In Part 1 of our IBM Power for Data Resilience series, we explored how disaster recovery has gained a cybersecurity focus and its importance in maintaining your company’s reliability and productivity.
But how does your business execute disaster recovery?
As the volatility of both the climate and the risk landscape increase, your company needs to prepare for the inevitable disaster. It’s only a matter of time before your company experiences weather, hardware failure, or cybersecurity-related trauma that trigger devastating downtime and data loss.
Developing a formal disaster recovery plan that is supported by the right technology will ensure that your company is ready to bounce back quickly after a major breach, natural disaster, or equipment failure. Here’s an overview of some key steps in creating a plan for disaster recovery.
Assess Risks and Impacts
Developing an effective disaster recovery plan begins with assessing your company’s risks and the negative impact a traumatic event, such as an advanced cyberattack, may have on your business. To prepare for recovering from an outage, you need to understand the evolving threat landscape.
Certain geographical areas and industries may face specific risks. For example, companies in some regions may be more susceptible to blizzards, wildfires, or hurricanes. Businesses in the financial industry or healthcare may be targeted by cybercriminals because the data these organizations handle can be used for carrying out lucrative acts of fraud.
Based on the risks your company faces, you need to consider how each type of traumatic event might affect your business. If a disaster may cause extended downtime, you must assess its impact on operations. How long will your company be shut down? How long can your company afford to go without operating or accessing mission-critical data?
Major breaches may interrupt network communications and expose sensitive information. Different types of threats may result in loss of revenue, reputational damage, fines for non-compliance, or customer attrition.
Conduct an Inventory
For a disaster recovery plan to be effective, it must cover all your vital resources. That’s why conducting an asset inventory is essential. You need to identify the hardware, software, network resources, data, and applications that your company relies on to operate.
Each asset should be evaluated to determine its level of importance to operations. The level of importance should depend on how frequently your company uses the asset and how business productivity would be affected if the asset wasn’t functioning.
Elements of a Disaster Recovery Plan
Once you’ve conducted your assessments and inventories, you can begin putting a plan together based on the requirements you’ve discovered. A disaster recovery plan should include several core elements to ensure you define and meet your goals for data resiliency. To ensure that your disaster recovery plan addresses increasing cybersecurity risks, it must focus on backing up and recovering IT infrastructure.
Data Center Recovery
A disaster recovery plan should cover data center risks related to data security, connectivity, and power to prevent outages and get the data center up and running as soon as possible after an incident. The 3-2-1 rule describes best practices for data center backup and recovery, in which data is backed up 3 times on 2 types of media, with one copy stored off site. For quick recovery, the data center may failover to a secondary site where data has been replicated.
Network Recovery
The disaster recovery plan should include procedures for network recovery to avoid lengthy interruptions to connectivity and the flow of data needed to make business decisions. Network recovery involves creating redundant network infrastructure, failover procedures, and alternate pathways for traffic.
Failover
Your company can achieve failover by creating a secondary data center in the cloud or at a colocation where your company can transfer operations after the primary data center has been shut down by a disaster or cyberthreat. Failover to the secondary site can occur seamlessly to prevent operations from being interrupted.
Recovery Time Objective (RTO)
The disaster recovery plan should be set up to meet your company’s goals for how quickly data needs to be recovered. The RTO should be based on how long your company can afford to go without access to data.
Recovery Point Objective (RPO)
Your company also needs to develop a disaster recovery plan capable of restoring data to its most recent state. Setting an RPO will ensure that your company is working with accurate and complete information after an incident of data loss or compromise. Backing up data frequently will narrow the RPO window.
Disaster Recovery Testing
Developing a disaster recovery plan is an ongoing process. Your company needs to test the plan regularly to determine if it meets recovery goals and requirements. To see if your plan works the way you expect it to, you can create simulations of realistic scenarios.
Testing a disaster recovery plan enables your company to adjust and update your practices. A test can uncover any problems, such as platform and hardware incompatibility, vital assets that have been overlooked, and lengthy recovery times. Updates can be made based on emerging risks.
Supporting Your Disaster Recovery Plan
After your company develops a disaster recovery plan, you may find that you need to adopt a new technology solution to support it. The ProActive Solutions team has witnessed how taking the wrong approach to technology can derail disaster recovery. We’ve worked with companies that have hardware incompatibilities which extend recovery times far beyond what we’ve been able to achieve with IBM Power.
IBM Power can restore operations quickly because of its wide hardware compatibility and recovery capabilities. For instance, IBM VM Recovery Manager for IBM Power functions with virtualization and can automatically restore operations into an alternate location or environment.
ProActive can work with your company to assess your approach to disaster recovery, develop a successful plan, and support it with leading technology, including IBM Power Systems.
Find out how IBM Power can support your company’s disaster recovery plan. Ask for a consultation from ProActive.
COMING SOON: Read Part 3 of our IBM Power for Data Resilience series to learn how disaster recovery can serve as an entry point for high availability.