1 Disaster Recovery Plan: How to Ensure Business Continuity Serhiy Kozlov — February 6, 2019 0 7 SHARES In 1990, the unthinkable happened. AT&T, the most lauded and dependable phone system, went “dead.” It began with a piece of bad code that caused one switch at one if its 114 switching centers to malfunction. When the switch came back up, it sent out signals to switches at all other centers to shut down. All centers crashed. The consequences were devastating for numerous AT&T business clients, including American Airlines (loss of 200,00 reservation calls) and CBS could not reach any of its bureaus. As the company investigated the issue, it realized that its own in-house redundancy failed because it was not insulated from the new main system. In other words, the backup crashed too. We’ve come a long way since then of course, but disasters come in many forms (malfunctions, cybercrime,data center equipment failures, power outages, etc.), and no business is immune. In 2018, Microsoft, Google Cloud, Slack, Visa and a number of other companies experienced downtime due to failures. The reasons behind those failures were human errors, equipment failure, bugs in code and improper load balancing for cloud infrastructure. Fortunately, neither of those outrages lasted for longer than a few hours. As all of the companies had comprehensive a disaster recovery plan that includes processes and procedures for how to ensure business continuity during the disaster. In fact, 47% of enterprises and 38% of smaller companies now use disaster recovery for at least half of their production infrastructure. But disaster recovery mechanisms alone cannot guarantee you business continuity. Business Continuity and Disaster Recovery Plans are Not the Same These terms are often used interchangeably but, in fact are very different. Business continuity (BC) is a proactive approach to dealing with the risk of a disaster, ensuring that normal business operations can go on. Typical components of such a plan include solutions for the challenges of all IT needs – network connections, phones, network drives, servers and other business applications. The goal of business continuity management is no downtime. Disaster recovery plans (DRP) are reactive. Once a disaster hits, it is this plan that provides for restoration of the IT infrastructure, accessing copies of data that is stored offsite, and picking up all the pieces in a structured, organized way. Its focus is on recovery time. A simple example of the difference would be this: a business continuity plan would include temporary facilities for essential department personnel and getting the proper equipment to that 2 facility. A disaster recovery plan includes the pre-planned activities of the staff once it is established in its temporary facility. Exactly What is a Disaster Recovery Plan? First and foremost, a disaster recovery plan is a structured and fully documented roadmap with instructions for recovering all potentially vulnerable systems and networks. It includes every step to be taken who is responsible for each of those steps. Large enterprises often have an on-premises recovery plan – one that is expensive to implement and maintain. And, as well, it is certainly not foolproof against power failures, fires, and other natural disasters. When the big ones hit, continuous backup doesn’t occur. The other option, of course, is for the backups to be physically housed somewhere else. By far, the best solution for businesses of any size are cloud-based managed service providers (MSP) such as those offered by Amazon Web Services (AWS). In 2018, 58% of companies said that use cloud for DR/BC. That’s 22% more than just three years ago. For smaller enterprises, cloud DR/BC has clear costs that can keep a company on budget. Within the best cloud structures, moreover, security measures are solid and up-to-date. This solution means that 24/7 access to all data and infrastructure that has been moved to the cloud is guaranteed, so long as your IT teams have Internet access. Advantages of Having a DRP These should be obvious: 1. 2. 3. 4. You will have a detailed plan for protection of your data and your hardware. You will experience far less yearly downtime Implementation of the plan will help to maintain your reputation with clients/customers It will assist with business continuity, including continuous 24/7 IT support as is often necessary 5. It will provide the methods by which you can test your plan 6. It will give your organization, especially upper level management, with a sense of security How to Develop a Disaster Recovery Plan: Step by Step 1. Begin with a Contingency Statement – A formal set of rules, conditions, and guidelines that determine when a DRP is to be activated 2. Conduct an Analysis of Business Impact – An identification of the critical IT components and applications that must be “recovered” in order to achieve business continuity. 3. Develop a Description of Control Methods – What types of measures are currently in place to reduce risk – prevention (e.g., backup generators, external facility), detection (e.g. IT infrastructure monitoring, uncovering potential threats, viruses), and correction (restoration measures following an unwanted event/disaster). 4. Create the Plan – specific instructions for recovering the infrastructure and applications that will allow “business as usual.” 5. Train and Test – Training of all critical staff and testing the plan by simulating disasters. 3 6. Plan for Updating – The DRP must have flexibility and fluidity, as conditions change within the organization. When Cloud Disaster Recovery is The Best Option Creating the plan when cloud services are in place will help to alleviate and simplify the control measures that must be put in place, as well as enable faster recovery of data and infrastructure. The key will be to identify those critical elements and applications that must be placed in the cloud in order for seamless continuation of business operations. Once that has been accomplished, the following steps are key: Data must be backed up on a regular basis A cost analysis must be conducted, so that the cloud services meet budget objectives. Decide on the recovery time objective. This will determine the type of cloud services you need and will impact cost. Identify the critical applications that must be moved to the cloud and how quickly you need the recovery – this will determine the recovery architecture you choose. Options vary from simple backup and restoration all the way to what is known as a “hot standby,” which usually involves copying data and applications among more than one active location, splitting up the traffic and routing that traffic so that there is no downtime whatsoever. Advantages of Using a Cloud Service Provider for DRP 1. Consider the cost: It’s expensive to maintain an in-house disaster recovery. Without exception, it will involve backup in a separate facility, either one owned or leased. 2. Rapid retrieval of data and files 3. Service that is both reliable and scalable as the need arises What If Disaster Hits a Cloud Infrastructure? It could happen. And any disaster recovery plan should provide for this possibility. When a company looks for a cloud-based recovery solution, it must explore what the service offers in terms of cloud disaster recovery. The good ones will have technology partners with backup solutions of their own. Round the clock access thus continues without a hitch. Conclusions Businesses have several options for disaster recovery. Choosing one that fits their needs and budget, both current and in the future, can be a challenge. For this reason, many companies choose to outsource disaster recovery planning. The Institutes gives attribution for the material to Business 2 Community. Original article can be found here