Will Your Disaster Recovery Plan Actually Work?
Posted on April 26, 2017
While you can’t prepare for every possibility, you must take measures to ensure your business is resilient enough to survive the most likely disruptions. The key is to think ahead and put the necessary controls in place to mitigate or prevent those risks before they become reality.
What is a Disaster Recovery Plan (DRP)?
A Disaster Recovery Plan is used while your business is in the state of a disaster. It takes effect immediately after a disaster has occurred and is designed to minimise the effects on your business. DRPs usually focus closely on the IT operations of an organisation.
While disasters have always occurred, having detailed, accessible and actionable disaster recovery plans was often seen as more of a ‘nice to have’ than an operational necessity. However, with organisations’ increasing reliance on the movement, management and storage of data as part of core business operations, the ability to protect that data and the systems that utilise it has become paramount.
What types of disaster might affect your business?
When we think of disaster recovery, it’s important to remember that it is not just about natural disasters – although obviously it’s true that events like fires, floods, earthquakes and storms can have a significant and devastating impact. Other threats include both logical/technical threats - those caused by malware, broken network connections or a major server crash – and human-generated; those caused by malicious hacking attempts, deliberate sabotage by disgruntled employees or Distributed Denial of Service attacks (DDoS).
Where do you start?
The key to determining the right disaster recovery plan for your business is understanding your Maximum Tolerable Downtime (MTD) and defining both your Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). That is, exactly what data and systems you will need to recover and by when to ensure your business can maintain some minimum set level of operations and avoid unacceptable consequences.
These parameters will dictate the types of solutions you choose to meet your objectives. For example, if you determine your operations cannot survive any kind of significant downtime (that is, your RPO is continuous and your RTO is instantaneous), you’re going to need to look at a solution that provides a close to seamless transition from your primary data facility to a secondary disaster recovery data facility.
This type of arrangement may also be known as a “hot site” if you outsource this function, or as a redundant site if you maintain it yourself. This is essentially a secondary facility that is kept in a state of readiness that can be swapped in to pick up mission critical operations as quickly as possible.
You should also note that this type of arrangement will probably affect how much production bandwidth you choose to dedicate to maintaining your offsite preparations.
This type of contingency can be expensive though and before any type of decision should be made, you need to understand the recovery parameters of your business.
You don't have to do this alone - it's smart to share the risk
There is no denying that this process represents a significant investment for any organisation and also that it requires a particular degree of specialisation in order to complete successfully.
Plans need to cover broad areas of your IT operations and how they will be recovered. This is likely to include considerations regarding your network infrastructure, hardware, specialist equipment, application software and your all-important data.
And don’t forget your staff – where will they work and how will they work? As such, outsourcing your disaster recovery, and/or sharing some of the risk with a service provider, can be a reasonable and pragmatic approach to take.
Considering all the different dimensions involved in creating a DRP, having a partner such as Vocus to help lead you through this process and supply appropriate guidance and possible solutions is also invaluable.