Simon Johnson, disaster recovery practice lead at GlassHouse Technologies (UK) discusses the importance of a disaster recovery (DR) strategy and asks how much downtime can you really afford and what level of protection can you get away with?
Applications and the information they hold are increasingly the lifeblood of many organisations. In my experience, many businesses which have encountered major loss of data are never able to reopen; some attempt to but do not succeed and only a handful survive. This just goes to show the long-term importance of a business aligned DR strategy today.
For an enterprise-wide DR programme to be truly effective the IT requirements need to reflect business needs and the value of the assets that are being protected.
Once an organisation can capture what assets they have, the external and internal risks they need to be protected from, and how to maintain the accuracy of those assets, an analysis of the impact of loss needs to be performed.
The understanding of ‘actual business needs’ and impact of loss can be determined through a Business Impact Analysis (BIA). This identifies how much downtime you can actually afford and therefore, what level of protection you can ‘get away with’.
The amount of downtime an organisation can ‘really afford’ is directly related to the financial, legal or public relations impact an application has on the organisation in the event of its unavailability.
During the BIA a pain point is established whereby the impact of the application unavailability significantly spikes. This will provide the time key which identifies the amount of downtime your organisation can afford.
These well known metrics are the Recovery Point Objective (RPO) and Recovery Time Objective (RTO), both of which have a direct impact on the amount of investment it takes to protect the application.
The more aggressive these metrics are, the more expensive the infrastructure required to protect them. Getting this impact versus cost balance right is one of the biggest challenges facing organisations when implementing and maintaining DR capability.
Another challenge for businesses creating a DR strategy is that they have to decipher the tangible and intangible impacting factors and deal with emotive and unrealistic views on the impact of applications.
For example, human nature dictates that ‘my’ application is the most important and so requires the highest level of protection. The consequence of that is huge expenditure required to ensure minimal downtime for applications that do not have the business impact to warrant such investment.
Until recently the complexity of determining the impacting factors has played a significant role in DR being reserved for only the most critical applications. Now, technological enhancements have meant the cost of delivering DR and recovery objectives has become cheaper and more commonplace, but effective understanding of application unavailability remains, at best, confusing.
A DR strategy is paramount for any organisation that operationally or legally relies on its applications and the information they hold. Without one the interruption of applications could spell disaster for you personally and or your organisation.
Getting the balance right for downtime versus the level of protection you could get away with will result in an effective DR strategy that matches the value of the application to the cost of the infrastructure to protect it.