By Michael Sebastian Nanfeldt
Disaster recovery: 10 things you need to take into account
2020 December 1st
Of course, you can choose to think to yourself: “That only happens to the other guys,” but that would be doing yourself a disservice, because whether it is from natural causes (such as fallen trees, heavy rains, etc.) or due to human error (an employee fails to follow procedures and processes or makes a mistake) or the conscious acts of IT criminals in the form of CaaS (Crime as a Service), ransomware or Social Engineering, data will be lost at some point-and therefore Disaster Recovery (DR) is also a significant issue for you. It will act as your company’s insurance policy which helps you get back on your feet after unforeseen incidents and which will protect you from the very significant negative consequences that often follow in the wake up a non-existent disaster recovery plan.
With that said, here are Delegate’s observations, advice and recommendations for getting properly started with Disaster Recovery:
10 things you need to take into account
1. Data loses are inevitable
When most companies think of disasters, it is often the big problems like fires, floods, etc. that come to mind. A lot of people forget that everyday incidents can cause just as much damage and put you in a situation where both the users and the customers experience downtime, and that can be expensive in terms of lost earnings.
For the DR plan, you should not differentiate between whether or not it is a natural event, an employee’s conscious/unwitting action or a cyber-attack. Because you never really know what or who it is that will cause your operations to grind to a halt.
These scenarios can impact your business more than you can imagine, and it can unfortunately lead to huge problems if you have not paid careful attention to the scenarios.
FACT: According to the NFIB National Small Business Poll, 40% of companies without a DR plan never recover from a major disaster and only 6% make a full recovery in the long run.*1
2. A disaster recovery plan is never static
It is kind of pointless to have a detailed DR plan if it does not work in practice! If it does not work in practice, then you cannot get the company up and running again fast enough and you will not be able to avoid damage to both your reputation and bottom line.
You might also find yourselves in a situation where you face legal penalties for not delivering on signed contracts and thereby lose business opportunities.
With that in mind, it means that the duration of your downtime is the critical factor. You can ensure the least amount of downtime when disaster strikes by regularly testing and then fine-tuning your DR plan so that it always fits your current situation. We recommend that you update your disaster plan at least once per year, or when you make changes to your operating environment.
3. Being proactive beats being reactive
Protecting your company’s data requires thorough planning and monitoring. It is too late to think about a DR plan when disaster has already struck. DR plans are therefore worth investing in, just like it should be a high priority to have a recovery procedure for during/after the crisis.
4. Know yourselves
It is often the case that companies are not familiar with the total amount of important data that they actually possess. Even if critical documents are normally top priority, you also need to think about processes and functions when you prepare your DR plan. For example, this could include financial/accounting processes, human resources and marketing processes.
5. Your Disaster Recovery plan is unique
As mentioned, all companies should have a DR plan in place. However, there are no generic DR plans that fit every company. Your DR plan should therefore not be based on a template found online, merely customized with some details. Your company is unique-so are your priorities, expectations and requirements.
Therefore, only a tailor-made DR plan can truly fit your specific requirements and safeguard you against worst case scenarios. This is where the collaboration with your IT supplier-which could be Delegate or another established IT consultancy firm-comes into play, because an experienced partner will be able to help you set the priorities, provide advice and, potentially, help with an implementation drawing on years of experience with such.
6. A DR plan is about more than just having backups
It should come as no great surprise to anyone that backups and recovery are key elements in any DR plan. Backups, however, are not the only issue that needs to be taken into account. Even though it is important to frequently make backups of your business-critical data, your DR plan must also contain elements such as, for example. SLA, application impacts and considerations on how a two-centre operation can minimize risks.
7. Stick to the plan when disaster strikes
Your DR plan must contain a thorough process description which helps to minimize the natural confusion and panic that may arise during a breakdown. Having a detailed process description with step-by-step instructions can make the recovery process easier and less stressful.
Since we know that a DR plan is normally only executed during periods of high stress and when working against the clock, it should be your objective to have a process that is formally approved in the organization and ensuring that it has a simple flow that is easy to follow-ideally, in a step-by-step format and without technical terms that can complicate its execution.
8. When and how is a DR plan activated?
When a DR plan needs to be activated, it must be done immediately and effectively. When a situation has been identified, your selected coordinator must be notified, and the selected DR team must then be advised and put on alert. When they have assessed that the activation criteria are met, your DR plan needs to be activated.
However, knowing precisely when a detailed DR plan is to be activated can be harder than one might think. Even though it might seem like the obvious thing to do, it is not easy and without cost. Therefore, the DR team must help to decide whether it is better to activate the plan or wait.
Disaster recovery services running on, for example, Azure Site Recovery, can help you with the decision-making process, since an automated DR plan has been proven to be better equipped to handle a great number of incidents-whereas the human factor tends to add an element of hesitation when initiating a DR plan.
9. Cloud DR is the way forward
Traditional initiatives could be making copies of applications and data between two data centres. When such initiatives have been implemented, a redundant data centre can take over the operation of applications by using the latest copied data.
However, if you already have your applications running in a virtual environment, a cloud-based disaster recovery can be an attractive alternative. Microsoft Azure offers ‘Disaster Recover as a Service (DRaaS)’. This is a cloud-based method for replicating infrastructure, applications and data, which makes recoveries easier. The use of Microsoft Azure cloud is a relatively simple way to ensure that data can be recovered in the event of a breakdown. So if you want a stress-free DR plan, have a chat with us here at Delegate and let us together explore the options involving Azure DRaaS and how, with Microsoft’s secure off-site placement, we can provide you with some more peace of mind.
10. What is a good Disaster Recovery plan?
Summarizing the above, and in order to get the process started on the right foot, we recommend that your DR plan should contain the following elements:
- Assigned roles and responsibilities:
- Must identify the DR team and their main tasks.
- Incident Response:
- Description of conditions that the employees need to pay particular attention to concerning potential breakdowns, and the DR team’s prerequisites for assessing the situation, in addition to how they should behave so that potential damages are minimized.
- Activation of the DR plan:
- If Incident Response has not managed to ward off the incident, this part will decide which DR plan should be executed.
- A detailed description of recovery methods and the steps that any given DR team member must follow so that the DR team as a whole has a clear process for recovering data and applications.
In summary, a good DR plan consists of many different elements that you need to take into consideration, at the same time as you continually test it in order to ensure that the DR plan in question is suitable for your company’s current situation.
Do you have any questions?
You are most welcome to send an email to firstname.lastname@example.org (Michael Sebastian Nanfeldt) if you need a sounding board or want to talk about your DR plan.