Cybercrime is becoming more and more frequent with 50% of businesses suffering a cyber-attack attempt every week in 2021. The rise – partly due to the Log4J vulnerability – helped to boost cyber-attack attempts to an all-time high in the latter part of 2021. With this alarming statistic at the forefront of people’s minds, it is no longer a case if your business will fall victim to cybercrime, but a case of when. In order to safeguard your business and ensure downtime is limited, it is critical that a disaster recovery plan is implemented.
What is disaster recovery?
Disaster recovery is best described as an organisation’s ability to manage and recover from an event that has a negative impact on business continuity and operations.
It is also how the organisation goes about regaining access and functionality to its IT infrastructure after the event, which could be such things as a natural disaster, a cyber-attack, or disruptions to the business related to the aftereffects of the Covid-19 pandemic.
What is a disaster?
Disaster recovery is centered around events that are deemed to be serious in nature. These are often thought of in terms of natural disasters, but can also be caused by technical failure, system errors, or attacks by individuals when the attack being carried out is intentional.
Types of disasters include:
- Cyber-attacks
- Sabotage
- Power outages
- Equipment failure
- Endemics/Pandemics (such as Covid-19)
- Floods
- Fires
These disasters can strike at any time and can have wide-ranging levels of severity. While a power outage could result in downtime of a few hours and temporarily affect business continuity, floods and fires could destroy the whole office or data centre, bringing to a halt major business processes for a sustained period.
Why have a plan
In managing how well an organisation can react in event of a disaster, it is vital to have a disaster recovery strategy in place. A disaster recovery plan is the recorded process that each organisation has created, setting out how they will respond to a disaster.
While each business is different in the way they operate, the ultimate goal of the disaster recovery plan is to ensure business continuity and data protection, while minimising downtime.
Disaster recovery plans are integral for ensuring disasters do not happen in the first place, but also play a pivotal role in the preventative measures of a disaster. Although disasters may not always be avoidable, having a recovery plan helps to reduce the potential damage and can help quickly restore business operations when it does occur.
While the plan should be clear and concise, if implemented correctly, it has the ability to recover IT services quickly, avoid data breaches, limit financial impact, prevent a loss of customer confidence, and protect the reputation of the business.
Creating a plan
When assessing how best to manage a disaster when it happens, each organisation needs to have clear direction on what is included in their disaster recovery plan. Having a comprehensive disaster recovery plan that can be executed in an emergency will help to ensure the IT infrastructure remains operational in a crisis. Critical to this planning includes:
Risk analysis
The first step in creating a complete disaster recovery plan is to perform a risk analysis for all the risks to a businesses’ data. When considering risk, such as ransomware, the risk is high, as is the impact, therefore it should be classed as a high priority when creating a disaster recovery plan. However, when taking inventory, a business likely already has some form of firewall and anti-malware protection so that should factor into the overall planning for business continuity. Other threats to consider may include a fire at a data centre or a widespread power failure. This step shows how systems are connected and how a potential disaster that causes data loss may also cause business-critical applications to be unavailable. As part of the risk analysis, each organisation must evaluate and assess its own vulnerabilities. Determining what the key vulnerabilities are within your organisation will help manage the threats within a disaster as part of the crisis management. From here, it will be clear how much downtime is acceptable within a business and how much data loss is acceptable. With this knowledge, it is possible to design a plan that encompasses all possible risks and meets all business requirements.
Set clear recovery objectives
In a disaster recovery plan, two objectives must be set (RTO and RPO): a recovery time objective (RTO) and a recovery point objective (RPO). An RTO defines how long it takes for data to be recovered and until normal operations are restored to all users and an RPO sets how far back to recover data from and defines the maximum amount of data lost from the previous backup. For different types of data and applications, different objectives may need to be set.
Design the response strategy and determine backup solutions
When designing the response strategy, it is important to consider the previous steps and establish roles and responsibilities for those included in the plan. Establishing these roles is important as if everyone knows their roles and responsibilities it will make the process of disaster recovery more effective and efficient. As a business, you must also decide what software and backup solution best align with your disaster response plan. In regards to the location of backed-up data, it can be stored either on-premises, cloud-based, or a mixture of both.
Test, revise, and test again
It is setting a business up for failure if the first time testing a disaster recovery plan is during a real disaster. It is best practice to run multiple tests for different disasters and see if a disaster recovery plan reaches the set objectives and ensures little downtime with minimal loss of data. After this testing, the plan should be reviewed, and any necessary changes made to the plan to increase efficiency. This testing process should be carried out regularly to ensure that as the way a business uses software and handles data changes, the disaster recovery plan mirror these changes.
Disaster Recovery as a Service (DRaaS)
As part of our Backup and Storage solutions, we offer Disaster Recovery as a Service (DRaaS). This makes it easy to failover from your own data centre to our partners’ trusted, cost-effective and well-connected cloud, with minimum downtime and data loss.
This service supports business continuity plans and disaster recovery processes.
- Amongst the features in our Disaster Recovery as a Service are:
- Bi-directional failover between Hyper-V and VMware platforms
- Simple to perform DR tests without impacting your production services
- Real-time reporting and monitoring
- Journals capable of RPO just seconds apart
- On-demand failover
With a number of key benefits, central to this are:
- Protect data and applications from malware attacks and outages
- Avoid lock-in, easily failback to your primary site
- Frequent failover testing gives business confidence in your DR strategy
- Restore entire applications to our partners’ platform in minutes,
- View actual RPO and information around IOPS and WAN throughput
- Recover data and applications quickly with minimal data loss
- Cost-effectively deliver your disaster recovery and business continuity plans
- Choose the recovery site to deliver your business continuity plan
- Have confidence in who has access to your data
- Choose the right network to connect your solution to
If your business does not currently have a disaster recovery plan in place, now is the time to act, before it is too late.
If you want to find out more on how to create and implement a comprehensive disaster recovery plan in your business, get in touch today to find out more about our Disaster Recovery as a Solution.