Disaster Recovery & Business Continuity Planning

Business continuity — the planning, preparation, and implementation of more resilient business systems in anticipation of unscheduled downtime — is often thought of as an IT problem, and most organizations leave it to the IT department to provide a fix. This invariably leads to the deployment of a wide range of tactical solutions, with no overriding strategy providing guidance.  In reality, as the term implies, business continuity is a business problem, and it requires a business approach to fix it.

Here is our break down of the top 10 tips of disaster recovery and business continuity planning.

It’s About the Business, Not Technology!

Before trying to work out how to implement HA and disaster recovery, talk to business leaders to understand their priorities. For some it will be email, for others the online order entry system, for others Microsoft SharePoint. The point is you won’t know what systems are the most important unless you ask business users.

It’s a Catastrophe, or Maybe Not

When you think about disaster recovery, you probably picture hurricanes, floods, terrorist attacks, and the like; not a software upgrade gone wrong or a hardware error on a critical piece of networking equipment.  Planning for the worst-case scenario and being tripped up by trivial day-to-day errors is very common. Your HA planning has to take into account all eventualities, from the ordinary to the cataclysmic.

How Can You Assign Budget Without Knowing The Cost of Downtime?

Too often, organizations assign a dollar value for disaster recovery planning before determining the financial risk of downtime and data loss to the business. This means assessing the financial cost of downtime before allocating a budget. Don’t forget to include regulatory compliance in your cost of downtime calculations. There are often financial penalties for unmet legal obligations.

It’s About Measuring Risk

Exactly what events classify as a disaster can change from organization to organization, and even from department to department. When thinking about HA and disaster recovery, it is essential to ask:  What are we trying to protect ourselves from? Don’t overlook the commonplace. Small losses from common problems mount up quickly.

Do You Have A Plan?

As crazy as it sounds, a surprising number of organizations don’t have a disaster recovery plan. It is essential that you develop a formal document detailing all applications, hardware, facilities, service providers, personnel, and priorities.  The plan must represent all functional areas and offer clear guidance on what happens before, during, and after a disaster.

We’ve Got A Plan, But We Didn’t Test It

Maintaining a disaster recovery plan is only helpful if it works. The only way to ensure your plan works is to test it. Testing the plan under simulated disaster conditions is essential, but it can also be challenging. Look for data protection solutions that help you create environments for non-disruptive testing of your disaster recovery plan.

Who Is Responsible, and For What?

A real-life disaster event will be chaotic and confusing. If key staff does not understand their disaster recovery responsibilities, the recovery process will be long and fraught with problems. Your disaster recovery plan must clearly state the roles and responsibilities of everyone involved, including what to do if key personnel are not available.

Recovery Point What? Recovery Time Who?

Two metrics are used to record an application’s tolerance of downtime and data loss: recovery point objective (RPO) and recovery time objective (RTO).  RPO is a measure of data loss. The larger the RPO, the more data loss each application can tolerate before it becomes a problem for the business.  RTO is a measure of recovery time. The smaller the RTO, the faster you have to work to get the application back online before the organization starts to suffer significant losses.

Recovery Will Take Longer Than You Think

Understanding how long it will take to recover key business systems is essential.  Can you restore data and rebuild application systems fast enough to satisfy business users? Do you have the bandwidth to recover data from a cloud service provider? Understanding how long it takes to recover applications, and the effect of downtime on the business, may prompt you to make different technology choices.

Going Home

The ability to failback to production systems is every bit as important as the ability to failover. Unless carefully planned, a backup data center is unlikely to have the same capacity or performance as the production site. Without a failback plan, you may perform a successful initial failover and then see losses mount as your business limps along for weeks operating from an inadequately provisioned backup site.

It’s no secret what successful high availability looks like: no application downtime and no application data loss. The maturing of HA products has brought the price within reach of small and mid-market companies.  This combined with lowered infrastructure costs — broadband, server virtualization, multiple service providers — and dramatically improved usability is making HA affordable for organizations of all sizes.

To implement HA successfully, talk to business owners to understand their priorities.  Key is that you understand what systems are the most important.   Understanding the needs of the business will let you set priorities that dictate the disaster recovery technology choices that best fit your business continuity need.