A guide to preparing for an eventual failure.
Most businesses understand the need to create a disaster recovery plan. But, finding the necessary and dedicated funds can be a daunting task, especially given that disaster recovery planning has little return on investment regarding direct income or cost savings. Only 30% of businesses report already having a comprehensive disaster recovery plan in place.
Overlooking this vital area of business and brand protection can spell doom for any company unlucky enough to be caught unaware. Only 10% of businesses with no disaster recovery plan survive a major failure. 60% of small businesses that lose data close within 6 months
Investing in a disaster recovery solution can save your entire business. Like cybersecurity, it is a necessary requirement of operating in a digital age. The question that remains is — are all disaster recovery plans the same?
A Simple Answer
The simple answer is no. You might have a system in place that will allow you to get all (or part) of your data back. However, if there is too much downtime before that happens, it can still be the end of your business.
An effective disaster recovery solution has to not only take into account how you will restore your system but also how you will continue operations during the failure itself. You need a plan that can avoid downtime and takes into account the human and technical elements of dealing with a disaster.
This article is a guide to the things you need to consider when building a comprehensive disaster recovery plan — and the specifics of how to do so in-house, or with outside help.
Business Continuity vs. Disaster Recovery
The basics of how to create a disaster recovery plan for your business that actually works.
Business continuity (BC) and disaster recovery are often used interchangeably. However, they are not exactly the same. Disaster recovery simply refers to a set of protocols designed to reboot stored data and business applications in the event of a failure. Business continuity encompasses a wider set of procedures designed to keep a business running following a disaster. This wider set of options needs to be taken into account to create a disaster recovery plan that will actually deliver sufficient results in the event of a failure.
The four things every comprehensive DR/BC plan has to take into account are failover, failback and RTO/RPO criteria.
- Failover is the process of transferring all applications and processes to a redundant IT system, generally in a secondary location. This is undertaken to continue operations while repairs are underway on your main system
- Failback is the process of returning applications and processes to your original and restored system. This synchronisation is an important step to make sure that all data generated during failover is retained in the return to normal operations.
- RTO (Restore Time Objective) references the amount of downtime your business can tolerate in the event of a failure.
- RPO (Restore Point Objective) sets guidelines for the maximum target time in which data might be lost — essentially the update period for your backup system.
What This Actually Means
Replication to off-site infrastructure with customised restore time objective (RTO), restore point objective (RPO) and failover/failback procedures is the most secure way to provide a seamless outcome in the event of failure. Anything less leaves you open to unplanned downtime. A backup drive in your Comms Room, for example, won’t help in the event of a flood. Without some kind of off-site failover, you will likely be stuck waiting for repairs, unable to carry on with business in the meantime.
When contracting with a third party, the tolerances for these criteria are critical to specify in your service level agreement (SLA) and will affect cost. When building something in-house, they are guarantees you have to make to yourself.
Lastly, your disaster recovery plan needs to account for people. Poor business planning is an often reported source of failure in the implementation of recovery procedures. In addition to meeting basic technical requirements, it is important to have a procedural plan in place and train staff on how to proceed in the event of a failure
- You need an IT-based disaster recovery solution
- You also need to have an operational plan in place for its implementation
- Make sure to get guarantees for restore time objective (RTO) and restore point objective (RPO) criteria
- Understand that off-site replication and failover procedures are the only way to guarantee an instantaneous restore time objective (RTO)
Create Disaster Recovery Plan That is Right for Your Business: Ground, Cloud and Hybrid Solutions
Traditional business continuity solutions rely on the replication of most or all of your IT infrastructure in a data centre. This, however, can be expensive.
Cloud services provide flexible, cheap and often easy to install solutions that have become widely used for disaster recovery purposes. However, it is important to not confuse the capabilities of a Private Cloud and the simplicity of a Public one.
Public Clouds are cheap and easy to install. However, they operate over the internet and therefore lack reliability and speed. Private clouds are stable and secure, however, they require the purchase of dedicated hardware for off-site deployment.
Whether choosing a cloud or traditional option, again, what is important is to get your restore time objective (RTO) and restore point objective (RPO) criteria right. RTO and RPO protocols can be applied selectively throughout your organisation, allowing you to focus your technical resources where it counts.
The high volume of backups required to keep RPO timeframes to a minimum can be achieved through compression and deduplication to either traditional or cloud infrastructure. However, the most viable plan is often to take full advantage of the public cloud while siloing traffic-heavy and business-critical applications to a private cloud or data centre network for failover.
- Public clouds are cheap and easy to use but lack reliability and speed
- Private clouds are stable and secure, but expensive and complicated
- Data centres are an expensive but reliable and tested solution
- Consider hybrid options that take full advantage of the different benefits on offer in the market
Make Sure Your Disaster Recovery Plan is up to Sufficient Standards
Run drills, practice and always test your hardware
Around 30% of companies with a disaster recovery plan that is tested by failure still suffer data loss*. 35% of companies that experience a failure temporarily lose at least one business-critical application. Of those that lost data in 2016, 12% could not recover that information.
That either means the procedures were inadequately constructed/executed, or the disaster recovery system itself failed. Remaining on top of disaster recovery procedural updates is as vital as having a plan at all. It is also advisable to run drills and regularly test the efficacy of your hardware.
Deficiencies of this kind are why companies have started looking at cloud and hybrid-cloud DR solutions and disaster recovery-as-a-service (DRaaS) to provide continual, scalable and near real-time backup of all business processes and applications. These options, along with other outsourced solutions, are particularly suitable for companies with lower in-house IT proficiency.
No matter how you achieve the results, your goal should be the ability to restore all of the applications and data critical to your operations through cloud-based or remote server failover. Then be able to execute a pre-scripted plan to carry on operations while repairing your main IT system. This is the only way to guarantee near instantaneous restore time objectives (RTO). Lastly, you need a continuity failback plan to return operations to normal.
- Always make sure that the disaster recovery plan you have in place actually meets the criteria you need to keep your data safe and prevent prolonged downtime.
- Restore time objective (RTO), restore point objective (RPO) and service level agreement (SLA) criteria.
- Investigate different types of disaster recovery solutions — all of which have their own benefits and downsides.
- Data centres
- Public cloud solitons / Hybrid-cloud solutions
SUMMARY — Build A System Suited To Your Needs
It is important to take into consideration all IT options and assess your own in-house skills. Consider contracting with third-parties and investigate cloud and hybrid-cloud solutions, as well as the traditional data centre. Whether using contractors or in-house teams, always scrutinise restore time objectives (RTO) and restore point objectives (RPO) and make sure they align with your business needs*.
Effective disaster recovery requires business planning that goes beyond IT*. Train staff to use data recovery procedures and make sure everyone understands the plan so that operations can continue smoothly.
It is critical to take into account all of the particularities of your location, business and workforce when thinking about disaster recovery*. If you backup to a data centre, choosing a provider nearby may render your preparations meaningless if faced with citywide infrastructure failures.
Real business continuity planning goes beyond thinking about how you will restore your system in the event of a disaster — it is about planning how you will carry on operations throughout a disaster as if it never happened.
The always-on world of modern business means it is more important than ever to stay operational. Downtime can cripple brand reputations and customer confidence. It can generate losses in revenue that go far beyond the opportunities missed while experiencing a failure. The only way to ensure your business against downtime is to build a comprehensive business continuity/disaster recovery plan that will keep you running no matter what problem your main IT infrastructure faces.