We want to believe “it will never happen to us”, but the fact is, disasters do happen. Sometimes on a small scale — a simple backup set can be restored quickly, with little or no harm done. But at other times, major disasters strike, and without a disaster recovery plan in place, the effect can be catastrophic. These events can cost organizations time, money, reputation and even their brand.
Disasters can come in the form of natural disasters, such as floods, fires, hurricanes, volcanoes, earthquakes, blizzards, among others. They can also be unnatural, due to poor change control, viruses, cyber-attacks, terrorist attacks, transportation strikes, etc. A business disaster can even be the result of a 3rd party service provider suffering an outage or failure including: ISPs, hosting companies and telcos.
In a 2016 survey by the Wall Street Journal, 40% of US companies did not have any form of disaster recovery (DR) plan in place. In a separate study of companies that experienced a major disaster that resulted in substantial business data loss, 43% never recovered or reopened, and 29% closed their doors within two years. It is estimated that for every $1 spent on DR planning, $4 are saved in recovery costs. In our technology driven world, DR planning is not optional — it’s essential.
Key steps and best practices for getting a DR plan in place
Let’s take a look at 4 of the key steps in developing a DR plan.
1. Staff training and chain of command
The very first step in developing a DR plan is assembling a DR team responsible for developing, executing and testing the plan. The effective execution of a DR plan requires a clear chain of command, ensuring that all staff understand exactly to whom they must report when disaster recovery is involved.
In conjunction with this, each staff member must be assigned their responsibilities and receive the appropriate training to execute their tasks effectively and efficiently. The better prepared the entire DR team is, the greater the odds are of successful recovery. It is important to note that IT systems are continuously evolving and are regularly being upgraded. This means that DR plans and specifically the staff responsibilities need to be updated regularly, as well.
2. Creating a disaster recovery protocol (DRP) document
There is the old saying: “Failing to plan is planning to fail” and this is exactly the train of thought behind creating a DRP document. It is a comprehensive document that details every component of the disaster recovery plan. This document should include:
- Network infrastructure documentation (including network diagrams & configurations)
- A list of all relevant people and service providers and their contact information
- Comprehensive lists of IT systems, prioritized based on vulnerability, criticality and amount of time each system can be down and the time required to recover each system
- A set of operational procedures to be followed in the event of a disaster
- Establishing an emergency response team, including the training required to deal with contingencies
- Identifying vendor emergency response capabilities, including any SLAs that may be in place or required to implement the plan
- Results of dry-runs and tests of the DRP
3. Remote desktop access
Building disaster recovery centers with hundreds of seats for employees is no longer necessary. With cutting edge HTML5-based remote access solutions, organizations can grant employees access to their mission-critical applications in the event of a disaster.
Historically, remote desktop clients needed to be installed on the users’ PCs. Sometimes this also involved configuring separate VPNs for security. This approach made remote access complex and time-consuming. The last thing IT personnel need to be doing during a disaster situation is trying to support hundreds of users to configure their desktops.
With the latest browser-based remote access offerings, employees can easily access their office PCs from any desktop or mobile device. There is no need to install or configure client-side software or plug-ins. Users simply open their browser, login and continue working from anywhere in order to maintain business continuity.
This simple approach to employee access reduces the time, costs and overhead involved in other DR solutions. Moreover, with no data stored on the end-point device and all communications encrypted, browser-based remote access helps organizations to maximize data security.
4. Train, test, and test some more
Like an elite army unit, the more IT staff practice, the more efficient they become and the better equipped to deal with disaster situations. This is an area that is often neglected. Organizations invest time, money and effort into developing their business continuity plans and systems, but do not regularly test them to find gaps and make sure everyone knows what they need to do.
The importance of regular dry runs cannot be emphasized enough. These ensure that each stakeholder understands their roles and tasks, and can perform them instinctively when the time comes.
Your car comes equipped with a spare tire, jack and tools just in case you get a flat. Knowing how to access them and change your tire is part of dealing with the situation. Imagine being stranded only to discover that the jack is missing or the spare tire has a hole in it. Despite your best intentions, you’re still going to be stuck. It’s no different with a DR plan. You need to be prepared, have every component accounted for, and know exactly what to do to recover successfully.