The COVID-19 crisis has brought business continuity and disaster recovery planning to the forefront. After witnessing brick-and-mortar businesses collectively close their doors for the first time in decades, today’s organizations need to re-think how they operate, not only in the sense of teleworking, but also in how they can keep their IT systems afloat in times of uncertainty and disaster.
For example, in the wake of initial stay-at-home orders across the United States, unemployment skyrocketed and a rush of people tried to access unemployment service websites, causing widespread system outages.
Your organization needs to be prepared for these kind of disruptions to stay resilient.
While business continuity encompasses a broad continuation of your organization’s operations, from business processes to crisis management, a disaster recovery plan is primarily concerned with systems, data and applications.
Read more to discover how you can architect the right disaster recovery plan for your organization.
Identifying the right recovery plan for your organization
When creating your plan, you should consider the following:
Where is your business located? When choosing backup data centers, take advantage of cloud technology in the digital age — store data in a secure, remote location that isn’t vulnerable to the same threats. If your main storehouse is located in a region with electrical outage issues, create a backup site at a location without one. Maybe you’re on the coast of the southeastern United States, and hurricanes are a concern. You not only want to find a backup location that doesn’t have hurricanes, but one that doesn’t have disasters during the same time of year. Maybe you could put your second data center in Seattle, where the chance of a hurricane is lower.
Nature of business:
what kind of business do you run? This will help you greatly in prioritizing where to allocate recovery resources. If you’re an online retailer, keeping your website up is an essential part of your business. If you’re a hospital, having access to patient records and ensuring your phones are working might be more important than your publicly facing website.
Whatever system, applications or data you set up for recovery needs to account for industry regulations. Take for example, the finance industry. Finance records need to be stored on write once, read many storage in order to comply with the Sarbanes-Oxley Act, a law designed to promote accurate recordkeeping in the industry. To comply, you’d need to make sure any backups you create enable you to meet this regulatory need.
RTO and RPO
A disaster recovery plan needs to meet two established thresholds — recovery time objective and recovery point objective. Your organization should set these thresholds based on business needs.
quantifies the amount of data you’re willing to lose, by establishing a minimum data backup point. The backup systems you choose play a large part in determining whether you can meet a particular RPO. For example, snapshots of a system’s current state will likely be less frequent, and thus more out-of-date, than a cloud system that replicates data in real time.
quantifies the amount of time a system can be down before it causes a significant business impact. Not all systems are required equally, so you’ll need to prioritize. For example, an online retailer will likely prioritize its customer-facing website over its employee intranet.
As far as recovery options, a cold standby (a backup of your system not currently running) will need to be “spun up” and is thus much slower than having an active-active cluster of solutions (in which different instances of the system are spread out geographically and always running.)
Building a comprehensive disaster recovery strategy
As important as they are, disaster recovery plans are only a part of a larger business continuity management strategy you should be deploying across your organization.
Check out our guide
to get the latest insights on how to stay prepared for any crisis that comes your way, and keep your business moving.