How To Create A Disaster Recovery Plan

Could your business withstand a catastrophe? if not, what can you do? Paul Rigby supplies the answers

Too many businesses still have a lackadaisical attitude about disaster recovery planning. It may be that too many of the disasters happened too far away, to other people. Furthermore, far too few news programs cover the long-term aftermath of disasters, in which businesses struggle (and all too often, fail) to get themselves back on their feet. That is not, however, to say that sobering information on the reality of the challenges of disaster recovery isn’t available.

Here are some troubling statistics from a range of national and independent sources

* 96% of all business workstations are not being backed up.

* 30% of small business will experience a natural disaster.

* 60% of companies that lose their data will shut down within six months of the disaster.

* 93% of companies that lost their data centre for 10 or more days due to a disaster filed for bankruptcy within one year of the disaster.

Having a contingency plan is a critical part of being a responsible business, whether you’re one of the top tech businesses in the world or one of the thousands of SMBs that make up the backbone of the economy. There’s no business that can safely avoid planning for the worst.

WHAT’S THE WORST THAT COULD HAPPEN?

Luckily, with a slew of technologies, including cloud services, mobile devices and virtualisation, small businesses have an abundance of tools and options to create and deploy adequate emergency preparedness policies and plans. Unfortunately businesses owners are bombarded with ads and pitches for disaster recovery wares to the point where they may become overwhelmed.

The first order of business is to stay calm and assess your needs. Take the time to thoroughly assess the types of disaster scenarios you need to plan for, so that you can understand what solution is right for you.

WHICH DISASTERS ARE MOST LIKELY TO STRIKE?

You should understand local threats. Some business need to be wary of increasing flooding while others, in an old mining area, for example, need to be wary of the sudden appearance of sink holes.

What data, hardware and software are of the utmost importance? This can help you rein in costs of deploying a disaster recovery solution. That database containing all of your customers’ information is important. That folder containing years and years of images from all the past office holiday parties is not.

What data can be accessed offsite without violating security? Which employees, partners, and customers must have access in an emergency? Most people now have company-issued or personal mobile devices. Include them in a contingency access plan.

After a preliminary assessment of your businesses’ disaster recovery needs, there are a series of steps you can take next to put your disaster recovery solution and strategy into place.

DOCUMENT YOUR DISASTER RECOVERY PLAN

This critical document should detail every conceivable emergency that could reasonably befall your organisation, pinpoint mission-critical applications and systems and be signed off by all key figures in your organisation.

PUT YOUR PLAN INTO EXECUTION

This is the legwork phase when you need to choose and implement the tools and technology needed to put a disaster preparedness plan into action.

Train, train, train. Having a solid disaster recovery plan doesn’t help your business if your employees don’t know it inside and out. Once you’ve decided on the equipment and services required to keep the lights on (even if it is at a remote location), it’s time to start training staff and holding emergency drill. Keep your plan up to date. It’s important to evaluate and tweak your contingency plans on a regular basis.

* Identify critical apps, systems and platforms.

You need to cut the meat from the fat when identifying which components of an infrastructure absolutely must be available in time of a disaster. Know every piece of software or hardware running in the infrastructure.

* Assessment and Implementation

This is where you need to start thinking about implementation. What data can be accessed off-site without compromising security?

For example, Cloud-based email services are available that can mirror existing e-mail systems. Having data replicated to a cloud storage provider can save time that would otherwise be spent retrieving that data from a physical, off-site location and then manually restoring it to servers. With a cloud solution, critical data can be accessed in almost real-time—if employees have Internet connectivity.

There are instances where a business can’t completely back data up to the cloud or at least can only implement a hybrid solution—with some data being backed up and other data remaining local.

In an emergency, the more disparate software deployed on more hardware, the more likely the case is for widespread damage and time involved in restoring systems. Virtualisation can be a powerful solution for this kind of problem. Consolidating physical servers to virtual machines means IT can create regular snapshots of server instances and easily restore those servers after a disaster. Some systems offer a unified cloud solution for SMBs that lets an organisation place every app, data and business-critical process in the cloud. In a disaster, the virtual infrastructure is ready to go when the on-premise infrastructure is not available.

POWER

Besides data and servers, there are more basic considerations to deal with in disaster recovery preparedness. One of the most common disaster scenarios is a loss of power—a disaster that every business should have plans for. All critical hardware should, of course, be running on Unlimited Power Supplies (UPS). UPS solutions can provide a period of uptime in case of power failure long enough to at least get an organisation to switch over to alternate disaster procedures. Regular checks and testing of UPS devices is critical.

TELECOMS AND REMOTE ACCESS

Internet providers and mobile carriers often experience extended downtime in disasters. While there is not much a business can do in the event of a serious disaster that may affect telecommunications in the immediate and surrounding areas, it’s worth having redundant Internet connections from different ISPs. That way, if one ISP’s network is down, a second ISP may still be online. A good disaster recovery plan documents how the infrastructure will fail over from one Internet connection to a second, redundant connection. The plan should outline regular testing of that failover connection.

The plan should also take into account how end users will access systems in an emergency. Many end users have company-issued or personal mobile devices that can be configured to remotely access the corporate network.

BACKUP

For many businesses at the smaller end of the SMB market spectrum, a solid backup plan may be all that is required to be prepared for a disaster. With storage available in unprecedented capacity, and the convenience of the cloud versus having to manage local storage, there really is no excuse not to have, at minimum, a robust data backup strategy. Many vendors offer automated backup of business data via the Internet, ideal for a small business that does not even have IT staff.

OFF-SITE CONTINGENCY PLANS

Still, many organisations want or need to keep data and systems on-premise. Let’s face it; many simply don’t want their data residing in the cloud. A significant portion still rely on backup to media with regular rotation of backup copies between the office and an off-site location for safe storage.

A final point, don’t scoff at the idea of backup beepers. Beepers will often work when cell phones don’t. In fact, many pager companies, long past their heyday, are re-marketing themselves as part of a company’s disaster planning solution.