What Is IT Disaster Recovery Management, Exactly?
Everything You Need to Know About IT Disaster Recovery Management
For businesses, there are a variety of potential disaster scenarios that require preparation. Among the most common of these are: intrusions by hackers, loss of access due to malware or ransomware and unintentional data-loss events. Depending on where the business is located, you might also experience natural disasters like fires, tornadoes and floods.
Given both the complexity and potential expense of implementing a comprehensive disaster recovery management plan across the entirety of their IT network, many businesses opt to employ a third-party solution. This option greatly simplifies the process for many businesses. It also often proves to be the most cost-effective option for ensuring complete security and recovery capability.
Why Disaster Recovery is Critical
Businesses must be able to quickly recover from a disaster. A prolonged operational disruption significantly increases the risk that the business will not recover from the event—ever.
Consider these alarming statistics from the U.S. Federal Emergency Management Agency (FEMA):
· 40% to 60% of businesses never reopen their doors after a disaster.
· 90% of small businesses that are unable to recover within 5 days will shutter completely within a year.
· After 2 years, only 29% of businesses that initially survived the event are expected to be still operating. The rest are forced to close their doors.
The Costs of a Disaster
Any disruption, no matter how short, can be costly. According to statistics reported by Datto, a single hour of downtime can cost between $10,000 to more than 5 million, depending on the size of the company.
Consider that most disasters will take hours, if not days, to recover from. A data-loss event, for instance, takes an average of 7 hours for businesses to resume normal operations. And 18 percent of IT managers say that recovery can take 11 to 24 hours, if not longer.
Where do the costs add up?
· Idle workers who continue earning wages but are unable to perform their job duties because of the disruption. A prolonged productivity loss can be extremely costly.
· Physical damage to infrastructure, equipment or the building itself, as in the case of severe natural disasters.
· Lost revenue due to the curbed operations or an inability to collect or process payments or deliver products to market.
· Complex data recovery that requires hiring additional outside resources and specialists.
· Repair or replacement of technology components, such as hard drives, network hardware or other equipment.
· Reputation damage that can occur if customers, clients or vendors perceive the business to be unsecure or at risk of further disruptions in the future.
Businesses can significantly curb the costs of a disaster in each of these categories by making sure it can recover more quickly after a disruption. That is why disaster recovery management is so important.
A Disaster Recovery Planning Foundation
Disaster recovery planning is virtually impossible without an understanding of the risks posed to your business.
First, you must determine what kinds of disasters are likely to affect the business, what they look like and how they might disrupt operations. Only then are you able to adequately implement protocols and systems that ensure you can rapidly recover from those specific disasters.
If you have a business continuity plan (and you should), then all of this should already be spelled out in an extensive risk assessment and business impact analysis. Your disaster recovery plan (DRP)—outlining the specific recovery methods and technologies—would thus be built onto that foundation.
What to Consider in Your Planning
Disaster recovery planning is often focused on IT-related disasters, such as data loss, though the term can technically refer to a wide range of disruptions.
For the purposes of this post, let’s focus for a minute exclusively on the data backup side of recovery planning, which is commonly grouped under the larger umbrella of BC/DR (business continuity and disaster recovery).
When data loss occurs—whether due to cyberattack, ransomware, hardware failure or some other threat—businesses must recover it as quickly as possible to avert a prolonged operational disruption.
To facilitate that recovery, these components need to be considered within your planning:
· RPO (recovery point objective): a threshold for setting the maximum allowable age of the most recent data backup, i.e. 12 hours. An aggressive RPO minimizes data loss by ensuring that a recent backup is always available.
· RTO (recovery time objective): a threshold for setting the maximum allowable time for recovery, i.e. 2 hours. For example, if you wanted to ensure the business could recover from a data-loss event within 60 minutes, you would set an RTO of 1 hour.
· Technologies: the data backup systems that make your recovery objectives achievable. You can’t set an aggressive RPO or RTO without the technology to make it possible. You’ll need to identify systems that can provide your desired backup frequency and recovery speed, while also minimizing the risk of a failed restore, corrupted data, etc.
· Protocols: the procedures for performing the recovery (and who will administer it). This is the step-by-step plan that must be followed to ensure that recovery objectives are met.
· Testing: the ongoing testing of backup systems and mock recoveries to ensure that data will be successfully restored without error in a real-world event.
Who Should Manage Your DR Strategy?
With so many components to disaster recovery planning and implementation, businesses face an important question: should they manage it all in-house or get help from third-party specialists?
Every business, no matter how small, should have some form of DR plan. But not every business has the resources to develop comprehensive recovery strategy, let alone deploy and manage the right tech solutions.
Somebody needs to write and update the plan. Perform the risk assessment. Calculate the business impact analysis. Research the latest BC/DR solutions. Implement it. Maintain it. Test it. The list goes on and on.
This is why it makes more sense for many companies to use an outside firm for disaster recovery management.
Reasons to Consider Outsourcing Your IT Disaster Recovery Management
The services provided by DR management providers can vary. For example, some may specialize on the initial planning and development of the BCP, while others may focus more specifically on the IT systems, like data backup.
Regardless of which components your business needs, there could be numerous advantages to using a third-party provider:
· Cost efficiency: In many cases it makes more financial sense to outsource these responsibilities rather than to hire additional in-house staff.
· Expertise: Providers that focus on DR management every day will have a deeper knowledge of the industry than in-house staff who only do it occasionally. Ultimately, this expertise can be the difference between a successful recovery and a failed one.
· Faster response and recovery: IT providers that specialize in DR understand what’s needed to ensure the fastest recovery possible. From emergency protocols to advanced recovery technologies, they implement systems that ensure a rapid response, in concert with your own recovery processes.
Tech-Powered DR Management
Keep in mind that today’s leading BC/DR technologies provide built-in layers of disaster recovery management. Automated processes like hybrid cloud backup and backup verification help to eliminate tasks that were previously hands-on, manual and time-intensive.
For example, this is where a BC/DR solution like the Datto SIRIS comes in. With Datto, all of your data is secured, continually backed up and always available. For added assurance, it’s backed up to two locations: on-premise in a dedicated BDR device and in Datto’s secure cloud (where it is again replicated across geo-redundant datacenters).
This isn’t limited to simply securing and restoring individual files. Datto can also recreate virtual IT infrastructure when it is compromised. When on-site data is inaccessible, backups can be booted as virtual machines, from anywhere, allowing you to continue using critical applications even if on-site infrastructure has been destroyed.
Combining both local and cloud-based security and backup ensures that if a physical issue like a fire occurs, you’ve got virtual support. And if the issue is a compromise of online security, you always have your local backups available.
Local Elements of a Disaster Recovery Management Plan
· Regular Timed Physical Backups
Datto’s system of physical backup to your local secured media uses a “snapshot” system that replicates not just collections of files, but the entirety of your critical software infrastructure. You can customize how often your network snapshots are taken, down to a frequency once every five minutes. These snapshots are backed up locally, then immediately replicated on Datto’s secure cloud servers as well. The ZFS file system that Datto employs also compresses these snapshots to maximize storage space while ensuring that there is no loss of data integrity whatsoever during the process.
· Backup Power Supply & Surge Suppression
A backup power supply is a crucial measure for businesses who need constant uptime. These generators run on liquid propane or natural gas. An inverter generator is critical for powering computer systems as it cleans and stabilizes the voltage produced, removing the spikes and drops that conventional generators are subject to. For protection from short-term power outages, an uninterruptible power source (USP) provides an electronic solution that can cover a few minutes and provide a bridge to a switchover to generator power.
· Fire Suppression
This is another element that has to be considered as part of your overall disaster recovery plan, as traditional sprinklers are obviously not an acceptable choice for server rooms or rooms full of computers that contain critical company data. Server rooms are generally built to be sealed off in the event a fire breaks out and to displace the oxygen in the room with an inert gas to starve out the fire. Both server rooms and general office rooms can also employ a synthetic gas cooling system as an alternative to water.
· Remote Timed Physical Backups
As mentioned above, Datto pushes local backup snapshots to remote secure cloud servers automatically as they are created. Both local and cloud files can be automatically configured to be “pruned” out as older versions become obsolete and unnecessary. Infinite cloud retention is also available to businesses who need to keep backups for longer periods of time, whether for added security or regulatory compliance.
· Third-Party Monitoring And Intervention
With Datto, remote monitoring is a trusted safety net, not another security concern. Remote intervention is limited to ensuring that backups are made and retained properly, securing those files appropriately, and providing assistance when a disaster scenario occurs. Troubleshooting support is also continually available.
What to Look for in a Managed Service Provider
Companies looking to improve their DR management with solutions like Datto’s will likely partner with a third-party managed service provider (MSP).
MSPs are not made equal, so it’s important to choose one that’s a right fit for your organization. If you’re comparing providers, here are some things to evaluate:
– Experience: Years in business, number of active clients, etc.
– Clients: Who the MSP serves and how those clients’ needs and infrastructures compare to your own
– Knowledge: Familiarity with DR management, best practices and the specific tech solutions being considered
– Reviews, referrals and ratings: How they’re rated by current and/or former clients
– Performance: Examples of actual “results” achieved from their service, i.e. cost savings, successful recoveries, minimized risk, etc.
Preparing for the Worst
Businesses today face numerous threats to their IT infrastructure: not just from natural disasters, but from cyberattacks, ransomware, hardware failure and human error.
It’s not enough to simply anticipate these disasters. Businesses must have a plan for recovery. With the right approach to disaster recovery management, you can ensure that your operations will be minimally impacted when the next disruptive event strikes.
Request a Free Demo
For more information on protecting your company with Datto’s hybrid cloud BC/DR solutions, request a free demo or contact our recovery experts at Invenio IT. Call us at (646) 395-1170 or email [email protected].