Dave LeClair is VP of Product Marketing at Unitrends.
The start of hurricane season is always a great reminder about the importance of having an iron-clad disaster recovery strategy in place to protect vital data, systems and infrastructure, and to maintain business continuity in the event of an outage. Even a small amount of downtime can be detrimental to a business. According to the 2014 State of Global Disaster Recovery Preparedness report, the cost of losing critical applications to system outages can be as high as $5,000 a minute.
Most companies today have some sort of a disaster recovery “plan” in place, but many lack specificity and fail to take into account various types of disasters. For most of us, when thinking about events that can affect business operations, natural disasters – like hurricanes, tornadoes, fires and floods – often come to mind. And while these are certainly possibilities, most outages are caused by much less extreme factors, such as hardware failure, file corruption, cyberattacks and human error. True disaster preparedness means anticipating all different types of disasters and then developing customized plans for each that enable a business to maintain operations no matter what is happening around them.
With this in mind, here are three tips to consider when developing and implementing your company’s disaster recovery strategy.
Your People Are Your Most Important Asset
Obviously, the well-being of your employees in a disaster situation is more important than anything else, and establishing safety protocols and procedures should be your first priority. From there, identify key operational personnel – those people without whom your business can’t operate – and provide them with the ability to work remotely or from a secondary location when a disaster strikes. Determine the steps that will be required to get those employees online and communicating with each other in the event of an outage, and make sure they have quick and easy access to the business-critical data, systems, servers and other infrastructure they need to keep the business running.
Consider creating a contact database that includes the names, phone numbers and email addresses of all personnel who have a role in disaster scenarios, so in the event one mode of communication is down, you’ll be able to reach them via an alternate method. Instituting a phone tree or automatic notification system, as well as a chain of command to keep processes running smoothly, are also good ideas.
Remember to look beyond IT when identifying personnel that will play a key role in disaster situations. Successful recovery plans apply to all critical business departments and connect the appropriate people in the right way.
Once you’ve identified key personnel, turn your attention to the vital operational processes that each employee needs to handle in an outage scenario. It’s important to provide step-by-step guidelines outlining each person’s responsibilities, clearly communicate those to each employee and then schedule continuous practice sessions to ensure each role will be executed flawlessly.
Technology is the Foundation Upon Which Your Plan Should Be Built
Backup and replication technologies are the foundation of any modern disaster recovery plan. IT personnel should work with their executive team and other key stakeholders to identify their business-critical infrastructure – data, systems, servers and applications – and make sure they are being backed up and replicated to an offsite location.
Backing up and replicating data to a secondary site provides an added layer of redundancy. In the event your primary data center goes down, critical information and systems are still available via that secondary site, and business operations can proceed unaffected. More companies are turning to the cloud for backup and replication because it provides a fast, cost-effective and efficient way of storing data, systems and infrastructure, and enables retrieval of critical assets within minutes of a declared disaster.
It’s also a good best practice to store your disaster recovery plan online or in the cloud where your people can access it anytime, anywhere in the event of a disaster, rather than just locally somewhere inside your facility. If a disaster strikes, you may not have access to your facility and the information within.
Once everyone agrees on what infrastructure must be protected, you need to define recovery time objectives (RTOs) and recovery point objectives (RPOs) to ensure data, systems, servers and other infrastructure can be recovered within required service level agreements (SLAs). RTOs, the amount of time a system can be down without causing too much damage, and RPOs, the amount of data that your company can afford to lose without severe consequences, are where it all begins from a data recovery standpoint. Recovery processes that align with defined RPOs, RTOs and SLAs means minimal revenue loss and brand damage if the unthinkable occurs. Every part of your disaster recovery plan – people, processes and technologies used – should work toward meeting your RPO, RTO and SLA requirements.
Testing is Vital to the Recovery Process
Because business needs and data centers are constantly evolving, it’s important to regularly review your disaster recovery plan to ensure its continued relevance. Consistent testing is also required to ensure employees will execute their roles flawlessly, and data protection technologies will restore business-critical assets within specified RTOs, RPOs and SLAs. Think of your disaster recovery plan as a living document, one that needs to be constantly modified to ensure continued effectiveness as your business grows and requirements change.
As much as possible, use automated processes to foolproof your disaster recovery response. There are new recovery assurance tools available that automate disaster recovery testing to ensure that your environment is certified and ready at all times. The bottom line is that a disaster recovery plan is worthless if you don’t test it. You’ll never know if it will work when you need it to, and you don’t want to find out it has failed after a disaster has occurred. Treat disaster recovery testing as a standard business practice. Set a goal to review your plan, processes and technology on, at least, a quarterly basis. Automated testing can allow you to test daily, if desired.
Recovery Assurance is Priceless
The goal of any disaster recovery plan is to minimize operational risk in the face of downtime, an outage or a disaster. While successful recovery strategies often require an upfront investment in time and budget, you’ll find that you can’t put a price tag on recovery assurance. Knowing vital corporate assets are protected and recoverable, and business operations will remain unaffected regardless of the situation around you, provides IT and executive professionals with peace of mind that many would argue is priceless.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.