Whether you have a well-rehearsed DR plan in place or are just starting out, here's how to take your strategy to the next level
Nearly every modern business is reliant on data and IT infrastructure, meaning that a disaster recovery plan is no longer a nice-to-have but an essential part of running business operations, as much as no one likes to dwell on the prospect of a disaster occurring.
Disasters can cover everything from minor power outages that take a while to recover from, to hardware failures, extreme weather affecting physical data centres, cyber attacks and even non-technological catastrophes such as flooding, fire or theft at your own offices.
Having a disaster recovery strategy won't prevent a disaster happening, but it will significantly reduce and mitigate its effects. A good disaster recovery plan will help get the business back on its feet quickly and with all the applications that are most crucial to productivity.
So whether you've got a well-rehearsed disaster recovery strategy in place or are just beginning to pull one together, here are some tips to take it to the next level and ensure a speedy recovery.
1- Have full documentation
No one likes paperwork, but fully documenting your disaster recovery plan will make it much easier to get buy-in from senior management, and ensure that key players know what they're doing.
A DR strategy document should cover the aims and tactics of the plan, as well as roles and responsibilities - including emergency contact numbers - guidance for the initial incident response, and who is involved at each stage of the plan.
Documentation also helps in the eventuality that the person in charge of the DR strategy moves on, as decisions and actions can be traced back and implementation can continue with minimal disruption.
2 - Assess the risks
All the best-implemented things in business start with a risk assessment, and disaster recovery is no exception. A good DR strategy will consider all the functional areas of the business, asking what potential threats they face and what IT resources are relied on.
A full IT inventory and data audit can help with this task by identifying both critical software applications, and any hardware infrastructure needed to run them.
A risk assessment should also consider any issues that might affect external partners and service vendors, especially in cloud environments, which in turn will form the basis of your disaster recovery plan.
3 - Drill for disaster
Having an evacuation strategy for your building won't stop a fire happening, but regular fire drills mean that when the alarm goes off, everyone knows what to do and where to be, and will all theoretically get out safely.
A disaster recovery strategy needs the same treatment, with regular, periodic testing to ensure each process and system works as it should. Having an effective DR plan in place is the goal, but it's much more reassuring to know that it will be followed, should the worst happen.
4 - Prepare for different disaster levels
There are many different types and scales of disaster, and sometimes just a small disaster can lead to a longer outage if organisations aren't prepared.
A good DR strategy will have different levels of response detailed for different levels of disaster, ensuring that smaller problems can get the right teams dealing with them straight away.
5 - Consider the cloud
Yes, disaster recovery as a service (DRaaS) is a thing! Not all cloud-based disaster recovery systems are the same or work the same way; some offer cloud-based backup and recovery, while others use virtualisation to maintain a copy of your servers and applications, while data is replicated from production systems to the virtualised failover systems.
Cloud DR has its pros and cons, but as with many cloud-based services, it's accessible to a wide range of businesses without the upfront investment costs of backup and recovery hardware.
6 - Prioritise resilience
Disaster recovery is one of the IT services organisations pay for in the hope it never gets used. That's why it's important to make resilience a guiding principle in your IT infrastructure.
Ensuring your infrastructure is resilient comes down to a combination of good practice and investment in technologies and services that both support the business, and minimise any risk of failure.
The most important principle when aiming for resilience is to avoid having single points of failure. If a key application runs from a single server, and can only run from that server, then that's a potential weak spot.
As part of your disaster recovery strategy, assess the resilience of both the hardware and software in your organisation and see if there are any areas for improvement.
Fail-over connectivity, uninterruptible power supplies, backup generators and backup servers can all help reduce the risk of failure.
7 - Evaluate security practices
Security is a separate topic in itself but is inextricably linked with your disaster recovery strategy. In theory, good security practices will minimise the risk of that DR plan ever having to be enforced.
Nonetheless, as part of a comprehensive DR strategy, potential weaknesses in security should be evaluated, and action taken if necessary to strengthen them, as well as a plan for what happens should particular defences be breached.
8 - Revise and revisit
It's tempting to shelve your DR plan once it's all in place. But as quickly as new technologies are adopted, new staff come on board and situations within the business change, so the strategy should be revised. If a new cloud technology is implemented for example, a disaster recovery plan should be updated with the specific strategy for that particular tool, including how and where the data is being backed up, and how to recover it.
9 - Build a critical response team
A step-by-step recovery strategy cannot be implemented without the personnel needed to bring systems back online. A critical response team should include any external contacts, such as software vendors, in addition to existing internal staff.
Disaster recovery roles and responsibilities need to be clearly defined, highlighting the need for comprehensive documentation and training. Larger enterprises with more distributed resources and expertise will find themselves better able to action a recovery plan as they can leverage resources from multiple locations, depending on the type and location of disaster experienced.
Ironically, it’s best practice here to back-up your back-up team. Through ensuring that each role within the team has a shadow member, you can rest assured that in an untimely case of disaster, there is somebody who can still step in to fill the vacant role.
Communication across the team must also be considered. Having multiple ways of contacting each member, and having contact details clearly marked on the recovery plan itself can enable a rapid, effective response.
