Disaster Recovery Planning For Organizations
June 15, 2020
A disaster recovery plan is a document that protects an organization from the effects of unforeseen catastrophes. It is a major part of any company’s business continuity plan, focusing mainly on its IT infrastructure and system when a calamity affects the business’s function. Be it a natural disaster, cyberattack, or power outage, a disaster recovery plan assists a company with mitigating the risk, recovering effectively, and resuming critical functions without major revenue loss.
Business continuity is often associated with disaster recovery. However, the terms are not interchangeable, as disaster recovery is only a part of the former, which focuses on keeping all operational aspects running even during an incident. Disaster recovery solutions are thus critical for every organization since they are the main pillar of business continuity.
IT system downtime affects an organization both in operations and revenue. It causes an average loss of $300,000 per hour or $5,600 every minute, according to Gartner. The number goes up for larger organizations. A severe impact can be felt in the company’s bottom line with different teams being brought in to handle the damage to infrastructure and employees unable to work normally.
Over 90% of companies whose data centers have been compromised following a disaster file for bankruptcy a year after the incident, according to the National Archives and Records Administration. Now, more and more enterprises are paying attention to disaster recovery services and disaster recovery software to handle anything that might strike and hurt the business. Also, the market size of disaster relief as a service is expected to go up to $9.5 billion between 2018 and 2022.
Elements of disaster recovery
Any disaster recovery plan should include some key elements.
Extensive inventory details: It is important to have the complete inventory of all applications, software, and hardware being used. These should be categorized based on their importance. Including the details of each equipment and a list of passwords to access data backups, CRM systems, and Cloud-based programs also helps.
Know your responsibilities: Disaster recovery solutions will only work if the individuals involved know their role in such scenarios. Individuals should be listed with their assigned duties and contact numbers and emails. There must also be a list of backup individuals in case someone is unavailable.
Communication channel: Communication among those associated with disaster recovery is crucial. A disaster could render traditional modes of communication unreliable. So, alternative communication methods, both formal and informal, are essential.
Suppliers and service providers: The plan needs to outline if any service provider or vendor assistance is available during a disaster under an agreement. In case they do, they should work with the organization to help resolve the issue as quickly as possible.
Regular testing and reviews: It is critical to regularly review the disaster recovery plan to note any change in equipment details and passwords. Also, it’s imperative to confirm whether the individuals listed under the recovery plan are still with the organization. As technology evolves, a lack of accurate information can hamper the plan. So, companies must carry out disaster recovery verification as a drill on a regular basis to keep themselves well-prepared and equipped when a tragedy strikes.
Reviewing Disaster recovery plan
Organizations must consider the disaster recovery trends for 2020 before making a plan for the year. Few points to take into account while reviewing are as follows:
RTOs and RPOs: Downtime in certain systems are more costly compared to others. Setting a Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for every workload is necessary to save money in case of a disaster.
Meeting recovery objectives in the plan: Once the RPOs and RTOs have been set, it is vital to understand whether the solutions outlined in the plan will meet the underlying objectives.
Testing solutions: The disaster recovery plan must be tested from time to time to gauge its effectiveness. The disaster plan envelopes not just physical sites but also Cloud-based sites. So, it’s preferable to assess both regularly to ensure the solution works as expected.
Security and compliance: Failover sites need to match the security and compliance requirements of the main production site. Different pages such as on-premise private cloud and cloud-based resources on AWS pose different challenges and require varying skillsets to maintain and configure. Hence, disaster recovery software must be evaluated across similar sites to comprehend their effectiveness.
Outsourcing: If any of the above methods have helped in identifying gaps in your disaster recovery plan, you can outsource the work to a DraaS (disaster recovery as a service) provider.
Changes to DR plans in 2020
Disaster recovery strategies will see some significant changes starting 2020 as organizations prepare themselves for the novel methods of cyberattacks.
Island Hopping Cyberattacks: Island hopping is the process of undermining a company’s cybersecurity by targeting its vulnerable network partners instead of attacking it directly. Half of all cyberattacks are now island hopping. Such threats pose a challenge as they often result in multiple changes being made to the infected environment. The increased possibilities of these attacks can render organizations alert to the importance of a proper disaster recovery and verification plan to restore the environment and ensure productivity and security of operations.
Data awareness: Another prospect of disaster recovery is for the organization to know what data it stores. The General Data Protection Regulation and the California Consumer Privacy Act (CCPA) allow users to request firms to either delete their data or make sure it doesn’t come back into production. Information stored within the backup process isn’t immune to these regulations. With CCPA becoming a law this year, organizations must be aware of what data their backups harbor.
DR for heterogeneous environments: A specific factor that will have a deep effect on backup and disaster recovery solutions is the ability to search for specific sets of data. With data being stored in countless backups across varied mediums, dependency will be high on the disaster recovery software to meet this need. This feature will help organizations know which data is stored where, thus aiding in DR efforts.
Novel market forces will have significant effects on the disaster recovery industry this year. In order to safeguard and use their business-critical information, companies should implement a tactic prioritizing compliance and security.