Disaster recovery (DR) allows businesses to return to normal operations after a catastrophic event, such as a cyberattack or natural disaster, and it’s one of the IT department’s primary functions. However, DR planning is a company-wide responsibility, especially as organizations become increasingly dependent on their data in an era of digital transformation.
With IT departments forced to manage growing volumes of data, customers becoming less tolerant of downtime, and with an increase in the number of malicious attacks on companies, DR planning is more important than ever.
The international standard for business continuity, ISO 27031, provides a framework of processes to optimize an organization’s DR planning, but potential pitfalls persist. Here, we outline some of the main challenges of DR planning and offer solutions to help you avoid them:
DR planning is important, but it need not be overwhelming. Armed with the right information, you can prepare a comprehensive, logical recovery plan that avoids the mistakes below and will return your business operations to normal as quickly as possible should the worst happen.
The most flawed DR plan is a nonexistent one. Even though the downtime resulting from a disaster could cost some companies more than $5 million an hour, not every company has a DR plan in place.
It does not have to be complicated. Small businesses could rely on regular backups to disks stored offsite or in the cloud, with a plan for how to access the data and restore operations in the event of a disaster. Bigger organizations will need more detailed arrangements about which applications need protection and how they should be recovered. The plan needs to set out the order in which each platform must be recovered.
- Even if you do have a DR plan, there is no room for complacency.
- Is your plan comprehensive?
- Does your DR plan cover all applications and all their interdependencies?
It’s simply not enough to provide DR for mission-critical applications and move on. If those mission-critical applications are missing data or connections to less critical applications, it will take longer to stand up the environment. Furthermore, if your plan does not set out the recovery point objective (RPO) and recovery time objective (RTO), you won’t know how far back to go to secure a clean, stable set of applications and data and how quickly you need to do it.
Failing to Test Your Plans
If you do have a proper DR plan, have you tested it recently? You will never know whether your DR plan is effective if you don’t test it, yet close to a quarter of organizations never test their DR plans.
Adequate DR testing can be costly and disruptive, but the effort and expense pales in comparison with the impact of a failure to recover from disaster. This is something that IT leaders need to highlight to those in charge of budgets. Strong advocacy is required to counter any reluctance to test on the part of business leaders.
When you do test your DR plan, you need to ensure that lessons learned are incorporated in the updated plan. This is a cycle that needs to be repeated on a regular basis.
The rise of cyberattacks, particularly ransomware, has put data recovery planning back in the spotlight. Your data recovery plan must allow for air gaps between production systems and backup copies by duplicating production data on an offline secondary storage system. This is because cyberattackers have learned to focus on data backups first.
During a crisis such as a disaster recovery situation, it is vital that you maintain clear lines of communication and command. Your DR plan should specify who can implement it and set out how key staff will continue to communicate during a disaster. Testing will highlight any failures in command and control. You also need to make provision for ongoing communication around DR, not just when disaster strikes.
Overlooking the Human Element
IT departments will tend to focus on systems and data when managing DR planning, but a comprehensive plan will also consider where and how staff will work during and following a disaster.
- If employees are told to work from home, are they equipped to do so? And for how long?
- Will they have adequate bandwidth?
- How will they meet clients? What can you do to mitigate the effects of isolation?
These are just some of the human elements of DR planning that can be overlooked.
An optimal DR plan enables you to resume operationality and gain access to your data and systems using a secondary environment, before reverting to your primary environment when the disaster is over. Creating a DR plan entails the following:
- Completing a comprehensive analysis of your business processes, data requirements, and technology infrastructure and how they should be managed in the event of a disaster.
- Implementing the DR plan in phases, starting with regular backups of data.
- Regular testing to ensure that the plan works and updating the plan with new learnings.
- Maintaining the plan to reflect changes to the organization or its infrastructure.
How Device42 Can Help
DR planning can be challenging, but we have tools that can help, including application dependency mapping (ADM) to give you visibility of your entire environment. ADM is invaluable for creating a disaster recovery plan because the complete overview of flow and dependencies it gives you allows you to create a plan that minimizes the potential for systems and applications failing in a disaster.
It also facilitates business continuity in the event of an outage by making it easier to determine which applications or components are affected. This allows you to find the source of the problem immediately and restore your systems more quickly.
If your disaster recovery plan needs attention, we can help. Download a 30-day trial to see just what a difference our IT discovery solutions can make to your business.