Another year begins and we already have reports about data breaches and cyberattacks. The German government has fallen victim of a high profile hack within the first few days of the year and as a result personal details of top politicians were posted on Twitter.
Although data security is a hot topic for 2019, it shouldn’t be the only focus. Natural disasters, technical failures, accidental deletion and human error are big factors that affect all organisations. In the blink of an eye your workforce could be out of action, halting all business operations. As a result, your business continuity plan needs to be robust and able to be executed quickly and effectively when needed.
What’s the plan?
Do you have a DR plan and is it up to date? Revisiting this regularly can be seen as a costly on resources, but is critical to ensure it remains appropriate for the needs of the business.
Think about the priorities. Understand where your systems run and ensure you can recover those which are vital to keep business running first.
As enterprises move over to cloud, IT directors may consider whether secondary sites for staff are still needed. It may not stack up to have empty desks and hardware waiting for disaster to strike. Virtual desktops and remote connectivity maybe a more cost effective alternative. However, all avenues should be explored as companies go through digital transformation.
Think about circumstances that could invoke disaster recovery. Some could even prevent you having physical access to your building or even your secondary site.
Here are some examples of potential DR situations. Consider carefully what measures and resources would be needed for each one:
- Natural disasters (extreme weather, earthquakes, floods etc).
- Terrorist threats, biohazards, localised denial of access to buildings.
- Technical/hardware failure
- Service failures such power outage, leased line or internet failure.
- Failed planned works.
- Accidental deletion/Malicious deletion
- Data sabotage.
RTO and RPO
An important place to start with your DR plan is Recovery Point Objective (RPO). Decide which data is needed to keep business up and running and find out how often this irreplaceable data is created. These factors help determine your RPO. An automated backup solution is a good option because it can lower your RPO with scheduled backups every few minutes.
RTO should also be a big consideration. How quickly do you need to get back up and running?
For most organisations it is within a matter of hours. However, recovery from legacy backup solutions such as tape can take days. In world where everything is expected in seconds at our fingertips, it isn’t feasible to stop production for any considerable length of time and risk impact to the bottom line.
It’s easy to plan a file, folder or even server recovery when the rest of the environment is still up and running, but in a mass infrastructure loss event you have to rebuild everything a fresh, and usually under considerable time pressure.
Having a tested DR plan with an experienced DR service provider pays dividends. It allows you to manage the local event, staff and logistics whilst your environment, networks, servers, services and critical company data is brought back online. Consequently, this limits downtime and resultant losses.
Disaster Recovery as a Service (DRaaS)
Choosing DRaaS could be hugely beneficial in a number of ways. It can be cost effective, reducing data centre footprint and secondary site needs for larger enterprises.
Likewise, SME’s can really benefit by utilising a service providers cloud servers and data centres. It enables them to improve their DR without having to invest in costly resources.
Furthermore, recovery is also accelerated if you have fully duplicated workloads in the cloud. If you are already moving your systems to the cloud, the transition to cloud recovery becomes much easier to implement.
Things to consider when looking at DRaaS:
- Locality – How quickly can you get your backup media to the DR provider for them to start the recovery?
- RTO – When on site, how quickly can they restore that data from the media to the servers?
- Are DR tests included/encouraged?
- For corruption or ransomware, are multiple recovery points easily available?
- How will users will access the recovered services?
- How will surviving branch offices access the recovered services?
- Can the DR provider co-locate more critical or fragile services?
- How long does a customer have access to the recovered environment before being evicted?
- Does the recovery environment mirror that of production– Performance, redundancy, power, cooling etc.
- How backups continue during a live invocation?
- How are the test DR’s handled without affecting production systems?
There are many factors to consider when establishing DR plans and certainly not all are covered here. Hopefully, this has given you food for thought offering a starting point to review your strategy.
First of all look at all scenarios that could potentially effect productivity. Think about what is realistic in terms of budget and resources to get your plan in place. Finally, test your plan and make sure it is reviewed periodically.
DR is essentially like an insurance policy. Dealing with it feels like a burden, but you’ll be really glad you did when it’s needed.