Tag: Disaster Recovery

When it comes to a disaster recovery strategy, it is easy to focus on the ‘disaster’ side of provisioning. Identifying, prioritising and copying mission-critical data is straightforward, albeit time-consuming.

But ensuring there is always a copy of your data available is just one part of the story. The second aspect is, as the name implies, recovery. That is, make sure your data can be recovered from backup according to your strategic goals and SLAs.

Testing, testing…

The final sign-off for any DR strategy will involve a recovery test run. It will probably include at least one follow-up test every year too.

But digital transformation is driving rapid change – there is a very real chance that your IT infrastructure is evolving faster than your DR plans. This is why recovery testing must be a regular aspect of your maintenance routines.

What about the disruption?

It is true that a full DR test can be immensely disruptive and may involve some downtime of mission-critical systems. Then there is the number of resources required – personnel need to be taken away from other tasks for the testing period, potentially causing their other responsibilities to suffer. A full-scale DR test can be expensive.

This is why most businesses only perform DR exercises when required for an audit or similar. However, delaying testing increases the risk of something going wrong during a real disaster because the plan is out of date. The C-suite needs to make a value call – is the cost of testing DR provisions to ensure they work greater or lesser than the losses incurred by an actual disaster and the shortcomings of the DR plan?

Solving the problem with regular, smaller tests

A full DR test is always the best way to ensure your plans will actually work when needed. But there is an alternative that will allow you to optimise your provisions incrementally – partial DR testing.

Under this scenario, you select a sub-section of your infrastructure for disaster recovery testing. This could be a branch office, a business unit or a single application – every aspect of your system needs to be tested and refined, so why not focus on a single aspect first?

It’s also worth remembering that your choice of backup technology will have a significant effect on your recovery point objectives (RPO) and recovery time objectives (RTO). Tape may be an effective medium for point-in-time backups, but what about the data that is created between backups? And the time it takes to recover an entire system from tape?

Choosing a solution like Zerto that offers continuous data protection (CDP) can shorten RPO to mere seconds for instance. This not only increases your level of protection but will also minimise the impact of your testing on operations. This means that you should be able to conduct DR testing more regularly, refining your plans and provisions as you go.

To learn more about DR testing and Zerto CDP,  please give us a call

An effective disaster recovery (DR) plan only works if it is regularly reviewed and updated. Following our best-practice principles, we’ve updated our DR planning advice to help you refine and improve your strategy and processes.

Here are six things you must do:

1. Identify the key players

If your business experiences a serious system outage, who do you need to alert? Who will be involved in the actual DR process?

Your first step is to identify the key stakeholders, providers, third-party personnel and incident response teams who will help to bring systems back online. You must then negotiate and agree on acceptable SLAs that will allow you to resume operations ASAP.

2. Conduct a Business Impact Analysis (BIA)

What would happen if mission-critical systems went down? What would the wider implications of losing operations be?

There are several categories of business impact you must assess, including:

• Expenses
• Legal and regulatory
• Revenue loss
• Customer service
• Brand/reputation damage

The BIA will be invaluable for prioritising DR activities and for identifying acceptable RPOs and RTOs. for each business unit.

3. Complete a Risk Assessment

A risk assessment attempts to quantify the likelihood of any system outage occurring. You need to consider the potential hazards to your operations – fire, cyberattack, natural disaster, extended power cut – and the magnitude of the problem each of these events would cause.

You then need to identify the assets at risk from these events. How would they affect personnel, critical infrastructure, operations, corporate reputation etc? These insights will then feed back into your BIA to provide a 360º view of threats and their effect on your business.

4. Prioritise Critical Functions

What are the most important functions required to keep your core business operations running? Identifying these processes will help you properly prioritise your recovery efforts during a disaster.

These business priorities may include:

• Revenue operations
• Information security
• Identity and access management
• Data protection
• Payroll and time tracking

5. Build a Communications Chain

In the early stages of a major system outage, communication is critical to ensure the DR processes have been initiated and are proceeding as planned. You need to define a communications strategy that keeps all of the stakeholders identified in step 1 connected and informed about progress to ensure the plan is executed as smoothly as possible and to avoid costly miscommunication.

Don’t forget to include any third parties in the comms strategy – you will need their assistance during a disaster too.

6. Test, test, test

The only way to prove whether your DR plan works is to test it. Running regular disaster simulations will expose gaps and weaknesses in the plan, offering an opportunity to improve plans before they are needed for real.

Testing will also show whether your RPO and RTO objectives are realistic with current DR provisions – or if you need to invest in new technologies and services to meet them. Testing is an integral aspect of your regular DR planning reviews.

Contact us

To learn more about developing a DR plan that works for your business, and how WTL can help with your business continuity planning, please give us a call.

Despite being essential for business continuity, some businesses still do not have proper disaster recovery tools and plans. And bizarrely, the main problem could be down to two words – ‘disaster recovery’.

Stop talking about disasters

When it comes to strategic investments, senior stakeholder makers make most of their decisions based on risk. Those factors which present the greatest risk are the ones that receive priority funding. The lower the risk, the less money allocated – or potentially none at all.

And this is where ‘disaster recovery’ is becoming a problematic phrase. “Disaster” is associated with the very worst possible incidents – fire, terrorist attack, extensive flooding etc. The sort of occurrences that take your business off-line because the office has been destroyed.

From a risk analysis perspective, these disasters are statistically quite rare. As a result, decision-makers feel quite safe – and do not understand the importance of DR technologies.

Disasters are mundane

The reality is that show-stopping disasters tend to be more mundane; a crucial accounts spreadsheet is corrupted, a sales order is deleted, a server fails taking line-of-business applications offline. These events are incredibly common – and have severe implications for your organisation.

But at the same time, these events are familiar – your senior management team will know what effect these incidents have.

Instead of talking about disaster recovery, you must frame discussions in terms of IT recovery. This means talking about the frequent, low-level incidents that cause production bottlenecks – and how to recover operations as quickly as possible.

By highlighting the events that really will happen, you can present a true picture of the risks your business faces. Equipped with this understanding, your decision-makers will be more open to discussions about DR investment.

Focus on the benefits

As well as avoiding the ‘D’ word, your discussions must highlight the benefits of a specialised IT recovery solution. This will help stakeholders better understand the return on investment, including:

• Delivering a better customer experience – if your systems are always available, you can always serve your customers.
• Maintain or improve revenue – by accelerating recovery times, costly downtime is reduced – or eliminated with proper fail-over processes.
• Uphold SLAs and compliance obligations – your business has internal and external commitments, often associated with data protection and availability. IT recovery processes and technology ensure you can meet both those requirements.

By tying these benefits to the specific strategic goals of your stakeholders, you can better ‘sell’ the need for an IT recovery strategy and accompanying technologies.

Provide a specific solution

As well as defining risks and benefits, your discussions should also highlight a specific potential solution. This may be a system that is operated in-house, or a third-party managed service depending on your appetite for risk and available resources.

Ultimately, you are trying to simplify the decision-making process for your stakeholders. Presenting a complete argument strengthens your case and reduces the opportunity for managers to reject your IT recovery proposals.

To learn more about building an effective case for IT recovery, and the technology solutions that will help you better protect your operations against loss and outage, please get in touch.