With businesses of all sizes being increasingly threatened by sophisticated cyber criminals, disaster recovery (DR) has taken on a growing importance on the list of business priorities over the last few years.
IT disasters are not limited to cyber-attacks, however. Hardware failures, human errors, power outages and natural disasters such as hurricanes or earthquakes also have the potential to disrupt business processes and put valuable data at risk.
This highlights the need for businesses to take steps to ensure that any downtime can be minimized and the good news is that businesses are responding. According to a recent study from Spiceworks, a massive 95 percent of organizations have a disaster recovery plan in place, with 90 percent including data integrity and backups in their DR plans.
Other areas covered include maintaining network and internet connectivity (62 percent), power/electricity continuity (57 percent) and local server/application uptime (57 percent). However, only 28 percent of businesses include cloud or hosted services in their DR plans, which is surprising given how many firms now rely on cloud-based platforms.
What this reveals is that there isn’t a one-size-fits-all approach to disaster recovery and businesses need to invest in identifying their unique needs and make sure they are picking a DR solution that best suits their specific requirements.
Finding the right fit
The first question businesses need to answer is, ‘how do I want my DR solution to fit into my existing infrastructure? Generally speaking, most businesses exploring disaster recovery solutions fall into one of three buckets – organizations that have physical data centers and want their DR to sit on this physical infrastructure, organizations that have physical data centers but want their DR solution to be in the cloud and organizations that want their data center infrastructure and DR to be cloud-based.
For organization that store their data on physical data centers and want DR to sit on this physical infrastructure, they often require a separate replica environment that is able to deliver all or part of the customers’ services. This can be a costly approach, as businesses have to factor in the costs associated with maintaining the facility, paying for power and purchasing additional hardware.
The other categories - organizations that have physical data centers but want their DR solution to be in the cloud, and organizations that want their data center infrastructure and DR to be cloud-based – both rely on a cloud provider’s data center as a recovery site.
Although there are positives and negatives of each approach, cloud-based systems are proving to be the most cost-effective and efficient way of minimizing the impact of an incident. However, as previously mentioned, the most effective disaster recovery plan is one that caters to the business’s specific needs.
Understandably, the processes and solutions needed to implement disaster recovery in these three environments – i.e. on-premise, hybrid, or cloud – will be different. Depending on the organization’s requirements, a plan can be drawn up, taking into account the nature of the different infrastructures that need to be protected and the business impact of downtime.
So, what do businesses need to keep in mind when drawing up a DR plan and how can they make sure they choose the right solution?
Planning for disaster
For any disaster recovery strategy, the first step is to match business applications to service-level objectives, of which there are two specific measurement parameters: recovery point objective (RPO) and recovery time objective (RTO).
RPO indicates the data loss tolerance of business processes in case of a disaster (i.e. the amount of data loss than can be accepted to business requirements), while RTO represents the time required to restore business services after an outage. Different apps will have different requirements depending on their importance and the type of business. For example, major online retailers such as eBay or Amazon will require their core e-commerce systems to have low RPOs and RTOs, whereas the ‘accounts reporting’ app in a smaller business may be able to be offline for up to 24 hours.
By mapping their environment and analyzing the risks and requirements of specific applications, businesses can identify the DR solution – or solutions – that will be the most effective in meeting RPO and RTO parameters. They might realize that an on-premise approach best aligns with future objectives, or that moving everything to the cloud is the best way to meet their customers’ needs.
Businesses may also have to consider the level of technical skills available internally. While this is unlikely to be an issue in bigger organizations that have large IT teams, smaller companies that simply don’t have access to the required skills may have to opt for a managed cloud-based DR service.
Ultimately, it’s vital to remember that different requirements require different approaches. Implementing the right disaster recovery solution comes down to meeting specific needs, so businesses have to analyse their infrastructure and take these needs into account.
In this age of continuous availability expectations, businesses simply cannot afford to fall victim to downtime. Businesses must certainly invest in solutions to prevent disasters but on the unfortunate occasion when those solutions are not able to prevent the disaster from happening, businesses must be prepared to respond immediately – or risk the wrath of unhappy customers.