Be prepared; it’s a mantra that has been ingrained in us since grade school, and being prepared and having a plan for the unexpected is incredibly smart. This is especially true for organizations. In a world where technology is essential to operations, the sheer volume of data being gathered by organizations is astounding. Some 2.5 quintillion bytes a day of data is accumulated worldwide! Being prepared to lose critical systems and services is something every IT professional should be ready for.
When disaster and disruption strikes, ensuring the necessary systems and information is available when you need it ought to be a top priority. Any organization that has prepared a disaster recovery plan knows it is a complex and expensive process; and considering what needs to be covered, and to what extent, always opens a proverbial Pandora’s Box. It is easy to become overwhelmed in the process.
Starting with your business workflow, understanding the scope of your needs and goals is vital to laying the foundation of your plan. Once that plan is in place, you can start to consider the proper sequence for things to come back and why. Knowing the “what” and then “why” leads to the “how”. So what are the key questions to ask as you begin the arduous process of crafting your plan?
What business systems need to be protected?
Prioritizing which business systems are protected, and in what order, helps to narrow down the vital needs of the organization during disaster or outage. Through identifying which systems need to be protected, you can get a better idea for the scale of recovery necessary, as well as what types of recovery options best fit for your goals. You might also consider what type of encryption key management should be implemented for these systems, and if the active directory depends on access for the encrypted storage. Also, take into account whether a management computer is needed to bring the network back up, and if the index and database for the backups is replicated, so it can be brought back before restoring from the backups can occur.
What is the Recovery Point Objective (RPO) for each system?
Having a clear picture of your RPO helps determine the maximum targeted period in which data might be lost. This gives systems designers a limit to work to. So, if the RPO is set to four hours, then in practice, off-site mirrored snapshots must be continuously maintained since a daily off-site backup will not suffice. Knowing the cadence to which you want systems to run, goes a long ways towards programming and implementing the plan you want in place.
What is the Recovery Time Objective (RTO) for each system?
Deciding on the ideal targeted duration of time from which a business process must be restored after a disaster or disruption is another consideration mandatory in an effective disaster recovery plan. This should include time for trying to fix the problem, the recovery itself, testing, and of course, the required communication to the users affected. Setting realistic expectations helps develop the procedures needed to achieve the desired result, while establishing the precedent should the recovery process need to be implemented.
No one expects disaster or disruption to strike, so when it does happen it can be devastating. Knowing you have a plan in place, when and if the time happens, offers piece of mind, organization in a potentially chaotic time, and can even save your organization a lot of time and money in the long run. While it takes a little forethought and effort to plan ahead, it is well worth it when considering the larger picture of what disaster and disruption would look like should you have to respond on the fly. Being prepared means being in control, and taking charge of your systems and being able to respond under pressure is what it is all about.