Disaster Recovery Myths - and How to Manage Them
Disaster recovery is one of those topics that isn't particularly complicated, yet is easily misunderstood. It is, nonetheless, a crucial aspect of technology management. The cost of a disaster can be tremendous, and with no fast route to recovery, an adverse event can have game-changing consequences for a business.
Getting backup and disaster recovery right is not that hard, yet 50% of UK businesses are leaving their data at risk, according to a 2018 survey. Though businesses generally make some effort to guard against disaster, plenty of disaster recovery myths persist. In this article, we tackle those myths and propose steps to ensure a reliable disaster recovery scenario.
What mistakes do companies make in disaster recovery?
Just like a lot of IT management issues, senior staff often fail to think through strategies which may have been in place for many years. When it comes to backup and disaster recovery, these are the most common mistakes companies make in their approach:
Disaster recovery addresses only big events like fires, earthquakes and floods
Though all of the above qualify as disasters, from a business continuity perspective, disaster recovery must be defined much more broadly. Business continuity depends on many other factors. A disastrous break in business continuity could be triggered by more common events such as the failure of physical equipment, a software bug, or a dropped internet connection.
In other words, when planning an approach to disaster recovery, companies should look at any and all factors that could cause a very disruptive failure in business continuity. And no, living in a zone free of natural disasters does not mean your company is immune to the risk of disaster.
Neglecting disaster recovery because it's too expensive
The problem here is two-fold: first, businesses can suffer tremendous harm if a disaster occurs without a recovery plan in place, in fact, it could mean complete business failure. Disasters cannot be ruled out, so a business should consider the minor expense of investing in disaster recovery in the light of the costs of going out of business.
Disaster recovery is not prohibitively expensive. Planning for continuity costs little, and putting in place solutions that depend on virtual replication in the cloud can be very affordable. Disaster recovery will take some time and energy from technology management, but the effort may very well pay off.
Backups are set, so disaster recovery is a non-issue
Performing regular or continuous, live backups is just one of many steps that ensure business continuity when disaster strikes – but backups on their own are not the full solution. First, there's the question of restoring backups, many companies fail to test backups to see whether data can readily be restored.
Disaster recovery plans (DRP) cover a range of steps including the restoration of backups. A DRP recognises that data is just one issue: service continuity is an altogether different problem and is arguably the key cog in effective disaster planning.
Focusing on risks instead of continuity
It makes sense to try to tackle disasters from the view of potential risks. Hedge against these risks and disasters can be avoided. However, it can be very difficult for a business to guard fully against every conceivable risk.
Instead, disaster recovery should be concerned with continuity and resilience. In other words, your technology infrastructure should be able to cope, or at least be easily restored to a reasonable level of functionality, regardless of what goes wrong. Taking the resilience approach implies that your DRP is valid, even when the adverse event challenging it was never envisioned.
Easy steps to getting disaster recovery right
Looking beyond the narrow view of natural disasters as the risks on the one hand, and backing up data as the solution, on the other hand, is a start. Costs should not be a deterrent either. Even for companies on a tight budget, a disaster recovery plan can still make the difference between a quick recovery and a prolonged outage. Here are some important points technology leaders should consider:
Establish an inventory
Understanding the source of possible points of failure is important. This includes building an inventory of software, hardware, connectivity and the processes your business depends on. Next, your business can rank the most critical parts of its technology estate, and ensure these feature prominently in a DRP.
Plan staffing and communication
When disaster occurs, key staff should know how to set recovery in place. Staff also need to know the key contacts at vendors. At the same time, those responsible should be thoroughly versed in the DRP. Working lines of communication during a disaster recovery process is also crucial.
Control security and sensitive information
A disaster could be the gateway for cybercriminals or the accidental loss of sensitive information. DRPs should take into account the maintenance of security and the protection of any sensitive information your company holds.
Test and revise
Carefully considered DRPs can easily fail when encountering the real world. Testing, therefore, is a core part of a successful data recovery strategy. By testing plans, your company can iron out wrinkles in the disaster recovery process while it has the time to do so, not when faced with loss of business continuity.
Get SLAs right
Service level agreements (SLAs) determine how quickly your technology partners must react to any of your urgent requests. Chances are you might need your outsourced IT partner on board fast when disaster occurs, so make sure you have quick service available should you need it.
Getting disaster recovery right is less about spending money and dodging risks than it is about planning and understanding what it is that ensures business continuity. Though disaster cannot be ruled out, resilient businesses with a solid DRP in place can and will recover quickly and with minimal cost.