Tips for keeping your business alive during the next disaster
Disasters seem to occur more frequently than ever - cybercrime, fires, earthquakes, floods. Planning for disaster scenarios has become a fixture in all aspects of business and nowhere is it more important than in an organization's IT strategy and system resiliency.
A well-executed disaster recovery plan can be the difference between a business recovering from a disaster or closing its doors. Properly executed, a disaster plan enables a business to continue to serve its customers, produce its products and meet its business commitments to the greatest extent possible, as quickly as possible, following disaster events.
Ideally, preparing for a disaster begins with the design of the IT system. In this scenario, disaster recovery is part of the business's overall IT strategy and system resiliency is engineered in from the beginning. Each service critical to the operation of the business such as email, file storage, e-commerce sites and business applications is identified. Multiple ways to assure continued access or prompt return to service are built-in.
Conducting a risk assessment is a good first step to evaluate the current state of the organization's disaster preparedness. It should identify:
• Business services critical to the company's operation and the timeframe in which disruption of service would cause damage to the business.
• How the services are delivered to the business - secondary or tertiary means of obtaining the service if the primary delivery mechanism is compromised.
• Recovery time objectives for all IT services.
• Perceived risk of damage to the organization - monetary, business reputation and market share, should services become unavailable.
• Regulatory and compliance guidelines, if any, that could be impacted.
The results of the assessment provide a business framework for decision making and options for improvements to disaster planning. This assessment will allow you to balance budget realities against quantified risks.
As with most IT solutions there are good, better and best solutions for dealing with disasters. A well done assessment will help in identifying appropriate trade-offs, balancing potential business impacts, business liability and budgetary realities. Being unable to move immediately to the “best” disaster recovery options should not deter making improvements.
Recommended practice would include:
• Backup of data and system configurations. Backups permit restoration of data should a facility or IT equipment be destroyed, fail, or become compromised. Routinely scheduled backups, monitored for completeness, need to be performed at intervals appropriate to the business, but not less frequently than daily.
Backups should be “off-sited” to a secondary location, ideally geographically distant from the business location, i.e. outside of an earthquake zone. This is a “must have” to assure business continuity.
(Backups must be tested by periodic restoration testing. A backup is only as good as the results of the last successful restore.)
• Imaged systems. Entire servers are imaged and these digital images are sent to offsite repositories. Restoring an imaged system takes considerably less time than rebuilding hardware and restoring data files.
• IT recovery sites are identified and engaged. In accordance with the business's return to service objectives, these sites will contain IT resources configured and ready to be put into production should the need arise. These locations can provide fully redundant systems where data is replicated on an ongoing basis or may simply offer hardware resources onto which applications and data can be restored.
• Network redundancy is established. Redundant equipment and circuits (access to internet, phones and multi-site office connectivity) are deployed to access secondary and tertiary service should a primary service provider experience disruption. Systems are implemented to automatically failover should primary services become unavailable.
• Hosted services may be selected. Hosted networks and applications reside in data centers which, by design have fire suppression systems, built-in redundancies for circuit and power failures and building security. Hosted services often have multiple locations with resources that can be accessed should the initial service location become compromised.
• A written disaster recovery plan is created and communicated to stakeholders. The plan outlines what the business will consider “a disaster” and assigns responsibility for business functions during a declared disaster scenario. Primary, secondary and tertiary communication mechanisms are identified. Restoration of IT services is prioritized and the planned response for each service is documented.
UPDATED: Please read and follow our commenting policy: