With data becoming the lifeblood of every business, the need for companies to develop business continuity plans as well as evaluating disaster recovery solutions has never been more compelling.
For SMEs particularly, any extended loss of productivity can lead to the whole business being compromised. A frequently quoted finding from KPMG states that 40 per cent of companies suffering a major business disruption go out of business within two years as they are unable to recover from the long-term impact of the failure. For some organisations engaged in critical business areas such as medical, even the shortest of periods of downtime could be life dependent.
With October marking the start of National Cyber Security Month, Jamie Turner CTO of Postcode Anywhere shares his insights on how to cultivate an effective disaster recovery plan.
The job of a disaster recovery plan is to ensure that even in the biggest disaster, data can be recovered and mission-critical applications brought back online in the shortest possible time. It can be impossible to avoid certain system failures, but by ensuring you have reliable backup systems in place, you are protecting yourself as best as you can.
The first step is to ensure that the technology is working as it should – backups are automatic and reliable, auditing is automated via failover virtualisation, and all backups are replicated successfully to a secondary location. You also need to perform regular tests on these, to ensure not only that the data is easily recoverable, but that the process of doing this is familiar with all those involved and well documented.
Onsite backups are great for day-to-day recovery, but they can also be destroyed during a disaster. For this reason, you need to seriously consider a secondary off-site data storage solution. The ideal offsite location is distant geographically so it remains unaffected by large-scale disasters, such as earthquakes, hurricanes or even power cuts.
If you data isn’t being backed up and replicated to an offsite location, you are simply putting all your eggs into one very unreliable basket. The answer is to get a few baskets, spread those eggs around and assume you’ll lose some along the way. Things always break, no matter how hard to try to stop that happening, so the best way to ‘survive’ is to assume that’ll happen and incorporate it into your plans – that way when the worst happens you’ll be ready.
It’s equally important to have more than one completely autonomous data centre with automatic failover between the servers and data centres. This provides an added layer of redundancy so that even a catastrophic failure of a data centre can be tolerated. Information will still be accessible via the secondary site, traffic will simply re-route to the other data centre and business operations can carry on as usual. This has helped us to achieve our 100% service ability.
You could also consider a contract with a cloud service provider who will provide you with the ability to operate servers from the cloud, in the event of a major failure at your main site. At the budget end of the scale, cloud providers like Amazon and Microsoft Azure allow you to switch to their standby servers in the event of a disaster – these can be preconfigured, and started up in a relatively short timeframe to get your service up and running again. Additionally, you only pay for their servers when you’re using them which will help keep the cost to a minimum.
Not performing DR testing is probably the biggest disaster of them all. Regular error testing is critical to ensure that your backups are viable and can be successfully restored in the event of a problem. Services need to be checked, diverse routes verified and staff prepped to ensure your business can still preform as usual. The only real measure is to conduct a full disaster recovery test. In the case of an emergency, properly thought out and tested plans can make the all the difference.
Implementing an effective DR strategy doesn’t have to be difficult or resource heavy. Functional backup technology, detailed plans and continuous testing is all you need to prepare for failures. And as the old-adage goes, failing to prepare is preparing to fail.