Are You Ignoring The ‘R’ In Disaster Recovery?

When it comes to a disaster recovery strategy, it is easy to focus on the ‘disaster’ side of provisioning. Identifying, prioritising and copying mission-critical data is straightforward, albeit time-consuming.

But ensuring there is always a copy of your data available is just one part of the story. The second aspect is, as the name implies, recovery. That is, make sure your data can be recovered from backup according to your strategic goals and SLAs.

Testing, testing…

The final sign-off for any DR strategy will involve a recovery test run. It will probably include at least one follow-up test every year too.

But digital transformation is driving rapid change – there is a very real chance that your IT infrastructure is evolving faster than your DR plans. This is why recovery testing must be a regular aspect of your maintenance routines.

What about the disruption?

It is true that a full DR test can be immensely disruptive and may involve some downtime of mission-critical systems. Then there is the number of resources required – personnel need to be taken away from other tasks for the testing period, potentially causing their other responsibilities to suffer. A full-scale DR test can be expensive.

This is why most businesses only perform DR exercises when required for an audit or similar. However, delaying testing increases the risk of something going wrong during a real disaster because the plan is out of date. The C-suite needs to make a value call – is the cost of testing DR provisions to ensure they work greater or lesser than the losses incurred by an actual disaster and the shortcomings of the DR plan?

Solving the problem with regular, smaller tests

A full DR test is always the best way to ensure your plans will actually work when needed. But there is an alternative that will allow you to optimise your provisions incrementally – partial DR testing.

Under this scenario, you select a sub-section of your infrastructure for disaster recovery testing. This could be a branch office, a business unit or a single application – every aspect of your system needs to be tested and refined, so why not focus on a single aspect first?

It’s also worth remembering that your choice of backup technology will have a significant effect on your recovery point objectives (RPO) and recovery time objectives (RTO). Tape may be an effective medium for point-in-time backups, but what about the data that is created between backups? And the time it takes to recover an entire system from tape?

Choosing a solution like Zerto that offers continuous data protection (CDP) can shorten RPO to mere seconds for instance. This not only increases your level of protection but will also minimise the impact of your testing on operations. This means that you should be able to conduct DR testing more regularly, refining your plans and provisions as you go.

To learn more about DR testing and Zerto CDP,  please give us a call

Network Management Solutions West Midlands

Disaster Recovery Planning – Revisited!

An effective disaster recovery (DR) plan only works if it is regularly reviewed and updated. Following our best-practice principles, we’ve updated our DR planning advice to help you refine and improve your strategy and processes.

Here are six things you must do:

1. Identify the key players

If your business experiences a serious system outage, who do you need to alert? Who will be involved in the actual DR process?

Your first step is to identify the key stakeholders, providers, third-party personnel and incident response teams who will help to bring systems back online. You must then negotiate and agree on acceptable SLAs that will allow you to resume operations ASAP.

2. Conduct a Business Impact Analysis (BIA)

What would happen if mission-critical systems went down? What would the wider implications of losing operations be?

There are several categories of business impact you must assess, including:

  • Expenses
  • Legal and regulatory
  • Revenue loss
  • Customer service
  • Brand/reputation damage

The BIA will be invaluable for prioritising DR activities and for identifying acceptable RPOs and RTOs. for each business unit.

3. Complete a Risk Assessment

A risk assessment attempts to quantify the likelihood of any system outage occurring. You need to consider the potential hazards to your operations – fire, cyberattack, natural disaster, extended power cut – and the magnitude of the problem each of these events would cause.

You then need to identify the assets at risk from these events. How would they affect personnel, critical infrastructure, operations, corporate reputation etc? These insights will then feed back into your BIA to provide a 360º view of threats and their effect on your business.

4. Prioritise Critical Functions

What are the most important functions required to keep your core business operations running? Identifying these processes will help you properly prioritise your recovery efforts during a disaster.

These business priorities may include:

  • Revenue operations
  • Information security
  • Identity and access management
  • Data protection
  • Payroll and time tracking

5. Build a Communications Chain

In the early stages of a major system outage, communication is critical to ensure the DR processes have been initiated and are proceeding as planned. You need to define a communications strategy that keeps all of the stakeholders identified in step 1 connected and informed about progress to ensure the plan is executed as smoothly as possible and to avoid costly miscommunication.

Don’t forget to include any third parties in the comms strategy – you will need their assistance during a disaster too.

6. Test, test, test

The only way to prove whether your DR plan works is to test it. Running regular disaster simulations will expose gaps and weaknesses in the plan, offering an opportunity to improve plans before they are needed for real.

Testing will also show whether your RPO and RTO objectives are realistic with current DR provisions – or if you need to invest in new technologies and services to meet them. Testing is an integral aspect of your regular DR planning reviews.

Contact us

To learn more about developing a DR plan that works for your business, and how WTL can help with your business continuity planning, please give us a call.

Data Management Solutions West Midlands

No management buy-in for disaster recovery? Try this approach instead

Despite being essential for business continuity, some businesses still do not have proper disaster recovery tools and plans. And bizarrely, the main problem could be down to two words – ‘disaster recovery’.

Stop talking about disasters

When it comes to strategic investments, senior stakeholder makers make most of their decisions based on risk. Those factors which present the greatest risk are the ones that receive priority funding. The lower the risk, the less money allocated – or potentially none at all.

And this is where ‘disaster recovery’ is becoming a problematic phrase. “Disaster” is associated with the very worst possible incidents – fire, terrorist attack, extensive flooding etc. The sort of occurrences that take your business off-line because the office has been destroyed.

From a risk analysis perspective, these disasters are statistically quite rare. As a result, decision-makers feel quite safe – and do not understand the importance of DR technologies.

Disasters are mundane

The reality is that show-stopping disasters tend to be more mundane; a crucial accounts spreadsheet is corrupted, a sales order is deleted, a server fails taking line-of-business applications offline. These events are incredibly common – and have severe implications for your organisation.

But at the same time, these events are familiar – your senior management team will know what effect these incidents have.

Instead of talking about disaster recovery, you must frame discussions in terms of IT recovery. This means talking about the frequent, low-level incidents that cause production bottlenecks – and how to recover operations as quickly as possible.

By highlighting the events that really will happen, you can present a true picture of the risks your business faces. Equipped with this understanding, your decision-makers will be more open to discussions about DR investment.

Focus on the benefits

As well as avoiding the ‘D’ word, your discussions must highlight the benefits of a specialised IT recovery solution. This will help stakeholders better understand the return on investment, including:

  • Delivering a better customer experience – if your systems are always available, you can always serve your customers.
  • Maintain or improve revenue – by accelerating recovery times, costly downtime is reduced – or eliminated with proper fail-over processes.
  • Uphold SLAs and compliance obligations – your business has internal and external commitments, often associated with data protection and availability. IT recovery processes and technology ensure you can meet both those requirements.

By tying these benefits to the specific strategic goals of your stakeholders, you can better ‘sell’ the need for an IT recovery strategy and accompanying technologies.

Provide a specific solution

As well as defining risks and benefits, your discussions should also highlight a specific potential solution. This may be a system that is operated in-house, or a third-party managed service depending on your appetite for risk and available resources.

Ultimately, you are trying to simplify the decision-making process for your stakeholders. Presenting a complete argument strengthens your case and reduces the opportunity for managers to reject your IT recovery proposals.

To learn more about building an effective case for IT recovery, and the technology solutions that will help you better protect your operations against loss and outage, please get in touch.

DRaaS - Plan B

When Plan B goes wrong: Avoiding the pitfalls with DRaaS

When it comes to Disaster Recovery (DR), attention tends to be focused on major disasters like terrorist attacks, floods or large fires. In reality, these types of events are extremely rare – the circumstances under which most businesses require DR are far more mundane.

Jim in accounts deletes a vital spreadsheet, a server crash takes the company ERP system offline, Val opens an infected email attachment and ransomware begins to spread through the network – incidents that companies experience at least once every year.

Or even more regularly.

The human factor

When Computing magazine surveyed IT decision-makers, they discovered just 54% had a company-wide DR plan in place. More concerningly, 50% of those businesses test their provisions infrequently – once per year or less.

Why are businesses failing to test their “Plan B”? There are several potential reasons including a lack of available time and resources for testing or a lack of political interest in DR. Other businesses may avoid testing so they do not have to acknowledge failures – and the cost of fixing them.

In all these instances, disaster recovery is heavily reliant on manual processes. This makes them slow, error-prone and completely reactive. Given that DR is often invoked to reverse errors caused by human error, relying on processes that may further compound the issue is ill-advised.

In the age of data-driven operations, DR must become smarter, faster and more proactive. And this is where Data Recovery as a Service (DRaaS) can help to build a Plan B that works.

A fail-over mechanism is essential

Traditionally, effective disaster recovery relies on a co-located secondary data centre that takes over in the event of a failure at the primary site. This is a significant administrative and cost overhead – one that is beyond the budget of most small and medium-class organisations.

With the advent of cloud resources, this function can now be outsourced to a Data Recovery as-a-service provider. This means that virtually any business can begin implementing – and testing – a proper Plan B.

Not only can they scale their DR provisions at will, but they also have the option of applying intelligent technologies to managing fail-over and recovery processes. Using automation will limit the potential for human error throughout the recovery process and accelerate many low-level admin tasks. This will free up staff to focus on other activities that help restore operations.

Seek professional help

There is a multitude of potential DRaaS services to choose from – but not all are the same. To avoid problems with your Plan B, consider:

  • Scaling – do we need to specify capacity requirements in advance? Are we likely to over-or under-provision?
  • Security – will our security provisions be replicated in the cloud, or are we leaving data potentially exposed?
  • Complexity – as our on-premise IT complexity increases, will our DRaaS partner assist with replication into the cloud?
  • Egress – Adding data to the cloud is cheap, but what are the costs if we want to get it back, or to migrate to another service?

Answering these questions is vital to ensuring Plan B continues to deliver value now – and into the future. For more help and advice on avoiding DRaaS pitfalls, please get in touch.

Network Management Solutions West Midlands

Making the business case for disaster recovery

Because of the relative rarity of a significant system outage, many SMEs have deliberately underinvested in their data protection provisions. Backup allows them to recover almost all of their systems and data (eventually), so why invest in a true disaster recovery solution?

Although most see this as a calculated risk, the impact of an outage can be devastating for a data-driven business. Here’s what you need to consider before trying to justify not investing in disaster recovery tools.

Reducing RPO windows

It is possible to recover most of your data from a traditional backup but:

  • The process is typically quite slow
  • Data changes significantly between backups – how much information can you afford to lose in that window?

It is entirely possible that relying on backups could cost your business 22 hours or more lost productivity.

A disaster recovery platform is specifically designed to reduce the recovery point objective (RPO – the amount of data your business can ‘afford’ to lose) to minutes or seconds. Cloud-based DR systems also allow you to create service tiers so that you can prioritise what is protected, the performance of the underlying infrastructure and how it is brought online in an emergency. This granular control ensures you can balance availability, performance and cost to meet your strategic recovery goals.

Affordable resilience

Modern disaster recovery platforms use the cloud to provide massive scalability without upfront hardware investment. You simply pay for the storage you use. There is no longer any need to invest in co-located data centres, duplicate hardware set-ups, licensing or the resources required to administer them.

Using cloud-based services allows you to avoid significant up-front capital investment – immediately answering one of the main arguments against deploying DR. It also ensures that your data is fully recoverable from anywhere in the world.

Built for the cloud

Backup and recovery tools are normally designed for use with on-premise systems. This becomes a serious shortcoming as your business adopts more cloud-based services.

DR tools are increasingly cloud-native, meaning that they can capture snapshots of data stored in hosted systems. Importantly, they can also restore data to other cloud platforms, offering a useful alternative if your on-premise data centre is out-of-action.

Improve your testing capabilities

Disaster recovery tools create a complete copy of your operating environment that is ready to be recovered at any moment. However, you can also use these DR copies for advanced testing and planning.

Say you want to assess the potential risks associated with a new software update. Rather than deploying into your live environment, you can use a DR copy. All of your tests are completely accurate and reliable because the copied system is identical to your production environment. Tests can be completed without any risk to operations.

To learn more about why your business can’t afford to not invest in disaster recovery tools – and what you stand to gain – please get in touch.