Nobody wants to buy insurance. Many think of it as buying a pair of nice shoes you know you're never ever going to wear or splashing out on a sports car that will only ever stay in the garage.
However, when we stop and think about it insurance makes sense. It's the one financial outlay we're willing to make for no return. We don't even want to have to use our insurance because that would mean something bad had happened.
Switch up that thinking to a business context and the potential pain, complexity and stress-induced decision-making ante is upped significantly.
Big vs small(er)
Larger organisations generally take this really seriously. They often have a whole team dedicated to creating a backup and DR strategy and then testing and tweaking it accordingly so it remains fit for purpose should the worst ever happen.
However, the picture isn't quite as clear-cut for smaller businesses. For SMBs, the IT manager is often a lonesome figure who has a big weight on their shoulders and not much help they can rely on from elsewhere in the business. Or, it may be the business is so small it has no internal IT resource and is completely at the mercy of an MSP.
Whichever small business scenario is in play, one thing is clear: Burying your head in the sand about disaster recovery and business continuity is a hiding to nothing. A lack of clarity or even consideration here could kill your business. That's if someone else doesn't try first because they can easily see your weak points.
DR in action
No one is born with the DR gene. It's not something you can manufacture either, it's something you have to learn. And you can only really learn about the DR needs of a business once you know that business intimately.
Once you've established the basics (such as knowing what downtime means to your organisation, your customers and your industry and what is deemed acceptable') you can the go about making sure you've satisfied the DR consideration checklist, which includes asking questions about the following in relation to your business:
- Bare metal DR
This is where data is restorable to dissimilar hardware to speedily recover a full system. - Data archiving
Creating a way to easily search, tag, archive and retrieve/restore data and files when required. This also ticks the compliance box too. And is made even easier when hybrid cloud is added to the mix. - Hybrid cloud recovery
Talking of hybrid cloud, if you (or your MSP) opts for a DR strategy and solutions that blend cloud and on-premise you will definitely have the best of both worlds because you can then opt for whichever backup will be the fastest. - Secure data storage
Regulations don't just exist for the fun of it. And compliance with key security and other regulations is key. SSAE and ISO certification compliance in addition to the appropriate level of encryption (AES 128-bit, AES 256-bit or 448-bit Blowfish), for example, whether by you or your chosen partner, need to be top of the agenda. - Virtual DR
Being able to bring back what was a virtual or physical compute instance onto a virtual server can lower costs and increase efficiency so it should be considered where it will be of most value to the organisation.
The importance of pretending
Role-playing is a very common technique used in job interviews and in sales pitches. And it has a vital role to play when it comes to most IT instances, not least DR.
There are some scenarios where you can really play out what might happen and what you might do, or at least attempt to do. But, of course, there will always be those you really didn't see coming. But what you can do is have a really good plan B in place so things remain at least in a state of organised chaos rather than a complete shambles while you figure things out.
A good way to do a DR health check on your business is to regularly carry out the tech equivalent of fire drills. During a company fire drill, people behave as much as they can as if the fire alarm has been triggered for real.
You have fire marshals, a code of conduct and an assigned meeting place to check everyone is accounted for. It makes complete sense to do this for IT too. You should offer clear guidance at both a business and technical level as to what will happen should a disaster occur. And then map out the different responses to different types and levels of disaster. That way everyone knows where they stand, at least in theory. And that's one step closer to disaster recovery rather than disaster destruction.
Seeking out the DR MSP truth
If you're an SMB reliant on an MSP's help you need to be confident that they have their house in order when it comes to backup and DR too. It's absolutely possible to be unprepared by association and that will be the case for you if your MSP hasn't dotted the Is and crossed the Ts in this respect. So consider it your right to ask serious questions of your MSP about their backup and DR strategies and what battle planning and pen testing scenarios they have in place. If you don't, by the time you do ask the question, you'll already know the unfortunate answer.
This is an independent article written by IT Pro, sponsored by SolarWinds MSP to celebrate thought leadership in IT. Learn more about SolarWinds MSP's Backup & Recovery and enjoy a free 30-day trial by clicking here.
