Best practice approach to developing a successful disaster recovery strategy
DR is an organisation’s ability to effectively recover business critical data, applications, networks and services after a failure. And a business needs these components in order to operate, make a profit and remain competitive. If they are affected by a disaster – from downtime caused by human error, a power disruption failure or system crash, to a natural disaster or accident – the ability to recover them may be the difference between success and failure of the business.
As a critical element of overall business continuity, DR – and particularly cloud-enabled DR – is a cost-effective and agile way of keeping your business running during and after a disaster. DR cloud solutions, disaster recovery as-a-service (DRaaS), such as Azure Site Recovery, deliver a number of benefits to business, including:
Data is backed up off site and is always available
Real-time replication of data
Reduction in cost because there’s no need for hardware
You pay for what you need, when you need it
Use of secure infrastructure
While DR plans depend on the type of organisation, budget and the type of information that is being backed up, there is a best practice approach to putting a strategy together. There are three critical stages to look at – defining requirements, developing the plan and testing.
The practicalities of implementation can often be challenging – from budgetary issues, buy-in from CIOs and the type of solution itself. DR means different things to different people – from time, in terms of minutes or weeks, to the extent of what it covers, including critical systems or everything.
The first stage of defining these requirements includes performing a risk assessment often in conjunction with a business impact analysis. This includes considering how much data your business could tolerate losing, and looks at your organisation’s entire IT estate. DR can be an expensive exercise and the initial stage of strategy development can help you with evaluating the risk versus the cost.
Your data could be hosted on or off site; as a result for externally hosted solutions this means making sure your hosting provider has the right credentials (for example, ISO 27001) and expertise to supply the infrastructure, connectivity and support needed to guarantee uptime and availability.
It is also during this phase that you should define your recovery time objectives – the anticipated time you would need to recover IT and business activities – and your recovery point objectives – the point in time to which you recover your backed up data.
Developing the plan
A successful DR strategy encompasses a number of components, from data and technology, to people and physical facilities. When developing the actual plan and the steps within it, you need to remember that it affects the entire organisation.
Connectivity plays a critical role here, specifically in how staff will access the recovered environment, i.e. though a dedicated link or VPN. Is additional connectivity needed for the implementation of the strategy to work? And if so, how much will this cost?
Testing and assessment
The final stage is an ongoing one and is all about testing the plan. With traditional DR it is often difficult to do live testing without causing a significant system disruption. In additional testing complex plans comes with its own degree of risk. However, with DRaaS, many solutions on the market include no impact testing options.
At this point it is also important to assess how the plan performs in the event of an actual disaster. In this way weaknesses or gaps can be identified, driving areas of improvement for future plans.
Getting your business through a disaster and up and running as quickly as possible is critical your long-term success. As a result, DR, and business continuity as a whole, is receiving a lot of attention from CIOs and will continue to top the agenda going forward.