Disasters don’t care how big your business is. Find out here why it pays to plan ahead.
Disaster recovery is something that businesses of any size need to take seriously. Disasters don’t care who you are or what size your business is – they can strike any company at any time and can be anything from a fire or flood, a burglary, power failure, or a large-scale cyberattack.
It’s therefore important to have a plan in place to highlight what actions you’ll take should disaster ever strike. As the day-to-day running of most businesses now relies on IT to some extent, it’s likely that such a plan is going to primarily focus on getting systems up and running again.
At its simplest level, this means having a backup of your data and a system to restore it to but there are of course other considerations, such as finding alternative accommodation, arranging internet connections, phone lines and so on.
As a starting point you need to understand where your systems are. Are they run on in-house servers or in the cloud for example? You also need to prioritise your systems, which means deciding which ones are most vital to your business and should be recovered first. Others that are less important can be left until the core business is up and running again.
Disaster recovery as a service (DRaaS)
Increasingly, cloud disaster recovery services are being offered that allow the provision of secondary IT resources in the cloud. This enables the rapid recovery of business-critical infrastructure in the event of a disaster.
It’s important not to confuse this with backup as a service, which allows you to save copies of your important data in the cloud. DRaaS is a far more comprehensive offering that provides a complete shadow of your production systems in a separate off-site infrastructure.
It works by having computing, storage and networking capacity available on cloud servers so that your workload can be fully duplicated, allowing you to be up and running again in a much shorter time than if you had to restore data onto replacement systems from a local or cloud backup. If most of your systems are already in the cloud then the process can be even easier.
Disaster recovery as a service (DRaaS) is particularly appealing to smaller and medium-sized business that don’t have the resources to build and test a recovery plan themselves or to maintain their own ‘hot swap’ recovery environment.
DraaS offerings are not all the same, however, so it’s important to choose your supplier with care. You also need to be able to trust your provider to keep your data secure and to recover your systems within the agreed timescale and meet other critical objectives.
Choosing a supplier
The key consideration for any disaster recovery as a service (DRaaS) deployment is that it needs to be able to provide full functionality of your critical systems in an emergency. This is a serious commitment so outsourcing it to a third party shouldn’t be a decision taken lightly.
There are some key points to consider when choosing a supplier. The first is whether a single copy of your systems is sufficient. If you are looking to provide 100% business continuity in the event of a problem, then you may want to consider parallel deployments in order to deliver full redundancy.
Secondly, how will the solution cope with multiple sites? Many companies have IT distributed across multiple locations. You need to understand how this will work if your disaster recovery is unified into a single cloud-based platform.
Look too at what happens when a problem does occur. Is the switch over to the recovery system triggered automatically in the event of a failure, for example? If not, then you need to understand how the switchover from normal running to disaster recovery will work. Look carefully at the service level agreement and see what limits there are on how long the switchover will take in terms of time and also the number of transactions handled.
You need to ask any potential provider what measures they have in place to protect their own systems. Do they have a second data centre that they can switch to quickly to ensure continuity of service for example? If so, where is it in relation to the main data centre? Is there a chance that both could be struck by the same disaster?
It’s worth speaking to other customers to see how satisfied they are with the service and how well it works. You need to be sure that the disaster recovery vendor can deliver a service that will maintain the adequate performance of your systems and allow you to continue the smooth operation of your business.
Accessing and securing data
With any service to which you are entrusting your data – whether storage, backup or disaster recovery as a service (DRaaS) – you will need to be certain that your information is going to be properly looked after.
This covers a number of areas, for example, will the data be stored in accordance with legislation such as GDPR or industry-specific compliance rules such as those applying to the healthcare or finance industries?
Will stored information be encrypted? This too is important, not only for the stored copies of your systems but also to protect data in transit. You may want to go the extra mile of having a safe copy of your data by still maintaining your own backups, either to local storage or to another cloud service.
Recovering from disaster
Should your business ever experience a disaster, you need to think about how you are going to recover from it. No matter what service you are using, you still need to have a plan, and how this works will depend to some extent on what type of disaster you experience.
In order to access your recovery system, you will need two things: desktop hardware and a connection to the internet. That sounds simple, but in the event of a fire or flood in which your office building is affected, you will need to know where you can source these things.
Do you already have other sites from which your staff can work, or will you need to rent space elsewhere? If the latter, you need to make sure that appropriate connectivity is available. You also need to think about where you would source alternative hardware. Buying PCs off the shelf may be simple enough, but significant work will be needed in order to configure them to access your systems securely.
In the event of problems such as failure of the power supplies, you may still be left with hardware that you can’t use and again you need to look at alternative sites and whether you need to move staff or machines. A problem such as malware disabling your systems means that you may be able to stay in your office, but you need to make certain that any endpoint systems that are used to access recovery systems are scanned and certified as clean before connection, to ensure that your backup systems don’t become infected too.
Consider your mobile workforce or staff who work remotely. Their laptops and other hardware are capable of accessing your main systems, but what happens them when you need to switch over to the recovery system?
The bigger your business is, the more complex disaster recovery planning becomes; more people means more equipment and more systems to consider. It’s vital to have people in place to manage the process and this means having a written recovery plan and ensuring that everyone is appropriately trained so they know what steps to take to put it into effect.
You will also need a means of contacting the key people in the event of an emergency and a way of alerting other staff either to go to an alternative site or to stay away from their place of work.
Of course, a plan is only useful if it’s kept up to date. You should treat your disaster recovery plan as a living document and make sure that it is reviewed and updated regularly. There’s no point opening your carefully prepared plan only to find that the people you need to contact no longer work for the company.
Finally, don’t store your plan solely on your computer. Make sure you have hard copies as well as an offline copy on CD or flash drive that can be accessed on any PC. And make sure that at least one copy is stored in a safe location off-site.
You never know when disaster might strike and you need to be prepared for when it does.