Nine tips to improve your disaster recovery strategy
Whether you have a well-rehearsed DR plan in place or are just starting out, here's how to take your strategy to the next level
No matter how many measures an organisation takes to protect its resources, it’s inevitable that some failure, breach, or other catastrophe will eventually happen. And when it does, it’s better to be prepared rather than scrambling to both decide and implement a plan.
With nearly every modern business reliant on data and IT infrastructure, a disaster recovery (DR) plan is an essential component of business operations. Disasters can range from cyber attacks to hardware failures to minor power outages, all of which cause downtime that opens up an organisation to bad customer and employee experiences, damaged reputation, and decreased bottom line.
With a solid DR plan, though, a business can get back on its feet more quickly and significantly reduce damage. Whether you’re just starting out with your disaster recovery strategy or you’ve already got one in place you’re seeking to improve, these nine tips will elevate your plan and aid speedy recovery from any type of disaster your organisation encounters.
1. Have full documentation
Paperwork is never fun, but documenting your DR plan is a vital component of full, quick recoveries.
Documentation should include the purpose and methods of the recovery plan, the steps for each tactic, each role’s responsibilities, and the roles involved in each stage of the plan. Language should be clear and simple so that anyone could follow instructions, and senior management should sign off on a clear chain of command in case of a disaster.
Without a document of your strategy, it can be extremely disruptive if the person in charge of disaster recovery leaves the company or can’t be reached during a disaster, so this first step must be implemented right away.
2. Assess the risks
All the best-implemented things in business start with a risk assessment, and disaster recovery is no exception. A good DR strategy will consider all the functional areas of the business, asking what potential threats they face and what IT resources are relied on.
Incident response guide
How to create a plan for responding to a cyber security attackDownload now
A full IT inventory and data audit can help with this task by identifying both critical software applications, and any hardware infrastructure needed to run them.
A risk assessment should also consider any issues that might affect external partners and service vendors, especially in cloud environments, which in turn will form the basis of your disaster recovery plan.
3. Drill for disaster
Having an evacuation strategy for your building won't stop a fire happening, but regular fire drills mean that when the alarm goes off, everyone knows what to do and where to be, and will all theoretically get out safely.
A disaster recovery strategy needs the same treatment, with regular, periodic testing to ensure each process and system works as it should. Having an effective DR plan in place is the goal, but it's much more reassuring to know that it will be followed, should the worst happen.
4. Prepare for different disaster levels
There are many different types and scales of disaster, and sometimes just a small disaster can lead to a longer outage if organisations aren't prepared.
A good DR strategy will have different levels of response detailed for different levels of disaster, ensuring that smaller problems can get the right teams dealing with them straight away.
5. Consider the cloud
Yes, disaster recovery as a service (DRaaS) is a thing. Not all cloud-based disaster recovery systems are the same or work the same way; some offer cloud-based backup and recovery, while others use virtualisation to maintain a copy of your servers and applications, while data is replicated from production systems to the virtualised failover systems.
Cloud DR has its pros and cons, but as with many cloud-based services, it's accessible to a wide range of businesses without the upfront investment costs of backup and recovery hardware.
6. Prioritise resilience
Disaster recovery is one of the IT services organisations pay for in the hope it never gets used. That's why it's important to make resilience a guiding principle in your IT infrastructure.
Ensuring your infrastructure is resilient comes down to a combination of good practice and investment in technologies and services that both support the business, and minimise any risk of failure.
The most important principle when aiming for resilience is to avoid having single points of failure. If a key application runs from a single server, and can only run from that server, then that's a potential weak spot.
As part of your disaster recovery strategy, assess the resilience of both the hardware and software in your organisation and see if there are any areas for improvement.
Failover connectivity, uninterruptible power supplies, backup generators and backup servers can all help reduce the risk of failure.
7. Evaluate security practices
Security is a separate topic in itself but is inextricably linked with your disaster recovery strategy. In theory, good security practices will minimise the risk of that DR plan ever having to be enforced.
Nonetheless, as part of a comprehensive DR strategy, potential weaknesses in security should be evaluated, and action taken if necessary to strengthen them, as well as a plan for what happens should particular defences be breached.
8. Revise and revisit
It's tempting to shelve your DR plan once it's all in place. But as quickly as new technologies are adopted, new staff come on board and situations within the business change, so the strategy should be revised.
If a new cloud technology is implemented for example, a disaster recovery plan should be updated with the specific strategy for that particular tool, including how and where the data is being backed up, and how to recover it.
9. Build a critical response team
A step-by-step recovery strategy cannot be implemented without the personnel needed to bring systems back online. A critical response team should include any external contacts, such as software vendors, in addition to existing internal staff.
Disaster recovery roles and responsibilities need to be clearly defined, highlighting the need for comprehensive documentation and training. Larger enterprises with more distributed resources and expertise will find themselves better able to action a recovery plan as they can leverage resources from multiple locations, depending on the type and location of disaster experienced.
Ironically, it’s best practice here to backup your backup team. Through ensuring that each role within the team has a shadow member, you can rest assured that in an untimely case of disaster, there is somebody who can still step in to fill the vacant role.
Communication across the team must also be considered. Having multiple ways of contacting each member, and having contact details clearly marked on the recovery plan itself can enable a rapid, effective response.
How to choose an AI vendor
Five key things to look for in an AI vendorDownload now
The UK 2020 Databerg report
Cloud adoption trends in the UK and recommendations for cloud migrationDownload now
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID worldDownload now
The impact of AWS in the UK
How AWS is powering Britain's fastest-growing companiesDownload now