Disasters come in all sizes. Whether it’s a server crash, human error, a natural disaster, or an act of terror – how well your company weathers a disaster depends on how prepared you are. And that preparedness begins with a disaster recovery plan (DRP).
Surprisingly, many companies aren’t thinking ahead. Citing the results of its survey in its 2014 annual report, the Disaster Recovery Preparedness Council notes that “more than 60% of those who took the survey do not have a fully documented DR plan.”
That statistic aside, evidence indicates that proactively establishing a documented set of procedures will give you a greater chance to restore your IT infrastructure following a disaster.
So, as you’re developing your survival solution, consider these three essentials for an IT disaster recovery plan that you really can count on:
SURVIVAL REQUIRES A TECHNOLOGY COMPONENT
Until recently, the investment in hardware, software, time, and expertise required to implement an effective DR strategy was something that only larger organizations could afford.
The cloud has changed that. Today, affordable and effective data backup, remote storage and recovery, and business environment recovery capabilities are offered as-a-service (DRaaS) – opening up a whole new world of possibilities for SMBs in particular.
Hosted solutions offer accessibility from anywhere and any device (a bonus for disasters that affect building accessibility), a failover plan for scheduled downtime, and naturally support the “old fashioned but still highly valued practice of securing your data with a copy held off-site,” notes Sean Warde, owner of Pennine IT Services.
Sam Somashekar of Chateaux Software cites the operating vs. capital expense aspects of a cloud-based DR solution, the flexible pay-per-use resources, automated recovery processes, and better tracking for recovery time objective (RTO) and recovery point objective (RPO).
Drawbacks of the cloud often are driven by the wide variances in security, reliability, and customization among an overabundance of service providers. It’s important to shop around for one that can provide the capabilities and the service levels you need, and that is certified with credentials (such as SAS 70) that can serve as an indicator of service quality, security, and compliance.
“At the end of the day you can chose whatever technology you want for ensuring recovery in case of a disaster,” says Thomas Kuhlmann, director of A Quarter IT and program transformation manager at Pitney Bowes in London. “The problem with disaster recovery plans is rarely the technology side.” Which brings us to our second essential.
SURVIVAL RELIES ON THE HUMAN COMPONENT
“The biggest problem,” Kuhlmann continues, “seems to be the human component. I have seen many organisations spend time and money on developing a plan, just to put it into a drawer and look at it once a year (at best).” A lot can change in a year.
To ensure that your DRP is in shape and in step with your changing data center environment and business needs, it needs a “human” touch and some nurturing. For example:
- Ensure that ongoing changes to the data center environment are reflected in your DRP
- Actively manage the plan to confirm the effectiveness of the recovery processes that are in place
o e.g., check that ongoing data backups are happening and that information is being synced with your secondary systems
- Regularly check the functionality and “fit” of your DRP in relation to your evolving business processes and IT environment to make sure the plan remains relevant
- Test, test, test, and test again to make sure your plan actually works – before you need to rely on it
The Disaster Recovery Preparedness Council survey reveals that 23% of the participating organizations never test their DRP. Another 33% test their DRP only once or twice a year, and of those, more than 65% fail the test.
Perhaps the most human aspect of the survivability picture is in the continuation of business after a disaster. Business continuity has less to do with the technology aspects and more to do with the user aspects of how information and applications can be accessed and utilized in an emergency – particularly for those users who likely are not as familiar with access to systems from outside of the office.
Super Storm Sandy, which hit the New York City and New Jersey areas hard in October 2012, caused unprecedented destruction – including flooding to New York’s subways and roadway tunnels; extensive power outages; and costly structural damage that restricted access to offices and plants – in some cases, for weeks and months following the storm.
The ability of IT to switch over to a backup IT infrastructure – and provide reliable remote accessibility to systems and apps for employees – was critical to the continuation of business for the companies affected by Sandy. Therefore, the ongoing, proactive IT change process, management, and testing of DRPs as well as user awareness and training before the storm made a significant difference between a company’s ability to continue its business despite the conditions – or shut its doors as a result of this natural disaster. Which leads us into our final essential.
SURVIVAL TAKES A VILLAGE
“It is easy to think of a disaster recovery plan as an IT problem,” says Kuhlmann. “But it is a business problem because you do require buy-in at so many levels.”
Kuhlmann is referring to the roles within your IT organization, the business people in your company, as well as service providers and outside vendors – all of whom are critical cogs in the ongoing support and ultimate implementation of your DRP should a disaster occur.
Incorporating ongoing technical changes in your data center environment into your DRP should be straightforward – a process shift. “The bigger change is on the human side,” Kuhlmann notes, “ensuring that you have access to all the relevant contacts, both at your provider…and internally” when you need them.
DR planning, it seems, takes a village. Making DRP responsibilities part of a business person’s written job description is one way to hold people accountable to their roles, Kuhlmann says. “When a key player leaves the organization, HR and the respective department should ensure that somebody else can take over the role, and IT should be informed of the change.As is true of so many aspects of the DR process, when a disaster hits, it’s too late to find out that a person with a key role in the contingency plan has left the company.