Common oversights regarding disaster recovery & how to avoid them
A disaster recovery plan can be considered a success only if, when implemented at the time of a disaster, it ensures that the business continues to operate smoothly writes Sean Dendle.
Though it may seem a simple enough requirement, more often than not disaster recovery plans are bugged with some common mistakes or errors which can be easily avoided with a little bit of common sense and foresight.
Below are some common nontechnical mistakes regarding disaster recovery plans and also the possible solutions to avoid them.
1 Active support and involvement from the senior management
It is just not enough to have the approval of the top management, for the disaster recovery plan to be a success during implementation; the top management should be proactively involved in the execution. Having their presence physically at the time of disaster uplifts the morale of all the participants and works towards success.
2 Employee buy in and support
To ensure that the disaster recovery plan is executed effectively it needs the support of the employees. The employees must be convinced on the efficacy of the plan against the disaster. It is important to involve all the departments of the business in the disaster recovery operations so that they can assist in the planning process and thus take ownership of the plan to an extent. It is important to have the non-technical team too as part of the disaster recovery team.
3 Disaster recovery is not a one person job
More often than not companies designate a person as the sole in charge of the disaster recovery process. This should not be the case because disaster recovery activities are time critical, hence there should be a group of well-trained individuals to execute the process.
4 Generalisations vs. Specific tasks
In the disaster recovery plans, most often there is a large extent of generalisations. This should not be the case. Clear specific steps, activities, and processes need to be thoroughly documented (and tested) to ensure that mission critical data and business processes run unhampered.
5 Budgetary constraints
Disaster recovery plans can only be a success if the necessary budget is allocated to it. Not only monetary budget, but human resources too, should be allocated for the successful implementation of disaster recovery. Key people from different departments should be allocated and their expertise should be utilised both for planning and execution. Specific issues in disaster recovery to bear in mind by organisations considering cloud solutions are:
1 Data criticality
Organisations do not segregate data on the basis of its importance and consider it as a large whole which needs to be saved. Hence they go in for cloud backups for the whole data produced. This may not necessarily be required. You may find only data which is mission (business) critical requires backup to an offsite location in cloud backups for instant recovery.
2 RTO and PRO
Companies do not pay much importance to setting the recovery time objective (RTO) and the recovery point objective (RPO) for cloud backup. The RTO and RPO are highly important to ensure that the business does not suffer in any way in situations of outages. Organisations should have a realistic RPO and RTO set so that they can manage better in times of outages.
3 Difference between High Availability (HA) and Disaster Recovery (DR)
It is vitally important for companies to understand the subtle differences between High Availability and Disaster Recovery. High Availability is the ability or the resilience of the data centre or location whereas disaster recovery is the data availability across different data centres or servers at various locations.
4 Inter-dependencies of servers
Companies usually tier servers but do not pay attention to the inter-dependencies while working on the disaster recovery plan. Because of this focus on individual technologies without consideration to the inter-dependencies, there is a high probability that the cloud backup plan might not be sufficient.
For a successful disaster recovery plan it should be bring in the organisation as a whole and should be thought of as a necessary expense and not as something that can be dealt with later on. My final thought is: a disaster recovery plan is only as good as the last time it was tested. How frequently do you test your DR plan? How long did it take? Are the results of these tests provided to management for review?