Last week, in Disaster Recovery – Part 1, we looked at some of the reasons why many businesses don’t have an effective disaster recovery plan in place. Cost, lack of resources, lack of awareness, and overconfidence all contribute to unpreparedness when faced with a disaster. In part 2 of our look on disaster recovery (DR), we’ll discuss ways that businesses can improve their DR strategy.
Two key components of a disaster recovery plan are recovery point objectives (RPO) and recovery time objectives (RTO). Techopedia defines RPO as the maximum acceptable amount of data loss measured in time. For instance, if IT sets the RPO to 60 minutes, then a backup of the system must be completed every 60 minutes. RTO on the other hand, is defined as the maximum length of time allowed between an unexpected failure or disaster and the resumption of normal operations and service levels. For example, if IT sets the RTO to 120 minutes, then if a crucial server fails and stops operations, it should take no more than 120 minutes for a secondary server to take over the duties of the failed one and allow the operations to be up and running again.
That leads us to our first point of disaster recovery planning:
Determine an acceptable RPO and RTO - This is one of the most challenging steps of DR planning. Costs prohibit most businesses from getting anywhere near the targets they’d ideally like to see of zero data loss, but not investing enough can also carry significant financial ramifications. Depending on the industry, downtime can cost a business anywhere from $90,000 per hour (media sector) to $6.48 million per hour (large online brokerages).
To determine an acceptable RPO and RTO, input from all areas of the business should be sought out. Use information gathered to determine the cost of downtime per hour. With the help of finance, determine how much downtime your business can afford and conduct a cost-benefit analysis weighing the expenses involved with improving RPO and RTO with the lost income that results from downtime. This way, you can determine the right RPO and RTO for your business.
Build redundancy into your infrastructure - When it comes to redundancy, you can never be too paranoid. Fans, hard drives, uninterrupted power supplies, switches, etc. should all be made redundant in your network and data center setup. Though it’s more costly, it drastically improves the reliability of your systems. This way, there is no single point of failure that can bring down your entire operations.
Backup offsite – Sending backup copies of your data offsite is another important element of a disaster recovery plan. A staff member can be tasked with bringing copies of tape or disks containing backup data to a secure offsite vault on a regular basis or data can be backed up remotely via the cloud and saved to the secured servers of the service provider. This prevents data loss in the case of onsite flooding, fires, tornadoes, or any other damage that occurs to the data center. Symantec, a market leader in backup technologies offers backup to disk and backup to cloud solutions (below) to businesses of all sizes.
Test your plan - A good plan is worthless if, when the time comes to use it, individuals aren’t prepared. Once you’ve chosen a good backup product and put into place the correct DR protocols, it’s time to test out your solution. John Butters, a partner at Ernst & Young suggests businesses test everything. “The closer a test is to simulating a real-life incident the better, although this can be both expensive and unpopular,” Butters writes. “The more rehearsals there are, the greater the likelihood that people will respond correctly when the real thing happens.” Butters also recommends having independent reviewers with DR experience on hand to help assess the test and provide unbiased feedback. This allows IT to be better prepared should a real-life disaster occur.
We want to hear from you! Does your business do DR testing? Tweet us @NapkinBetaBeyond.