Too many companies become ETS clients the hard way – after their business is hit by some type of IT infrastructure failure and among other consequences, they’ve lost critical information.
Fortunately, companies like Phoenix-based ExhibitOne Corporation didn’t need a disaster to proactively take action. “ETS sent a SWAT team for an initial assessment,” said ExhibitOne CEO and President Kevin Sandler. “The results almost made me ill. We had all the makings of a total IT meltdown. Within a matter of a few days, ETS had us out of the danger zone and within a few weeks, we were rock solid.”
What state is your company's IT infrastructure in? Rock solid? On the verge of a total meltdown? Somewhere in between?
Whether you know the answer to that question or not… if disaster recovery planning (DRP) has not been an integral part of your IT strategy, you could be in for some very unpleasant surprises. For many companies, DRP is the cornerstone of their business continuity plan.
To start, it’s important to understand the relationship of three terms – the definitions of which come from DRI International’s International Glossary for Resiliency:
Business Continuity Planning – The process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption. The end result of the planning process is the business continuity plan.
Disaster Recovery Planning – The activities associated with the continuing availability and restoration planning of the IT infrastructure.
Disaster Recovery Plan – A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.
As you can see, disaster recovery planning and the resulting plan are a subset of your overall business continuity plan and are very specific to your technology.
The objectives behind DRP are pretty straight forward:
In the Phoenix area, companies are often lured into to a false sense of security and forego investing in a DRP because they are thinking of disasters in terms of what Mother Nature has to offer. We are quite fortunate because outside of a lightning strike or an occasional monsoon-like storm, she just isn’t that active here in Arizona.
But, disasters can come in other flavors too. Think hardware failure, facility-related incident such as fire or waterline break, being a victim of hacking, a virus or malware, errors in system configurations, problems with updates, even internal mischief.
Unfortunately, there’s still plenty to worry about.
The first step in disaster recovery planning is to assess your facilities and operational environment, the current IT infrastructure, the processes and procedures for maintaining and managing the infrastructure as well as any ongoing practices for data back-up and storage.
In comparing your status quo to industry best practices, you can begin to get an idea of your risk level for different types of failure. By taking into account the likelihood of a failure, the consequences of that failure and the available budget, companies can begin to prioritize next steps to achieve best practices for preventing the failure.
Often companies will look to outside resources to help them through this first part of the DRP process, including help in identifying the systems and procedures that are needed to detect a failure early enough that it can be corrected before it disrupts the business.
Subsequent steps become more internal-focused.
Identifying a failure point doesn’t stop it from occurring, even if a company has achieved best practices. The next step is to determine what will be done if a failure disrupts the business. Not only who does what to fix the problem, but what are the steps for attempting to resolve the consequences.
Who needs to be notified? What outside resources will be required? Do you need to have agreements in place? Is there insurance to help cover?
This now brings us to the point where the “plan” in disaster recovery “planning” comes in… documenting everything and keeping the written plan up-to-date and communicated. This includes compiling critical information like phone lists, insurance policies, agreements, as well as the processes and procedures for getting the company back to the point where it has fully recovered.
Lastly, test the plans. Regularly.
Hopefully through detection, recovery is timely and there’s no disruption to the business. But, as often said, “Hope is not a plan.” Central to most disaster recovery plans and usually of the highest priority is a fail-safe system that protects access to data and any services provided through the company’s IT infrastructure in the event a situation becomes unrecoverable.
In this regard, a bulletproof backup and recovery strategy for both data and applications is the only solution – whether it’s a matter of recovering a single file or an entire server. A key consideration is the tolerance for how long a company can be without its data or services. Some measure it in hours, others in terms of minutes or seconds – and for some -even that’s too long.
This type of fail-safe backup and recovery strategy is standard for most enterprises, but is often too costly or complex (or both) for many small and mid-sized companies to implement. ETS is able to provide the same level of backup and disaster recovery protection as used by large corporations, but at a fraction of the cost. This level of capability is achieved through a combination of local back-up and cloud-based storage and server virtualization which is detailed here:
Disaster recovery planning is the only way a company can prevent, detect, correct and ultimately recover from IT infrastructure failures. Many companies find the most critical part of their DRP is the “R” and ensuring they have a fail-safe backup and recovery solution in place.