Category

Disaster Recovery

Category

Global warming, terrorism, DoS attacks (carried out on a computer system to prevent the access of its users to their resources), pandemics, earthquakes, viruses — all pose potential risks to your infrastructure. In the 2012 Global Disaster Recovery Index published by Acronis, 6,000 IT officials reported that natural disasters caused only 4% of service interruptions, while incidents in the servers’ installations (electrical problems, fires, and explosions) accounted for 38%. However, human errors, problematic updates, and viruses topped the list with 52%.

The 6 essential elements of a solid disaster recovery plan

Definition of the plan

To make a disaster recovery plan work, it has to involve management — those who are responsible for its coordination and ensure its effectiveness. Additionally, management must provide the necessary resources for the active development of the plan. To make sure every aspect is handled, all departments of the organization participate in the definition of the plan.

Priority-setting

Next, the company must prepare a risk analysis, create a list of possible natural disasters or human errors, and classify them according to their probabilities. Once the list is completed, each department should analyze the possible consequences and the impact related to each type of disaster. This will serve as a reference to identify what needs to be included in the plan. A complete plan should consider a total loss of data and long-term events of more than one week.

Once the needs of each department have been defined, they are assigned a priority. This is crucial because no company has infinite resources. The processes and operations are analyzed to determine the maximum amount of time that the organization can survive without them. An order of recovery actions is established according to their degrees of importance.

In this stage, the most practical way to proceed in the event of a disaster is determined. All aspects of the organization are analyzed, including hardware, software, communications, files, databases, installations, etc. Alternatives considered vary depending on the function of the equipment and may include duplication of data centers, equipment and facility rental, storage contracts, and more. Likewise, the associated costs are analyzed.

In a survey of 95 companies conducted by the firm Sepaton in 2012, 41% of respondents reported that their DRP strategy consists of a data center configured active-passive, i.e., all information supported in a fully set data center with the critical information replicated at a remote site. 21% of the participants use an active-active configuration where all the company’s information is kept in two or more data centers. 18% said they still use backup tapes; while the remaining 20% ​​do not have or are not planning a strategy yet.

For VMware, virtualization represents a considerable advance when applied in the Disaster Recovery Plan (DRP). According to an Acronis survey, the main reasons why virtualization is adopted in a DRP are improved efficiency (24%), flexibility and speed of implementation (20%), and cost reduction (18%).

Essential components

Among the data and documents to be protected are lists, inventories, software and data backups, and any other important lists of materials and documentation. The creation of verification templates helps to simplify this process.

A summary of the plan must be supported by management. This document organizes the procedures, identifies the essential stages, eliminates redundancies and defines the working plan. The person or persons who write the plan should detail each procedure, and take into consideration the maintenance and updating of the plan as the business evolves.

Criteria and test procedures of the plan

Experience indicates that recovery plans must be tested in full at least once a year. The documentation must specify the procedures and the frequency with which the tests performed. The main reasons for testing the plan are verifying its validity and functionality, determining the compatibility of procedures and facilities, identifying areas that need changes, training employees, and demonstrating the organization’s ability to recover from a disaster.

After the tests, the plan must be updated. As suggested, the original test should be performed during hours that minimize disruption in operations. Once the functionality of the plan is demonstrated, additional tests should be done where all employees have virtual and remote access to these functions in the event of a disaster.

Final approval

After the plan has been tested and corrected, management must approve it. They’ll be in charge of establishing the policies, procedures, and responsibilities in case of contingency, and to update and give the approval to the plan annually. At the same time, it would be advisable to evaluate the contingency plans of external suppliers. Such an undertaking is no small feat, but has the potential to save any company when disaster strikes.