Disaster Recovery Planning Tips
Almost 60% of North American businesses do not have a disaster recovery plan in place to resume IT services in case of crisis - a recipe for possible business failure. Janco Associates has found that 50% of companies that lose their data due to disasters go out of business within 24 months, while the U.S. Bureau of Labor indicates that 93% are out of business within five years.
- Devise a disaster recovery plan: IT disaster recovery planning can be a daunting undertaking, with many scenarios to analyze and options to pursue. It is important to start with the basics and add to the plan over time. To begin, define what is important to keep the business running - i.e., email and application access, database back-up, computer equipment - and the "recovery time objective" or how quickly the company needs to be up and running post-disaster. Other key plan components to consider are determining who within the organization declares the disaster, how employees are informed that a disaster has occurred, and the method of communication with customers to reassure them that the company can still service their needs.
- Monitor implementation: Once a disaster recovery plan has been established, it is critical to monitor the plan to ensure its components are implemented effectively. A disaster recovery plan should be viewed as a living, breathing document that can and should be updated frequently, as needed. Additionally, proactive ongoing monitoring and remediation of processes, such as back-up data storage and data replication, results in fewer IT issues and less downtime should a crisis occur.
- Test disaster recovery plan: An eWeek survey of more than 500 senior IT professionals revealed that a whopping 89% of companies test their disaster recovery/fail over systems only once per year or not at all, leaving their enterprises vulnerable to massive technology and business failures in the event of a disaster. An under-tested plan can often be more of a hindrance than having no plan at all. The ability of the disaster recovery plan to be effective in emergency situations can only be assessed if rigorous testing is carried out one or more times per year in realistic conditions by simulating circumstances that would be applicable in an actual emergency. The testing phase of the plan must contain important verification activities to enable the plan to stand up to most disruptive events.
- Perform off-site data back-up and storage: Any catastrophe that threatens to shutter a business is likely to make access to on-site data back-up impossible. The primary concerns for data back-up are security during and accessibility following a crisis. There is no benefit to creating a back-up file of valuable data if this information is not transferred via a secure method and stored in an off site data storage center with foolproof protection. As part of establishing a back-up data solution, every company needs to determine its "recovery point objective" (RPO) - the time between the last available back-up and when a disruption could potentially occur. The RPO is based on tolerance for loss of data or reentering of data. Every company should back-up its data at least once daily, typically overnight, but should strongly consider more frequent back-up or "continuous data protection" if warranted.
- Perform data restoration tests: Using tape back-up for data storage has been integral to IT operations for many years, however this form of back-up has not been the most reliable. Today, disk to disk systems are gaining popularity. With either type of system, the back-up software and the hardware on which it resides needs to be checked daily to verify that back-up is completed successfully and that there are no pending problems with the hardware. With tape back-up, companies need to store the tapes in an off-site location that is secure and accessible, while disk systems need to have an off-site replication if the back-up is not run off-site initially. Moreover, companies need to perform monthly test restoration to validate that a restoration can be accomplished during a disaster.
- Back-up laptops and desktops: Although many companies have policies requiring employees to store all data on the company's network, it is not prudent to assume that the policy is being followed. Users often store important files on local systems for a host of reasons, including the desire to work on files while traveling and the need to protect sensitive data from the eyes of even the IT staff. Backing up laptops and desktops protects this critical data in the event of a lost, stolen or damaged workstation. Using an automatic desktop and laptop data protection and recovery solution is ideal.
- Be redundant: Establishing redundant servers for all critical data and providing an alternate way to access that data are essential components of an organization's disaster recovery planning. Having these redundant services in place at a secure, off site location can bring disaster recovery time down to minutes rather than days.
- Invest in theft recovery and data delete solutions for laptops: IDC reports that more than 70% of the total workforce in the U.S. will be considered mobile workers by 2009. Accordingly, laptops are increasingly replacing the traditional desktop PCs. Unlike desktops, however, laptops are more easily misplaced or stolen, thus requiring organizations to secure data deletion and theft recovery options for their users' laptops. Theft recovery solutions can locate, recover and return lost or stolen computers, while data delete options can enable companies to delete data remotely from lost or stolen computers thereby preventing the release of sensitive information.
- Install regular virus pattern updates: IT infrastructure is one of those realities of business life that most companies take for granted. Companies often do not focus on email security until an incipient virus, spyware or malware wreaks havoc on employees' desktops. Organizations need to protect its data and systems by installing regular virus pattern updates as part of disaster recovery planning, which may even help prevent a crisis from happening.
- Consider hiring a managed services provider: For small- to medium-sized businesses, it is often cost prohibitive to implement a sound disaster recovery plan. Frequently these organizations lack the technical professionals to accomplish this. Managed services providers (MSPs) have emerged in recent years to perform this role. MSPs have the technical personnel to design, implement and manage complex disaster recovery projects. Additionally, MSPs have the server, storage and network infrastructure in place to manage a true disaster recovery plan. To keep costs manageable and make disaster recovery services, such as data storage and redundant servers, available to small- to medium-sized businesses, MSPs build shared, multi-tenant IT infrastructures that host multiple companies on the same hardware and network equipment which helps keep costs affordable and advantageous for its customers.