Every business needs an IT disaster recovery plan that provides step-by-step procedures for recovering any disrupted systems and returning them to normal operation. The process of developing the plan, helps identify critical IT systems and networks, whilst assessing the required recovery time and defining the actions needed to restart, reconfigure and recover them.
Instead of outsourcing responsibility for disaster recovery, it's possible for businesses to undertake more of the work themselves, protect their operation and cut costs by only paying when, or more accurately if, disaster strikes.
Building the plan
The following steps will help businesses build a tailored recovery plan that will ensure the impact of any disaster is minimised:
1. A business impact analysis - to identify and prioritize critical IT components and systems, whilst also establishing the ‘maximum acceptable outage' (MAO). This is the time needed for a recovery to become effective before compromising the ability of the business to survive.
2. Identify preventive controls - these measures reduce the effects of system disruptions and increase system availability, highlighting the need to regularly review options for creating a more robust and recoverable infrastructure.
3. Develop recovery strategies - to ensure the system can be recovered quickly and effectively following disruption, with a plan for communicating the situation to all employees.
4. Contingency planning - offers detailed guidance and procedures for restoring damaged systems and should contain contact details for any third-parties needed to assist in the recovery
5. Testing the plan - identifies problems with the plan and offers the opportunity to train everyone for activating the plan. It identifies areas for improvement or change and can be done without serious disruption to the business. The test must be as real as possible, while there is time to check things before it happens for real.
Once finalised, it's essential to test the plan regularly. This keeps it current and takes account of changes to the business operation and infrastructure.
Do It Yourself
Backing up data is important; checking data can be recovered from the back-up is essential. The age of the backed-up data is another point of risk and a business will have to assess how much data they are prepared to lose. Generally, the more current the back-up, the more expensive the solution, but for smaller businesses back-ups are usually done at the end of the day, which risks the day's data up to the point of failure.
The data is backed-up, but what will the data be recovered to, if the IT system, servers, applications, licenses etc. are no longer available?
There are many options, but most incur costs that SMEs find prohibitive, so the temptation for many is to risk running their business without any proper disaster recovery plan. When even a short interruption to operations can mean the end for many businesses, it makes paying the high costs associated with real time data replication to duplicate servers in different data centres, perhaps more understandable.
At the other end of the scale, we have the management undertaking most of the responsibility themselves, with perhaps a greater risk to the business continuity accordingly, but at a much reduced cost. This is the balancing of risk against cost that smaller businesses must weigh up.
Innovative solutions like Inactive/Active Disaster Recovery are entering the market in a bid to address the needs of smaller businesses and help them protect their future, without incurring regular high costs. An assessment is made of the IT infrastructure a business needs to function normally, recording all the necessary information to create a copy of the IT environment at extremely short notice - usually within 24 hours.
Server space is guaranteed, with the required power and communications to turn this virtual, inactive environment, active, as soon as disaster strikes. Unlike traditional recovery methods, after the initial consultation fee, there is only a small annual maintenance charge to pay until the service is required. Once active, the client supplies the latest backed-up data, sending tapes or hard drives by courier if necessary and only at this point are the costs of new hardware, software licensing etc., incurred.
Businesses are unlikely to be affected by a major disaster, yet many continue paying for a service they will never use on top of the insurance they have to cover their assets. So with a little planning and by using innovative solutions like Inactive/Active DR businesses can protect their operation and free up budget to invest in their future growth, rather than worrying about things that might never happen.
Matt Rhodes
