Nine tips to improve your disaster recovery strategy
Whether you have a well-rehearsed DR plan in place or are just starting out, here's how to take your strategy to the next level
It doesn’t matter how prepared we are, we live in a world where a disaster will unfortunately occur, whether that be a security breach, data corruption or hardware failure. So when fate does come knocking, it’s essential to have a disaster recovery (DR) plan in place so that everyone knows what to do, and the impact is reduced.
The Total Economic Impact™ of IBM Spectrum Virtualize
Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize
When creating a recovery plan, it’s important to consider all areas of business operations that could be disrupted by an unplanned incident. This includes data centres, networks, and even the cloud, all of which could negatively impact not only your employee experiences, but also your customers, and ultimately your income.
Having a structured DR plan can mean your business can minimise any destructive downtime in the short-term, and get operations back up and running quickly, which can also contribute to successful longer-term recuperation.
It’s all about identifying risk, deciding what apps and documentation are critical to the business, and ensuring there are backup procedures in place, all of which should be reviewed regularly.
So if you’ve already got a DR plan in place and need to review its core components, or if you’re looking to develop one for the first time, the following nine tips aim to guide you through your disaster recovery plan creation, and ensure your organisation is ready for when disaster strikes.
1. Have full documentation
Paperwork is never fun, but documenting your DR plan is a vital component of full, quick recoveries.
Documentation should include the purpose and methods of the recovery plan, the steps for each tactic, each role’s responsibilities, and the roles involved in each stage of the plan. Language should be clear and simple so that anyone could follow instructions, and senior management should sign off on a clear chain of command in case of a disaster.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Without a document of your strategy, it can be extremely disruptive if the person in charge of disaster recovery leaves the company or can’t be reached during a disaster, so this first step must be implemented right away.
2. Assess the risks
All the best-implemented things in business start with a risk assessment, and disaster recovery is no exception. A good DR strategy will consider all the functional areas of the business, asking what potential threats they face and what IT resources are relied on.
A full IT inventory and data audit can help with this task by identifying both critical software applications, and any hardware infrastructure needed to run them.
A risk assessment should also consider any issues that might affect external partners and service vendors, especially in cloud environments, which in turn will form the basis of your disaster recovery plan.
3. Drill for disaster
Having an evacuation strategy for your building won't stop a fire from happening, but regular fire drills mean that when the alarm goes off, everyone knows what to do and where to be, and will all theoretically get out safely.
A disaster recovery strategy needs the same treatment, with regular, periodic testing to ensure each process and system works as it should. Having an effective DR plan in place is the goal, but it's much more reassuring to know that it will be followed, should the worst happen.
4. Prepare for different disaster levels
There are many different types and scales of disaster, and sometimes just a small disaster can lead to a longer outage if organisations aren't prepared.
A good DR strategy will have different levels of response detailed for different levels of disaster, ensuring that smaller problems can get the right teams dealing with them straight away.
5. Consider the cloud
Yes, disaster recovery as a service (DRaaS) is a thing. Not all cloud-based disaster recovery systems are the same or work the same way; some offer cloud-based backup and recovery, while others use virtualisation to maintain a copy of your servers and applications, while data is replicated from production systems to the virtualised failover systems.
Cloud DR has its pros and cons, but as with many cloud-based services, it's accessible to a wide range of businesses without the upfront investment costs of backup and recovery hardware.
6. Prioritise resilience
Disaster recovery is one of the IT services organisations pay for in the hope it never gets used. That's why it's important to make resilience a guiding principle in your IT infrastructure.
Ensuring your infrastructure is resilient comes down to a combination of good practice and investment in technologies and services that both support the business and minimise any risk of failure.
The most important principle when aiming for resilience is to avoid having single points of failure. If a key application runs from a single server, and can only run from that server, then that's a potential weak spot.
As part of your disaster recovery strategy, assess the resilience of both the hardware and software in your organisation and see if there are any areas for improvement.
Failover connectivity, uninterruptible power supplies, backup generators and backup servers can all help reduce the risk of failure.
7. Evaluate security practices
Security is a separate topic in itself but is inextricably linked with your disaster recovery strategy. In theory, good security practices will minimise the risk of that DR plan ever having to be enforced.
Nonetheless, as part of a comprehensive DR strategy, potential weaknesses in security should be evaluated, and action taken if necessary to strengthen them, as well as a plan for what happens should particular defences be breached.
8. Revise and revisit
It's tempting to shelve your DR plan once it's all in place. But as quickly as new technologies are adopted, new staff come on board and situations within the business change, so the strategy should be revised.
If a new cloud technology is implemented for example, a disaster recovery plan should be updated with the specific strategy for that particular tool, including how and where the data is being backed up, and how to recover it.
9. Build a critical response team
A step-by-step recovery strategy cannot be implemented without the personnel needed to bring systems back online. A critical response team should include any external contacts, such as software vendors, in addition to existing internal staff.
The Total Economic Impact™ of IBM Spectrum Virtualize
Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize
Disaster recovery roles and responsibilities need to be clearly defined, highlighting the need for comprehensive documentation and training. Larger enterprises with more distributed resources and expertise will find themselves better able to action a recovery plan as they can leverage resources from multiple locations, depending on the type and location of disaster experienced.
Ironically, it’s best practice here to backup your backup team. Through ensuring that each role within the team has a shadow member, you can rest assured that in an untimely case of disaster, there is somebody who can still step in to fill the vacant role.
Communication across the team must also be considered. Having multiple ways of contacting each member, and having contact details clearly marked on the recovery plan itself can enable a rapid, effective response.
Esther is a freelance media analyst, podcaster, and one-third of Media Voices. She has previously worked as a content marketing lead for Dennis Publishing and the Media Briefing. She writes frequently on topics such as subscriptions and tech developments for industry sites such as Digital Content Next and What’s New in Publishing. She is co-founder of the Publisher Podcast Awards and Publisher Podcast Summit; the first conference and awards dedicated to celebrating and elevating publisher podcasts.