How To Solve The Biggest Problems With Disaster Recovery
by Team Virtiant, on Oct 25, 2017 11:33:53 AM
Read Time: 4 minutes
Does your company process or store data? If yes, your organization definitely needs a disaster recovery program. If you haven’t prepared a disaster recovery plan yet or haven’t updated the plan in recent times, take a look at these numbers from the Aberdeen Group. On an average, it takes 18.5 hours for an organization to resume operations after a disaster. For a medium organization, the revenue loss of one hour of downtime is $7,000. Similarly, large enterprises have to pay $700,000 per loss for 1 hour of downtime. When such large numbers are at stake, it is important for organizations to implement the right disaster recovery strategies to maintain business continuity.
What is Disaster Recovery?
Disaster recovery is a methodology that comprises procedures, policies, and tools that help organizations quickly to recover the vital technological infrastructure from a natural disaster or a security breach. Disaster recovery plans (DRP) enable organizations to resume mission-critical functions after a disaster. Business continuity is different from a disaster recovery. In fact, disaster recovery is a part of the business continuity programs of an organization. While business continuity aims at resuming processes and functions required for the entire business, disaster recovery programs primarily focus on resuming IT processes, data availability, and related processes after a natural disaster or a security breach.
Here are a few best practices that help you in solving some of the biggest problems of disaster recovery programs.
Focus on your organization’s business needs
One of the biggest mistakes committed by organizations is to go after best and popular technologies, processes, or tools. They often forget to determine whether that solution is suitable for their organization’s business needs. Today, you find heterogeneous networks running heterogeneous solutions in every organization. So, “one size fits all” doesn’t suit your requirements.
Before implementing a disaster recovery solution, you should spend time in identifying specific needs of each department within the organization. Data availability requirements are different for each department. For instance, a customer service executive is only concerned with the front-end application and the data related to the customers. When he receives a call from a customer, he should be able quickly to retrieve the customer data and provide solutions accordingly. Similarly, the HR person is more interested in the data related to employee activities.
So, you need to identify how each asset works within the organization. You need to know what you are protecting and how much value those resources offer to your business. In addition to considering the specific needs of each department, you need to determine whether these requirements have the same intensity over a long period of time. For instance, cloud backup appears to be cost-effective at the first sight. However, as the data grows exponentially, the costs increase, too. When you consider data availability for longer periods, on-premise data backup would become cost-effective.
Design a proper DRP
After identifying organizational business requirements, the next step is to create a DRP and get it approved by the all the stakeholders of the company. Identify key assets and define the value of each asset in the plan. The recovery plan should cover all the functional processes supported by IT before, during, and after the disaster. Include all the assets, such as services, network equipment, data center infrastructure, and all applications.
The plan should also include every type of “what if” scenarios. Identify different types of threats at different locations and prepare recovery programs accordingly. For instance, consider there is a network outage at a location but the functions are still intact. In that case, you should have a predefined action to recover that site and ensure data availability. Moreover, you should have an idea if it should be declared a disaster or not.
Another aspect to consider is the change in business technologies and solutions. It means you should proactively monitor changing technologies and implement changes in your disaster recovery plan accordingly. You need to update the disaster recovery plan on a regular basis. Whether there are changes in your business requirements or changes in the technologies, the DRP should always be up to date.
Assess the recovery time
To assess the recovery time after a disaster, you need to assess a recovery window. First, identify all assets and define the value offered by each asset to the business. Then, assess the loss caused by the absence of each asset. When you have a clear picture of the recovery window, you can come up with a perfect disaster recovery plan for a variety of scenarios. This is where the 2 important metrics come into the picture; Recovery Point Objective (RPO) and Recovery Time Objective (RTO). While RPO talks about the amount of time during which the business can sustain the data loss, the RTO talks about the time period between the disaster and the data availability. Another important metric is the Maximum Tolerable Downtime (MTD). It talks about the time period which, when exceeded, results in an irreversible and irreparable damage to the business.
Many organizations work with a common DRP because they think that all the assets should be recovered within a common time frame, but this is not true. You might be able to run the business for 3-5 days without non-critical assets. At the same time, you might be able to run processes for only 3-5 hours without some critical assets. Perform this exercise with all the assets of the organization.
When you clearly define this recovery window, you can design the strategy accordingly. It also puts less pressure on the IT support team because it can recover mission-critical assets that have a 1-hour recovery window first and then work on non-critical assets that have a recovery window period of 1 day.
Testing the Disaster Recovery Plan is the key
Every DRP is perfect until it is tested. So, it is important to run a disaster recovery test to ensure that you have a realistic DRP. The disaster recovery test examines each step in the DRP in a simulated disaster environment. With this test, you can determine if the DRP is able to recover the data and restore critical applications while ensuring business continuity. To get a perfect idea about how well your DRP works, you need to create the simulator as close to your actual infrastructure as possible. Many organizations do not run this DRP because it costs more for the simulated environment as well as running the actual tests.
It is important for organizations to run this disaster recovery test at regular intervals throughout the year. It should also be a part of the staff training and maintenance programs. In addition to running the test, it is important to create audit logs with details of which process has worked according to the plan and which has not. Based on this audit report, you have to make changes to the disaster recovery plan and run the test again.
While performing the test, the focus should be on business applications that run multi-tier systems and involve several dependencies. This test will tell you how the environment reacts when the dependencies are unlocked. Full-scale testing is effective but time-consuming and expensive, so the best thing is run the full-scale testing at least once or twice in a year while running the partial testing more frequently.
As part of your disaster planning and readiness testing, Virtiant is a great solution to run your disaster recovery test. As a standalone solution that runs independently of your primary infrastructure, not needing any component of your primary infrastructure to run a failover production environment - you are able to run tests without disturbing your primary infrastructure, ensuring you have a readily available production environment to failover over to in the event of disruption to your network infrastructure.
Setup realistic recovery goals
Many organizations have failed to implement the disaster recovery plan because they have set the bar very high when it comes to recovering business processes. It is important to understand that disaster recovery comes at a price. When you have the best DR solutions that are tested and proven, you can reduce downtime and revenue losses. However, you have to purchase expensive DR monitoring tools to maintain fully redundant systems that continuously replicate data. Does your organization have the necessary budget to do so? Unlike the insurance segment wherein you invest less and gain more, disaster recovery program investments are proportional to the recovery goals. When you expect to recover the entire data, processes, and applications with zero downtime and zero revenue losses, you should be ready to invest the amount that you did to put the system into production.
A good practice is to compare the high availability Vs failovers Vs backups Vs recovery. Run a business impact analysis to measure the impact of downtime in affected segments and estimate the cost of downtime and data availability requirements along with legal and compliance requirements to come up with a realistic disaster recovery budget.
The DRP should be concise and clear. The primary focus should be on recovering mission-critical IT services. This plan should be tested, reviewed, and updated on a regular basis. Employee training is critical, too. When each employee understands the importance of the disaster recovery program, it becomes easier to implement the emergency response procedures. Businesses that do not have the required resources or budgets to implement the DRP can take the help of managed service providers. At the end of the day, uninterrupted data availability should be the ultimate objective for any data recovery solution. Businesses that have understood this paradigm are sticking to on-premise data backup solutions. When you perfectly plan for the unknown, the disaster would become a known incident. Businesses that ignore this fact are sure to stay out of the competition.