Disaster recovery is one of those tasks that people often leave until tomorrow. Unfortunately, tomorrow turns into next week, or next year. If fire, flood, or ransomware come first, you'll wish you'd have addressed this critical task sooner. Here's how to create a killer disaster recovery plan that will help give you peace of mind.
Begin by understanding what you need to preserve and restore in the event of a disaster. That will cover your files and applications whether they're running on-premises or in the cloud, but it will also include other aspects of your business. Consider your communications infrastructure and your facilities. How will people talk to each other, and where will they work?
Evaluate every asset on your list to determine how important it is to the ongoing health of your business. Hopefully everything will have some importance (and if it doesn't, that's a great opportunity to rethink it).
Some systems will be more critical than others, such as production systems vs software development servers. Consider putting them into three tiers to reflect high, medium, or low importance. This should give you an idea of your risk level and therefore how to fold them into a recovery plan.
Modern businesses are increasingly dependent on each other, and you will undoubtedly rely on several vendors and service providers for critical elements of your business. Identify these services and assess their importance, too. Contact the vendors and ask them about their recovery plans. How will they protect those services in the event of a disaster, and what can they do to bring them back online if they go down?
This is where you set out the goals for your disaster recovery plan. Consider your recovery time objectives (how long it will take to bring a service back online) and your recovery point objectives (how recent the point is that you want to restore).
It might be fine to back up some systems, such as contact management databases, every week or two. Others, such as product ordering systems, might need backups every day or even every hour or less. Define these parameters for each application and its data so that you can build backup and recovery processes to restore them.
Some systems might be so critical that you can't afford to have them go down at all. That's when you must start considering redundant systems, along with offsite replication in which applications simply switch over operation.
Create the technical infrastructure that you'll use to back up your data. This includes not only the software to back up your systems, but also the backup frequency and the location and media that those files are stored on.
Consider versioning options when creating your backup scheme. A single backup file will be no good if you back up corrupt data to it, so it's best to create multiple versions that you can restore independently.
Traditional backups relied on a grandfather/father/son backup rotation producing periodic full backups that were sent to a long-term archive. These days, progressive models are more popular, making one full backup and then just storing changes to files.
Progressive backups are the basis for most disaster recovery as a service (DRaaS) offerings, which store data in a cloud-based data centre. These enable companies to back up data off-site for security and resilience without having to handle physical media, and they also make it easy to configure backup options and restore data from a single web interface.
People are an important part of the disaster recovery process. Ensure that you have a list of personnel (and contingencies where possible) who are responsible for getting the necessary assets back up and running. This includes internal IT people but also vendors, service providers, and facilities managers. Everyone should be able to respond quickly to a disaster by executing the recovery playbook.
A disaster recovery plan is only useful when it's reliable. If you haven't tested the plan and can't be sure that it works, your company could suffer. As your IT infrastructure grows and changes over time, it might outgrow the capabilities of your original disaster recovery solution.
Build regular test drills into your schedule to be sure that things still operate as planned. This will be far easier with DRaaS systems that will allow you to check the health of replication jobs on the fly and automate the recovery process for you.
Disaster recovery is a lot like politics: it's supposed to be a bit dull. When things get exciting, it's generally because something bad has happened, and that's when you want everything to run smoothly. By creating a disaster recovery plan now, you'll make it easier to get back to business as usual when things get interesting at the office.