Best Practices in Disaster Recovery

Hope for the best, prepare for the worst, and expect to be surprised. While that bit of proverbial wisdom certainly isn’t new, it seems almost tailor made for anyone dealing with disaster recovery (DR) in the modern world of business IT.

Ensuring business continuity in the face of a natural or man-made disaster may seem like a daunting task. Luckily, today’s cloud-based computing platforms are particularly well suited to meet the DR needs of most businesses. However, the versatile, decentralized nature of the cloud is wasted in the absence of a proper, well tested DR plan and the ability to adapt to changing, often unforeseen circumstances. So in the following article, we’ll take a look at some best practices for utilizing the cloud to develop your own DR plan in order to help maintain business continuity during a disaster.

1. Understand The Difference Between Backups And DR

When it comes to disaster recovery, having current backups of your company’s data is essential. But it’s important to understand that simply scheduling regular backups is not enough. It’s merely one component of a much larger process. After all, what good is backup data if you have no means to access it when it’s urgently needed? It’s like having an empty fire extinguisher or a parachute with no ripcord.

If and when a disaster strikes, you need a well-tested process in place to quickly retrieve and restore your company’s backup data. Otherwise, you might as well not make backups at all.

2. Identify Critical Data And Utilize Cross-Regional Backups

As mentioned above, regular backups are a crucial component of any disaster recovery plan. But as with most things in the IT world, there are always trade-offs between time and money (more on this later). That’s why it is extremely important to identify mission-critical data and applications when crafting a backup strategy as part of your larger DR plan, and choosing how your data will be stored (snapshots, machine images, etc.). This option varies depending on what service you are using (AWS, Azure, etc.), so some research will be required to figure out the best fit for your business.

While choosing what data to prioritize and how it will be stored is critical, choosing where this data is to be stored is equally important. Storing your backups in close geographic proximity to your primary production environment defeats the entire purpose since there’s a chance a large-scale disaster would knock everything offline, leaving you with zero options. To better protect your data, it’s essential to utilize the global reach of cloud computing. Larger providers such as Amazon Web Services (AWS) and Microsoft Azure offer storage in various geographic regions around the world, so make sure your backups are being kept well out of harm’s way.

3. Determine Your RTO & RPO

Speaking of time vs. money, it’s also of critical importance to determine your company’s recovery time objective (RTO) as well as its recovery point objective (RPO). Your RTO is the maximum length of time the disaster recovery process can take without inflicting unacceptable monetary losses on your bottom line. In other words, ask yourself how long your company can be offline before it starts hemorrhaging unacceptable amounts of cash.

On the other hand, your RPO is the maximum amount of data loss you are willing to accept as measured in time. The answer to this question determines how often you are willing to pay for backups. For example, if the idea of losing five hours of data due to a disaster gives you a panic attack, you need an RPO of less than five hours (perhaps much less). But if losing five hours worth of data isn’t the end of the world, an RPO of five hours or more might be a good fit. At the end of the day, it’s up to you to run the numbers and see what makes the most sense for your organization.

4. Choose A Specific Disaster Recovery Method And Test For Weaknesses

Now that you’ve determined the specific DR needs of your company, it’s time to decide which specific DR recovery method makes the most sense. While there are many options depending on your preference for saving time or money, here are some of the most common methods listed from slowest/cheapest to fastest/most expensive:

• Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time consuming.
• Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed.
• Warm Standby: This method keeps a duplicate version of your business’ core elements running on standby at all times, which makes for little downtime and an almost seamless transition.
• Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company’s data/applications between two or more active locations and splits your traffic/usage between them. If a disaster strikes, everything is simply rerouted to the unaffected area, which means you’ll suffer almost zero downtime. However, by running two separate environments simultaneously, you will obviously incur much higher costs.

In the end, even the best DR plans may run into trouble when faced with the unforeseen problems of the real-world. So once you’ve settled on a disaster recovery method and have everything up and running, it’s extremely important to test its effectiveness. Fortunately, the fact that cloud platforms allow users to create duplicate production environments means testing your DR plan against various scenarios has never been easier. The more you test and retest your DR plan, the better prepared you’ll be in the event of an actual crisis. Remember, an ounce of prevention is worth a pound of cure.

5. Consider The Potential Benefits Of Disaster Recovery As A Service

While disaster recovery is often handled in house, more and more businesses are turning to third parties to implement and maintain their DR plans. Just as insurance policies allow businesses to mitigate the risk of property damage and financial loss, treating disaster recovery as a service (DRaaS) allows companies to focus on core issues while at the same time having the peace of mind of knowing their data is safe. So it’s no surprise that surveys have shown IT professionals who utilize DRaaS are significantly more confident about their company’s DR plans than those who do not. And while utilizing a third-party vendor for DRaaS might not make sense for all businesses, it’s certainly an option worth exploring.

By David Gildea