Numerous reports, surveys and statistics confirm that commercial entities of all sizes are woefully unprepared for unexpected events. Ivenio IT stated that 54% of companies with less than 500 employees have a disaster recovery (DR) plan in place while 74% of larger companies had one. For smaller companies in the U.S., the figures are even worse with a Nationwide 2015 press release indicating that just 25% of companies with 50 or less employees had an active DR plan. Given the cost of downtime, surely we can do better?
We must as, according to Zetta’s infographic and online survey, there is much to improve, not least of which includes usage of the hybrid cloud and the fact that only 45% who experienced downtime issues bothered to make changes to their DR plans after the event.
Before delving into the benefits of a logical DR plan, an understanding of its meaning is necessary. Firstly, business continuity (BC) and DR are not the same thing, although there is an obvious overlap in business goals. BC reflects the efforts to avoid loss of service or downtime while DR reflects the response required to resume activities after the worst has already happened.
Disasters can include cyber events, extreme weather conditions, fire, flooding, loss of a key staff member, service interruptions from third parties (most commonly electricity or broadband), hardware failure and human error.
“This list is not exhaustive, and the formulation of any disaster recovery plan must include a risk analysis step in the early stages to identify potential risks that apply to your company or industry. Once risks are identified, you can brainstorm on ways to solve them immediately or at least initiative a process that will solve them in the fastest possible time”, said Radosław Janowski, product manager at SMSEagle.
Sounds reasonable, but how about an example?
Disaster Recovery in Action
Okay, let’s take a simple example to demonstrate DR in the real world. Company X is located in a commercial district and their primary data server goes down due to water damage from a leak in the ceiling. As the smoke indicates, the server is out of commission and business activities grind to a halt along with the company network.
Fortunately, Company X has a DR plan in place. The risk of server loss was correctly identified and the solution proposed was an offsite real-time backup in the cloud (in a data center that is not impacted by local power or service outages). This means that all Company X clients are unaware of a technical issue and business continues uninterrupted. Company X employees are not connected to their local server but they can also continue working using a mobile broadband option. It’s not ideal but gives the IT team (and a plumber to fix the leak) the time necessary to repair the damaged hardware and restore everything from cloud backups.
There you have it. DR in action. The disaster occurs, the DR team (usually IT) are notified automatically and the backup solution is in play while the cause and effect of the disaster is fixed.
“Automatic notification is key as any delays only increase costs. In this example, if equipment is not moved from under the leak, then instead of a single server, perhaps an entire rack (with hubs, routers, firewalls etc.) is compromised”, said Przemysław Jarmużek, technical support specialist at SMSEagle.
Automating alerts is certainly necessary, given that disasters need not occur during office or support hours.
Strategise then Plan
When designing a DR plan, brainstorming is necessary. Think about every aspect of your business and the infrastructure that supports it. Think about your service and utility providers. Think of the unexpected. Even discussing a zombie apocalypse has implications that are of benefit in a disaster recovery process, even if it relates to building security. Once you have exhausted ‘what if…’ scenarios, you are ready to offer strategies to solve them.
“Preparing for the unexpected is not a wasted exercise but makes excellent business sense.”, said Radosław Janowski, product manager at SMSEagle.
Once you define potential threats, you can then create a prevention strategy that includes response and recovery options that evolve as needed.
In conclusion, ISO/IEC 27031, the global standard for IT disaster recovery, states that “Strategies should define the approaches to implement the required resilience so that the principles of incident prevention, detection, response, recovery and restoration are put in place.”
Do your DR (for IT disasters and others) strategies follow this approach? They should.