Understanding your Disaster Recovery readiness

I recently read a statistic from Gartner’s 2015 Business Continuity survey stating that 72 per cent of firms surveyed had to use their IT disaster recovery plans. I found that stat quite staggering, considering a report from Forrester that suggested that the vast majority of disasters are either operational failures such as power failure, IT hardware failure or they are human caused events. Human caused events can include human error, malicious security outsiders or insiders, and terrorism.

What is also staggering is the impact of downtime, which for me demonstrates how critical planning for disasters is from a business continuity perspective. According to a Sigma 2014 survey on Natural Catastrophes and Man-Made Disasters, the total economic losses for disasters in 2014 reached $110 billion (£77bn).

Is your Disaster Recovery plan up to scratch?

In my view, too many organisations are really only paying lip service to their Disaster Recovery (DR) planning and don’t test their readiness nearly enough. Historically the problem has been that DR was seen as rather expensive and therefore only applicable to larger enterprises or to certain mission critical industry sectors such as financial services and ecommerce. Since the advent of cloud, the DR world is changing and one cloud technology that is starting to mature is Disaster Recovery as a Service (DRaaS). According to Gartner, the DRaaS market has developed greatly since 2013 and solution offerings have grown and diversified with monthly service costs dropping, leading to a wider appetite for DRaaS across organisations of all sizes, not just larger businesses.

Many organisations still have traditional Disaster Recovery systems and infrastructure in place and as a result believe they have their DR sorted. However, for those organisations, how many of them are regularly testing their DR systems and how many are confident that they could fail over to another site and recover quickly from a disaster? Is there still a belief in companies that 'it won’t happen to me'? The statistics make me wonder if folks think about DR as planning for natural disasters rather than the more likely occurrence of man-made issues, which by all accounts equate to 50 per cent of DR problems.

Time for a new approach

Legacy Disaster Recovery infrastructure is not only costly and cumbersome, but should a disaster actually strike, I wonder how many organisations could rapidly get their systems and infrastructure up and running with limited impact on the business. There is no doubt that it is a fine balancing act. Organisations need to consider how they lose the least amount of data, have the least amount of impact on the business, incur the least amount of cost, but recover as quickly as possible. Today it is not just about recovering the business but the importance of the speed to recovery. In our accelerated world every second really does count! Of equal importance is security and compliance. Many organisations need to prove their DR systems to industry regulators to demonstrate compliance to ISO27001 or the FCA, for example.

Is now the time for companies to consider a new approach to Disaster Recovery, and does DRaaS provide the answer? As more businesses are turning to cloud because competitors are driving them to innovate and pivot, likewise more are now considering DRaaS.

If you are evaluating, implementing or thinking about moving your DR to DRaaS, here are some key considerations:

  • You need to think about Recovery Point and Recovery Time Objectives. This ensures you lose the least amount of data and recover rapidly. Exceptional RPO and RTOs will give you confidence in your DR planning, so look for a provider who can deliver the recovery objectives you need – and provide protection for your complete IT footprint.
  • Cost is a key selling point for DRaaS which is now affordable for the mid-market. With DRaaS, you don’t have to maintain a second site, a second set of infrastructure, staff and maintenance costs. You can simply use cloud infrastructure capacity on demand.
  • Proving that you have robust, reliable Disaster Recovery processes in place is now often required to meet regulatory compliance requirements in many industries. Many DRaaS providers now offer advanced security features to meet these stringent security and compliance DR needs.
  • When selecting a provider make sure you go through a thorough assessment process and onboarding and testing of your DRaaS solution. Your provider should be able to support you with experienced technicians, architects and provide both onboarding and support testing of your DR.
  • Think about your ongoing management requirements and make sure that you have visibility and self-service management and control over your DR resources once they are in the cloud.

And finally, the importance of DR testing cannot be underestimated. Robust and regular testing will uncover anything that could go wrong in a real-life emergency and ensures confidence that your DR plan will work and failover is safe to initiate. So my advice is to make sure you test, test,and test again.

Monica Brink at iland

Image Credit: Shutterstock/Alexander Mak