networks >> articles

IT Outsourcing Solutions > > Disaster recovery

Of companies that had a major loss of computerized records, 43% never reopen, 51% close within two years, and only 6% will survive long-term.

How long can your business afford to be without its computer systems should a disaster strike?

Even the most thorough business continuity plan is no substitute for an equally thorough disaster recovery plan. No enterprise IT infrastructure is immune from the many disasters - disk crashes, power failures, human error, natural disasters - that will inevitably stop the flow of data at one or more of your facilities.

When that time comes, IT will be on the hook for dusting off the disaster recovery plan and restoring the valuable data that had been created since the last back up. Will your disaster recovery plan work?

Tape-based disaster recovery can only restore data to the point of the last backup, which was most likely the prior night. Any data created since the last backup will be lost. An effective disaster recovery plan requires a compre-hensive data protection plan which includes tape backup, whole server recovery, failover and continuous data replication.

Step 1: Risk Analysis
Events that necessitate disaster recovery

The first step in drafting a disaster recovery plan is conducting a thorough risk analysis of your computer systems.

List all the possible risks that threaten system uptime and evaluate how imminent the risks are in your particular IT shop. Anything that can cause a system outage is a threat, from relatively common manmade threats like virus attacks and accidental data deletions to more rare natural threats like floods and fires.

Determine which of your threats are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high.

There are many different risks that can negatively impact the normal operations of an organization. A risk assessment should be performed to determine what constitutes a disaster and which risks a specific company is most susceptible to, including:

  • Natural disasters
  • Fire
  • Power failure
  • Terrorist attacks
  • Organized or deliberate disruptions
  • Theft
  • System and/or equipment failures
  • Human error
  • Computer viruses
  • Legal issues
  • Worker strikes
  • Testing

Assess business impact and risk.
This should include an assessment of the business unit's function and, preferably, a business impact analysis (BIA). The purpose of the assessment is to determine the business unit's relative contribution to the larger organization (monetary and functional).

Risk assessment may be the most important step in the risk management process, and may also be the most difficult and prone to error. A risk with a large potential loss and a low probability of occurring must be treated differently than one with a low potential loss but a high likelihood of occurring. In theory, both are of nearly equal priority in dealing with first. But in practice, it can be very difficult to manage when faced with the scarcity of resources, especially time, in which to conduct the risk management process.

Expressed mathematically, financial decisions, such as insurance, often express loss terms in dollars.

Step 2: Establish the Budget

Once the risks has been outlined, how can they be addressed, and how much will it cost? The results of Step 1 should be a comprehensive list of possible threats, each with its corresponding solution and cost. Decision-makers can make an informed decision regarding the size of the disaster recovery budget given the risks outlined - and which risks the company will tolerate versus the risks it wishes to mitigate.

Disaster recovery budgets vary from company to company - but they typically run between 2 and 8 percent of the overall IT budget. Companies for which system availability is crucial are usually on the higher end of the scale. However, these percentages may be too conservative. For a large IT shop, 15 to 25 percent is a best practice rule of thumb.

Step 3: Developing the Disaster Recovery Plan

Disaster recovery planning falls into the realm of business continuity planning, as well as risk management.

Develop a Disaster Recovery framework. Data should be categorized by importance. Two measures of importance are used, RTO and RPO. Recovery Time Objective (RTO) is the acceptable amount of time between the disaster and the post-disaster resumption of function (how long can we wait to restore data?). Recovery Point Objective (RPO) is the acceptable data roll-back (how current does the data have to be?).

Develop a recovery strategy and then a written Disaster Recovery Plan. That written plan should address at a minimum: response, recovery, and resumption of services detailed tasks.

Adjust information systems to make Disaster Recovery easier. This includes consolidating servers and data, perhaps with a Storage Area Network or other archival storage method.

A good plan takes into account many different factors. The most important are:

Communicate with your personnel and customers:

Personnel — notify all key personnel of the problem and assign them tasks focused toward the recovery plan.

Customers — notifying clients about the problem minimizes panic.

Recall backups — If backup tapes are taken offsite, these need to be recalled. If using remote backup services, a network connection to the remote backup location (or the Internet) will be required.

Facilities — having backup hot sites or cold sites for larger companies. Mobile recovery facilities are also available from many suppliers.

Prepare your employees — during a disaster, employees are required to work longer, more stressful hours, and a support system should be in place to alleviate some of the stress. Prepare them ahead of time to ensure that work runs smoothly.

Business information — backups should be stored in a completely separate location from the company

Testing the plan — provisions, directions, frequency for testing the plan should be stipulated.

Business data protection

With the rise in information technology and the reliance on business-critical data, the landscape has changed in recent years in favor of protecting irreplaceable data. This is especially evident in information technology, with most large computer systems backing up digital information to limit data loss and to aid data recovery.

The current data protection market is characterized by:

  • Rapidly changing customer needs that are driven by data growth, regulatory issues and the growing importance to access data quickly by retaining it online.

  • An ever-shrinking time frame for backing up data, which is burdening conventional tape backup technologies.

As the disaster recovery market continues to undergo significant structural changes, the shift presents opportunities for next-generation startup companies that specialize in business continuity planning and offsite data protection.

Preventions against data loss

Backups sent off-site in regular intervals. Backups includes software as well as all data information, to facilitate recovery.

Use a remote backup facility if possible to minimize data loss.

Storage Area Networks (SANs) over multiple sites are a recent development (since 2003) which make data immediately available without the need to recover or synchronize it.

Surge Protectors — to minimize the effect of power surges on delicate electronic equipment.

Equipment such as an uninterruptible power supply and/or backup generator.

Fire Prevention Systems — more alarms, accessible extinguishers.

Anti-virus software, firewalls, and other security measures.

Concepts of Disaster Recovery

Disaster recovery is the process of regaining access to the data, hardware and software necessary to resume critical business operations after a natural or human-induced disaster. A disaster recovery plan should also include plans for coping with the unexpected or sudden loss of key personnel. However, for this discussion, the focus is data protection. A disaster recovery plan is part of a larger process known as business continuity planning.

Business Continuity Planning is an interdisciplinary methodology used to create and validate a practiced logistical plan for how an organization will recover and restore - partially or completely interrupted critical function(s) within a predetermined time after a disaster or extended disruption. The logistical plan is the Business Continuity Plan.

High availability is a system design protocol and associated implementation that ensures a certain absolute degree of operational continuity during a given measurement period. Systems design is the process or art of defining the hardware and software architecture, components, modules, interfaces, and data for a computer system to satisfy specified requirements.

Availability refers to the ability of the user community to access the system, whether to submit new work, update or alter existing work, or collect the results of previous work. If a user cannot access the system, it is said to be unavailable. Generally, the term downtime is used to refer to periods when a system is unavailable.

How may we help you?

Please contact us for a free consultation on a customized disaster recovery plan and how a relationship with inSync can benefit your company.

Work Hard. Play Hard. Worry Less. inSync.

Corporate Office
Orange County
(949) 837-5000

Los Angeles
(310) 461-1555

San Diego
(858) 625-4690

Toll-Free
(888) 638-6211

Email
info@IToutsourcing-SoCal.com

Digitize your File Cabinets!

Protect your documentation with a Document Imaging / Management Solution.

An effective part of an overall Disaster Recovery Plan.

InSync endorses, and is, a Double-Take® Partner.

Double-Take® Software - products and services - enable customers to protect and recover business-critical data and applications to support disaster recovery, high availability and centralized backup.