Avoid Catastrophe! Follow this Guide to IT Disaster Recovery Management

This post was originally published at https://invenioit.com/continuity/disaster-recovery-management/

Everything You Need to Know About IT Disaster Recovery Management

For businesses, there are a variety of potential disaster scenarios that require preparation. Among the most common of these are: infiltrations by hackers, loss of access due to malware or ransomware and unintentional data-loss events. Depending on where the business is located, you might face a greater risk for certain types of natural disasters, such as coastal flooding, hurricanes, tornadoes, wildfires or earthquakes.

Given both the complexity and potential expense of implementing a comprehensive?disaster recovery management plan across the entirety of their IT network, many businesses opt to employ a?third-party solution. This option greatly simplifies the process for many businesses. It also often proves to be the most cost-effective option for ensuring complete security and recovery capability.

Why is Disaster Recovery Important?

Businesses must be able to quickly recover from a disaster. A prolonged operational disruption significantly increases the risk that the business will not recover from the event—ever.

Consider these alarming statistics from the U.S. Federal Emergency Management Agency (FEMA):

·??????40% to 60% of businesses never reopen their doors after a major disaster.

·??????90% of small businesses that are unable to recover within 5 days typically shutter completely within a year.

·??????After 2 years, only 29% of businesses that initially survived the event are expected to be still operating. The rest are forced to close their doors.?

What are the Costs of a Disaster?

Any disruption, no matter how short, can be extremely costly. According to statistics reported by Datto, a single hour of downtime can cost between $10,000 to more than $5 million, depending on the size of the company.

Consider that most disasters will take hours, if not days, to recover from. A data-loss event, for instance, takes an average of 7 hours for businesses to resume normal operations. And 18 percent of IT managers say that recovery can take 11 to 24 hours, if not longer.

Where do the costs add up?

·??????Idle workers?who continue earning wages but are unable to perform their job duties because of the disruption. A prolonged productivity loss can be extremely costly.

·??????Physical damage?to infrastructure, equipment or the building itself, as in the case of severe natural disasters.

·??????Lost revenue?due to the curbed operations or an inability to collect or process payments or deliver products to market.

·??????Complex data recovery?that requires hiring additional outside resources and specialists.

·??????Repair or replacement?of technology components, such as hard drives, network hardware or other equipment.

·??????Reputation damage?that can occur if customers, clients or vendors perceive the business is not secure or at risk of further disruptions in the future.

Businesses can significantly curb the costs of a disaster in each of these categories by making sure it can recover more quickly after a disruption. That is why disaster recovery management is so important.

A Disaster Recovery Planning Foundation

Disaster recovery planning is virtually impossible without an understanding of the risks posed to your business.

First, you must determine what kinds of disasters are likely to affect the business, what they look like and how they might disrupt operations. Only then are you able to adequately implement protocols and systems that ensure you can rapidly recover from those specific disasters.

If you have a business continuity plan (and you should), then all of this should already be spelled out in an extensive risk assessment and business impact analysis. Your disaster recovery plan (DRP)—outlining the specific recovery methods and technologies—would thus be built onto that foundation.

What to Consider in Your Planning

Disaster recovery planning is often focused on IT-related disasters, such as data loss, though the term can technically refer to a wide range of disruptions.

For the purposes of this post, let’s focus for a minute exclusively on the data backup side of recovery planning, which is commonly grouped under the larger umbrella of BC/DR (business continuity and disaster recovery).

When data loss occurs—whether due to cyberattack, ransomware, hardware failure or some other threat—businesses must recover it as quickly as possible to avert a prolonged operational disruption.

To facilitate that recovery, these components need to be considered within your planning:

·??????RPO (recovery point objective): RPO is a threshold for setting the maximum allowable age of the most recent data backup, i.e. 12 hours. An aggressive RPO minimizes data loss by ensuring that a recent backup is always available.

·??????RTO (recovery time objective): RTO is a threshold for setting the maximum allowable time for recovery, i.e. 2 hours. For example, if you wanted to ensure the business could recover from a data-loss event within 60 minutes, you would set an RTO of 1 hour.

·??????Technologies: These are data backup systems that make your recovery objectives achievable. You can’t set an aggressive RPO or RTO without the technology to make it possible. You’ll need to identify systems that can provide your desired backup frequency and recovery speed, while also minimizing the risk of a failed restore, corrupted data, etc.

·??????Protocols: These are the procedures for performing the recovery (and who will administer it). This is the step-by-step plan that must be followed to ensure that recovery objectives are met.

·??????Testing: Ongoing testing of backup systems and mock recoveries help to ensure that data will be successfully restored without error in a real-world event.

Who Should Manage Your DR Strategy?

With so many components to disaster recovery planning and implementation, businesses face an important question: should they manage it all in-house or get help from third-party specialists?

Every business, no matter how small, should have some form of DR plan. But not every business has the resources to develop a comprehensive recovery strategy, let alone deploy and manage the right tech solutions.

Somebody needs to write and update the plan, perform the risk assessment, calculate the business impact analysis, research the latest BC/DR solutions. Implement it. Maintain it. Test it. The list goes on and on.

This is why it makes more sense for many companies to use an outside firm for disaster recovery management.

Why Consider Outsourcing Your IT Disaster Recovery Management?

The services provided by DR management providers can vary. For example, some may specialize in the initial planning and development of the BCP, while others may focus more specifically on the IT systems, like data backup.

Regardless of which components your business needs, there could be numerous advantages to using a third-party provider:

1) Cost efficiency

?In many cases, it makes more financial sense to outsource these responsibilities rather than to hire additional in-house staff.

For many small and medium-sized businesses, it is unnecessary to employ full-time IT managers. Using an outside IT firm is more cost-efficient, and there is no lengthy hiring process. Additionally, by hiring experts who specialize in disaster recovery, you’ll eliminate the risk of costly incidents that hurt your bottom line. This ties into the next key benefit of outsourcing …

2) Expertise

Providers that focus on DR management every day will have a deeper knowledge of the industry than in-house staff who only do it occasionally. Ultimately, this expertise can be the difference between a successful recovery and a failed one.

For example, consider the deployment of a new data backup system. An in-house IT professional can certainly do their own research to compare BCDR solutions and can learn how to deploy it. But an outside BCDR expert will already have insight into the best solutions and will know how to properly deploy it. This level of expertise is invaluable for preventing risk and disaster.

3) Faster response and recovery

?IT providers that specialize in DR understand what’s needed to ensure the fastest recovery possible. From emergency protocols to advanced recovery technologies, they implement systems that ensure a rapid response, in concert with your own recovery processes.

Remember the RTOs and RPOs we mentioned above? Achieving those recovery objectives is virtually impossible without the right technology and the right people to manage it. While your on-site IT teams may have broad knowledge about these systems, outside specialists will often be able to respond faster to disruptive IT incidents and with more precision.?

Which Technologies Help with DR Management?

Keep in mind that today’s leading BC/DR technologies provide built-in layers of disaster recovery management. Automated processes like hybrid cloud backup and backup verification help to eliminate tasks that were previously hands-on, manual and time-intensive.

For example, this is where a BC/DR solution like the?Datto SIRIS?comes in. With Datto, all of your data is secured, continually backed up and always available. For added assurance, it’s backed up to two locations: on-premise in a dedicated BDR device and in Datto’s secure cloud (where it is again replicated across geo-redundant data centers).

This isn’t limited to simply securing and restoring individual files. Datto can also recreate virtual IT infrastructure when it is compromised. When on-site data is inaccessible, backups can be booted as virtual machines, from anywhere, allowing you to continue using critical applications even if on-site infrastructure has been destroyed.

Combining both local and cloud-based security and backup ensures that if a physical issue like a fire occurs, you’ve got virtual support. And if the issue is a compromise of online security, you always have your local backups available.

The Datto SIRIS also uses advanced backup verification to ensure that each backup is viable. This is an automated process that test-boots each backup as it is created. In addition to verifying the backup image, it uses script execution to confirm that a service or application is executable.

Finally, SIRIS offers a variety of deployment options to make DR management easy. You can deploy the plug-and-play SIRIS appliance, or use a software-only deployment on your own hardware, either as a virtual machine (VM) or native Linux server.

Local Elements of a Disaster Recovery Management Plan

1) Frequent Backups

Datto’s system of physical backup to your local secured media uses a “snapshot” system that replicates not just collections of files, but the entirety of your critical software infrastructure. You can customize how often your network snapshots are taken, down to a frequency of once every five minutes. These snapshots are backed up locally, then immediately replicated on Datto’s secure cloud servers as well. The?ZFS file system?that Datto employs also compresses these snapshots to maximize storage space while ensuring that there is no loss of data integrity whatsoever during the process.

2)?Backup Power Supply & Surge Suppression

A backup power supply is a crucial measure for businesses that can’t afford operational downtime. These generators typically run on liquid propane or natural gas. An inverter generator is critical for powering computer systems as it cleans and stabilizes the voltage produced, removing the spikes and drops that conventional generators are subject to. For protection from short-term power outages, an uninterruptible power source (USP) provides an electronic solution that can cover a few minutes and provide a bridge to a switchover to generator power.

3) Fire Suppression

This is another element that has to be considered as part of your overall disaster recovery plan, as traditional sprinklers are obviously not an acceptable choice for server rooms or rooms full of computers that contain critical company data. Server rooms are generally built to be sealed off in the event a fire breaks out and to displace the oxygen in the room with an inert gas to starve out the fire. Both server rooms and general office rooms can also employ a synthetic gas cooling system as an alternative to water.

4) Remote / Cloud Backups

As mentioned above, Datto?pushes local backup snapshots to remote secure cloud servers automatically as they are created. Both local and cloud files can be automatically configured to be “pruned” out as older versions become obsolete and unnecessary. Infinite cloud retention is also available to businesses who need to keep backups for longer periods of time, whether for added security or regulatory compliance.

5)?Third-Party Monitoring and Intervention

With Datto, remote monitoring is a trusted safety net, not another security concern. Remote intervention is limited to ensuring that backups are made and retained properly, securing those files appropriately, and providing assistance when a disaster scenario occurs. Troubleshooting support is also continually available.

What to Look for in a Managed Service Provider

Companies looking to improve their DR management with solutions like Datto’s will likely partner with a third-party managed service provider (MSP).

MSPs are not made equal, so it’s important to choose one that’s a right fit for your organization. If you’re comparing providers, here are some things to evaluate:

·??????Experience: Years in business, number of active clients, etc.

·??????Clients: Who the MSP serves and how those clients’ needs and infrastructures compare to your own

·??????Knowledge: Familiarity with DR management, best practices and the specific tech solutions being considered

·??????Reviews, referrals and ratings: How they’re rated by current and/or former clients

·??????Performance: Examples of actual “results” achieved from their service, i.e. cost savings, successful recoveries, minimized risk, etc.

Frequently Asked Questions (FAQ) about IT Disaster Recovery Management

1. What is IT disaster recovery management?

IT disaster recovery management refers to the process of managing the systems and processes that enable an organization to recover from a disaster. This can include the management of data backup systems, recovery protocols, testing, training and business continuity planning.

2. What is included in an IT disaster recovery plan?

An IT disaster recovery plan summarizes all of the procedures and technologies that help an organization recover from a disruption to its IT systems. A typical DR planning document includes:

·??????Emergency contact information

·??????Recovery objectives

·??????Risk assessment

·??????Impact analysis

·??????BCDR technologies

·??????Recovery testing

·??????Training programs

·??????Protocols for disaster response & recovery

·??????Plan review schedule

3. What is DRP for information technology?

Within informational technology, DRP refers to the planning, protocols and systems that help an organization recover its IT systems after an unexpected outage. This planning outlines the required technologies for recovery, such as data backup systems, as well as the procedures that should be followed in a disaster situation.

4. Who is responsible for disaster recovery?

Every organization is responsible for conducting disaster recovery planning. However, given the complexity of this planning and the stakes involved, many organizations choose to partner with specialized IT providers that can handle their disaster recovery management on their behalf.

5. What is the importance of having an IT disaster recovery plan?

Every organization faces the risk of an IT outage that disrupts operations.?Having an IT disaster recovery plan is essential for identifying the systems and procedures that reduce those risks and help to facilitate a swift recovery when a disaster occurs.

Conclusion: Be Prepared for the Worst

Businesses today face numerous threats to their IT infrastructure: not just from natural disasters, but from cyberattacks, ransomware, hardware failure and human error.

It’s not enough to simply?anticipate?these disasters. Businesses must have a plan for recovery. With the right approach to disaster recovery management, you can ensure that your operations will be minimally impacted when the next disruptive event strikes.