likely to prioritize the loss of valuable data than earthquakes or volcano eruptions, which (thankfully) aren’t too common in The Big Smoke.
The first stage of a recovery plan is to assess the potential risks that could impact the operations of a business. This is done with a risk assessment or a business impact analysis, that identifies the IT services most important to the business, and the associated risks. Next it is necessary to find ways of reducing each risk. Organizations can use a Risk Assessment Framework (RAF) as a record of the risk assessment, showing details of the danger of each risk and the priority of the response.
Disaster Recovery Planning
The plan an organization develops needs to lay out the range of negative scenarios that could occur and also the course of action that will recover the IT systems so that the business can continue to operate. This may be part of the a larger business continuity plan, which includes prevention as well as response to a number of threats.
It’s important to develop plans and strategies for IT systems, applications and data. For this, time-sensitive business processes and the IT resources supporting them should be identified, as well as those that are the most critical to operations.
The following two concepts are central to data recovery planning and can be used to provide structure to the plans and strategies.
Recovery Point Objective (RPO) is the age of files that need to be recovered for operations to restart after a network goes down or there is a hardware or communications failure. The RPO is expressed in time from the point of the failure, and it determines how frequently system backups are carried out. If the RPO is 45 minutes then the system must be backed up every 45 minutes.
On the other hand, the Recovery Time Objective (RTO) is the period of time that an organization can be out of service following a disaster, before operations are disrupted. This is usually measured in terms of lost revenue, and it’s dependent on the damage to technological systems and equipment.
After identifying potential threats, prevention strategies should be developed, followed by response strategies. For response strategies, such factors as the physical premises, data storage, the number of employees and the exits routes will need to be considered.
Cloud Disaster Recovery
Cloud technology is already designed to provide a virtual space for storage and services so the material world doesn’t need to be relied upon. This can include a backup and restore facility, so an organization can recover data and make use of failover (the transition of one system component to another) in the event of a disaster. Cloud service providers generally offer a range of disaster recovery plans, and these can be easily implemented.
Cloud disaster recovery is an Infrastructure as a Service (IaaS) solution, but also can be known as Disaster Recovery as a Service (DRaaS) as one of the many new cloud services available, and it enables an organization to change server to provide failover in the event of a disaster. This means that disruption to business will be reduced, and it also means that smaller businesses won’t need to invest in an off-site disaster recovery environment.
All in all, cloud disaster recovery solutions can be faster, more cost efficient, and come with the advantage of backing up the entire server. DRaaS solutions are provided by Microsoft Azure, Quorum, Zerto and Carbonite.
Disaster Recovery Testing
In order to ensure they are effective and are able to recover data, restore important applications and continue operations, data recovery plans need to be tested. Unfortunately, this is something that is all-too-often neglected, though it is an essential aspect of the plan. Tests focus on applications, communications and data recovery, and they should be carried out regularly to make sure the plan is serviceable.
The three types of data recovery tests are the plan review, whereby team members scrutinize the plan together, the tabletop test, which is a step-by-step walk through of the recovery test, and a simulation, which is as close as possible to a real-world disaster actually happening. Key factors to consider during testing include the frequency of tests, the changes that have been made, the impact of testing on production, and the possibility of human errors in the disaster recovery process.
With a shocking 75% of small businesses in the U.S. are without any kind of disaster plan, it’s clear that many of us don’t feel it necessary to prepare for the worst. Under normal conditions disaster recovery is something that can be brushed under the carpet and worried about later. But with such a high number of natural disasters, terrorist attacks and extreme weather conditions, businesses should be prepared. With the additional threat of cyber crimes that can render us powerless in a second, plans are best put in place. We all hope it won’t happen, but it’s better to be safe than sorry.