In the digital economy, business continuity is inextricably bound to technology. From retail and travel to finance and the public sector, services being moved online and employees working remotely means businesses are more reliant on their digital infrastructure than ever before. While organizations can take steps to protect their digital services from incidents caused by user error, system failure, or cyber attack, some events are beyond the control of any business. Extreme weather events, natural disasters, or regional power cuts can lead to downtime and loss of services.
When such incidents occur, getting services and employees back online quickly is of paramount importance. So, businesses must have a robust, well-documented, and tested disaster recovery plan with clear owners, roles and responsibilities, emergency contacts, and priority actions. As well as having a plan, businesses also need the technical capability to recover to their pre-incident state. This means recovering data, applications, and services fully, and doing so within a defined timeframe that minimizes impact on the bottom line. All of this amounts to a robust process businesses must go through to ensure they are fully prepared when disaster strikes from both a business continuity and technical recovery perspective.
Preparing Your Teams
The ability to anticipate and act is what separates those who succeed from those who fail. When it comes to preparing a business to recover from an unforeseen technology disaster, the ability to anticipate exactly what zero hour looks like and the next steps that need to be taken in that moment is vital. IT leaders must put themselves into that situation to understand how they should react, rather than wait for disaster to strike and find out how they do react. These realities can be incredibly different, so it’s important to simulate those events from A to Z before they happen.
Ultimately, the business is reliant on its data systems and infrastructure to fully recover its mission-critical applications within an adequate timescale. But before you get to this stage of recovery, you must prepare teams within the business who will take the key actions to initiate recovery. This can be broken down into stages depending on your organization’s needs. As a general rule, start by ensuring you have a full and up-to-date inventory of the applications and services currently deployed across the business. Once these are fully accounted for, think about prioritizing them in order of importance – aligned to the organization’s most critical functions. This is where you think about what applications you need to get back online first. For example, an online retailer may prioritize the recovery of its stocking and supply chain functions before getting its e-commerce platform back online, whereas service-based businesses like solicitors and marketers may prioritize email and collaboration applications to enable communications across the company.
Once you understand what applications you need to bring back online first, you can think about putting together an action plan, which is written down, centrally stored, and backed up across at least two other forms of media, one off-site and one offline. These action plans need to be detailed and specific. They must also assume the worst. Assume that your lead sys-admin is on holiday or sick leave and his/her team needs to restore data systems without their leadership. As well as key actions and instructions, the plan should detail contact numbers to reignite communication across the business. Who needs to be informed right away? Who will the IT team need to call to gain vital information? This must all be in the plan. Think about practicalities. Will a team of admins need to work through the night restoring servers in a data center? What are they going to eat and will they need a place to sleep? The most detailed disaster recovery (DR) plans leave no stone unturned, including information from pizza delivery companies to taxi firms and hotels.
Automating Recovery
As well as preparing a plan for recovery based on the critical business functions that must be restored first, organizations must ensure that their data systems are fully protected with backup and DR across all forms of data storage. Off-site and offline backups of data help to mitigate the effects of disastrous events. My company advocates the 3-2-1-1-0 backup rule: There should always be at least three copies of important data, on at least two different types of media, with at least one off-site, one offline, with zero unverified backups or backups completing without errors. Of course, backup and DR solutions are inextricably linked, but we shouldn’t conflate the two. DR refers to a set of initiatives and processes designed to ensure the survivability of data, regardless of the scope of a calamity or crisis, with a focus on resuming IT services as quickly as possible.
Using Disaster-Recovery-as-a-Service (DRaaS) by a third-party DR provider, organizations can automatically test, document, and execute DR plans in as little as one click, recovering everything from a single application to entire sites. Going back to the planning process, businesses can choose the best protection method based on the Service-Level Agreement (SLA) they need. The fundamental question and objective behind the DR plan need to be: How quickly does the business need to recover? That might refer to getting mission-critical apps back online or fully recovering data in its pre-incident form. With DRaaS, customers can take advantage of a fully managed, monitored, and secure method for protecting critical data, all without needing to maintain an off-site repository. All in all, DR best practice combines a business-led and IT-centric strategy for ensuring business continuity across the business. One cannot work without the other and given the reliance of organizations on their digital infrastructure, they need a robust plan as well as modern data protection solutions that fully protect the business.