Online data backup is one of the best methods for businesses of all sizes to replicate their data and protect against data loss in the event of an IT outage or security incident. While online backup services offer many benefits, they are just one step in protecting your business from having to declare a disaster. You can’t neglect to also have a broader disaster recovery plan in place to ensure that policies and protocols are followed when interruptions occur.
A foolproof disaster recovery plan documents ahead of time an organization’s RPO/RTO threshold, prioritizes business-critical applications, outlines recovery processes and establishes policies to ensure that solutions and processes are tested on a regular basis. Careful planning in these areas is key to successful recovery.
Recovery Point Objective
Defined as the maximum period of time in which data can be lost from an IT service due to a major incident, the Recovery Point Objective answers the question of how much data a business can afford to lose during a major disaster and how much data loss costs. Determining the RPO is essential in deciding the frequency of backups in the disaster recovery solution, weighing costs of replication against those of data loss.
Recovery Time Objective
The duration of time and service level within which a business process must be restored after a disaster, the Recovery Time Objective measures the cost of downtime. How long can an organization afford to be off-line? Calculating this measurement enables companies to take a hard look at their applications and assess what would happen to the business without them for the maximal period of time.
Size of Recovery Site
What is the minimum capacity that the business needs to be operational? What can the organization live with until full restoration is complete? Minimum capacity is dictated by the interconnections of the business applications. Applications that depend on a feed from elsewhere will be crippled if the feeder goes offline. When designing a disaster recovery solution, it is essential to understand which data absolutely needs to be restored immediately, including all the data that is needed to power front-facing applications.
Annual tests are a bare minimum for disaster recovery solutions. Ideally, a test would be carried out whenever a sensitive update is made. The disaster recovery site should be tested after any significant changes, and should include all team members that would be involved in the recovery process.
Create a Full Business Continuity Plan
Disaster recovery and business continuity plans should create a seamless relationship between technology and employees. A communication plan around a data disaster is paramount. Who declares a disaster? Who communicates to customers and end users? Who directs the action plan internally?
Determine a Location for the Recovery Site
Existing organizational practices and relationships with external partners can help formulate options for a recovery site location. Options include: on-premises, colocation, existing host site, cloud vendor and multiple cloud vendors.
A thorough understanding of the organization’s data is paramount, including the interdependence of the data and the recurring costs that the business can afford to pay to mitigate the risks. Like anything else, it’s about managing what the business can afford against what the business can afford to lose, and then working against those objectives. Those are decisions you want to make ahead of time, not in the middle of a disaster situation.
By Larry Novak
With over 30 years of experience in the IT industry, Larry Novak has held a range of IT roles, from CIO and Vice President for the Americas for Samsonite Corporation to Systems Security Engineer for Honeywell. He currently serves as Cloud Recovery Service Manager at ViaWest, a leading Hybrid IT Solutions provider offering cloud, colocation, compliance services, security solutions and professional and managed services, where his current focus is on providing enterprise-wide disaster recovery services to ViaWest clients.
Larry holds a degree in Computer Science from the University of Nebraska, and a Master’s Certificate in Project Management from George Washington University. He is a Disaster Recovery Institute Certified Business Continuity Professional; Certified Business Continuity Professional; and Certified Information Systems Security Professional.