|
Ten Tips for Successful IT Disaster Recovery
Planning
Businesses of all sizes rely on
information technology as a crucial component of
their day-to-day operations. Because data
availability is a top priority, the need for
companies to compile a thorough disaster recovery
plan is essential.
According to Info-Tech Research Group, however,
almost 60% of North American businesses do not have
a disaster recovery plan in place to resume IT
services in case of crisis - a recipe for possible
business failure. Faulkner Information Services
found that 50% of companies that lose their data due
to disasters go out of business within 24 months,
while the U.S. Bureau of Labor indicates that 93%
are out of business within five years.
Ten Tips for Disaster Recovery Planning
-
Devise a disaster recovery plan: IT disaster recovery planning can be a daunting undertaking, with
many scenarios to analyze and options to pursue.
It is important to start with the basics and add
to the plan over time. To begin, define what is
important to keep the business running - i.e.,
email and application access, database back-up,
computer equipment - and the "recovery time
objective" or how quickly the company needs to
be up and running post-disaster. Other key plan
components to consider are determining who
within the organization declares the disaster,
how employees are informed that a disaster has
occurred, and the method of communication with
customers to reassure them that the company can
still service their needs.
-
Monitor implementation:
Once a disaster recovery plan has been
established, it is critical to monitor the plan
to ensure its components are implemented
effectively. A disaster recovery plan should be
viewed as a living, breathing document that can
and should be updated frequently, as needed.
Additionally, proactive ongoing monitoring and
remediation of processes, such as back-up data
storage and data replication, results in fewer
IT issues and less downtime should a crisis
occur.
-
Test disaster recovery plan:
A 2007 eWeek survey of more than 500 senior IT
professionals revealed that a whopping 89% of
companies test their disaster recovery/failover
systems only once per year or not at all,
leaving their enterprises vulnerable to massive
technology and business failures in the event of
a disaster. An under-tested plan can often be
more of a hindrance than having no plan at all.
The ability of the disaster recovery plan to be
effective in emergency situations can only be
assessed if rigorous testing is carried out one
or more times per year in realistic conditions
by simulating circumstances that would be
applicable in an actual emergency. The testing
phase of the plan must contain important
verification activities to enable the plan to
stand up to most disruptive events.
-
Perform off-site data back-up and storage: Any catastrophe that threatens to shutter a business is likely to
make access to on-site data back-up impossible.
The primary concerns for data back-up are
security during and accessibility following a
crisis. There is no benefit to creating a
back-up file of valuable data if this
information is not transferred via a secure
method and stored in an offsite data storage
center with foolproof protection. As part of
establishing a back-up data solution, every
company needs to determine its "recovery point
objective" (RPO) - the time between the last
available back-up and when a disruption could
potentially occur. The RPO is based on tolerance
for loss of data or reentering of data. Every
company should back-up its data at least once
daily, typically overnight, but should strongly
consider more frequent back-up or "continuous
data protection" if warranted.
-
Perform data restoration tests:
Using tape back-up for data storage has been
integral to IT operations for many years,
however this form of back-up has not been the
most reliable. Today, disk to disk systems are
gaining popularity. With either type of system,
the back-up software and the hardware on which
it resides needs to be checked daily to verify
that back-up is completed successfully and that
there are no pending problems with the hardware.
With tape back-up, companies need to store the
tapes in an off-site location that is secure and
accessible, while disk systems need to have an
off-site replication if the back-up is not run
off-site initially. Moreover, companies need to
perform monthly test restoration to validate
that a restoration can be accomplished during a
disaster.
-
Back-up laptops and desktops:
Although many companies have policies requiring
employees to store all data on the company's
network, it is not prudent to assume that the
policy is being followed. Users often store
important files on local systems for a host of
reasons, including the desire to work on files
while traveling and the need to protect
sensitive data from the eyes of even the IT
staff. Backing up laptops and desktops protects
this critical data in the event of a lost,
stolen or damaged workstation. Using an
automatic desktop and laptop data protection and
recovery solution is ideal.
-
Be redundant:
Establishing redundant servers for all critical
data and providing an alternate way to access
that data are essential components of an
organization's disaster recovery planning.
Having these redundant services in place at a
secure, offsite location can bring disaster
recovery time down to minutes rather than days.
-
Invest in theft recovery and data delete
solutions for laptops: IDC reports that more than 70% of the total
workforce in the U.S. will be considered mobile
workers by 2009. Accordingly, laptops are
increasingly replacing the traditional desktop
PCs. Unlike desktops, however, laptops are more
easily misplaced or stolen, thus requiring
organizations to secure data deletion and theft
recovery options for their users' laptops. Theft
recovery solutions can locate, recover and
return lost or stolen computers, while data
delete options can enable companies to delete
data remotely from lost or stolen computers
thereby preventing the release of sensitive
information.
-
Install regular virus pattern updates: IT infrastructure is one of those realities of business life that
most companies take for granted. Companies often
do not focus on email security until an
incipient virus, spyware or malware wreaks havoc
on employees' desktops. Organizations need to
protect its data and systems by installing
regular virus pattern updates as part of
disaster recovery planning, which may even help
prevent a crisis from happening.
-
Consider hiring a managed services provider: For small- to medium-sized businesses, it is often cost
prohibitive to implement a sound disaster
recovery plan. Frequently these organizations
lack the technical professionals to accomplish
this. Managed services providers (MSPs) have
emerged in recent years to perform this role.
MSPs have the technical personnel to design,
implement and manage complex disaster recovery
projects. Additionally, MSPs have the server,
storage and network infrastructure in place to
manage a true disaster recovery plan. To keep
costs manageable and make disaster recovery
services, such as data storage and redundant
servers, available to small- to medium-sized
businesses, MSPs build shared, multi-tenant IT
infrastructures that host multiple companies on
the same hardware and network equipment which
helps keep costs affordable and advantageous for
its customers.
Future of Disaster Recovery Planning
In determining the components of a disaster recovery
plan, businesses typically need to make tough
compromises, sacrificing the level of recovery
(maximum amount of downtime and data loss) with
cost. A relatively new form of technology - server
virtualization - is beginning to gain popularity as
a viable and cost effective means of achieving
highly available, redundant systems. Server
virtualization allows companies to consolidate
multiple server functions on one host server, thus
lowering total cost of operation and effectively
managing emerging hardware advancements.
At first glance, server virtualization may appear to
be risky and counter-productive when trying to
achieve a highly available, redundant IT
infrastructure. After all, server virtualization
increases the risk of multiple server failures by
housing numerous server services on a single host
server. But, with the combination of hardware
advancements and software ingenuity, companies will
be able to capitalize on server virtualization as a
practical and effective means to achieve disaster
recovery.
In the case of a natural disaster or power outage
that impacts a company's primary facility, a host
server in a separate location connected to a SAN
targeted for virtual server replication can be
enabled quickly and with little effort. By
capitalizing on increased virtual server performance
as a result of software advancements and lower
hardware costs with higher capacity, a robust and
full-featured disaster recovery plan will be more
readily attainable by more organizations.
Bottom Line
Every business is vulnerable to experiencing a
serious incident, preventing it from continuing
normal business operations at any time. Beyond
terrorist threats, less catastrophic events such as
a lost or stolen laptop, the Northeast Blackout of
2003, Manhattan's steam pipe explosion in 2007,
recent wildfires in California and numerous
presently unforeseen possibilities can cause
substantial business interruptions. Anticipating
disaster and preparing seems both prudent and
advisable, as does regular testing of IT services
and back-ups.
A well-structured and coherent disaster recovery
plan will enable companies to recover quickly and
effectively from an unforeseen disaster or
emergency, thus avoiding significant business
interruption and loss.
Back to the top
|