Accidents and attacks happen – there is sometimes no way to avoid them and even maintaining the highest security standards cannot make a company 100% secure. In other words, one should always protect the systems, but you can never be sure. However, even in the worst case scenario, there is the last defence line – a disaster recovery plan. What is it, how to execute it and what does it have to do with good software infrastructure? Let’s find out!
Table of contents
- A little history lesson
- 13 steps to security
- Software infrastructure for disaster recovery
- If you can’t avoid it – be ready
A little history lesson
Disruptions can lead to lost revenue, brand damage and dissatisfied customers. Therefore, every company needs a way to deal with disasters such as hardware malfunctions, natural phenomena (power outages and disasters causing physical damages) or hacker attacks leading to loss of data or temporary paralysis of the systems. The longer the disruption, the higher the business impact usually is. However, since many catastrophes cannot be avoided, even though they occur rarely, every company needs to be ready. In other words, have a disaster recovery plan.
A well prepared disaster recovery plan addresses what happens in the worst case scenario and does not necessarily cover all contingencies for business processes, assets, human resources and business partners. Its aim is to save the business and help recover it to the operating state as fast as possible.
Historically, before the 1970s, virtually all organisations only dealt with paper-based databases and records. With huge amounts of information stored that way, it was very problematic to back up everything, from a logistic point of view. However, the only concern then were natural disasters, such as fire, floods or earthquakes. Only later on, with the emergence of computers and their adaptation to the business environment, data could be stored more efficiently, usually on tapes which could be replicated easily. By the end of the decade, corporations relied on batch-oriented mainframe systems and their possibilities made the regulators think. The most innovative country back then, the USA, made it clear in 1983. The American government made the decision that all national banks must have a reliable and testable backup plan. Even though it was a new idea, many other industries followed, as decision makers had always understood how potential data losses could destroy their enterprises.
The next revolution happened during the Dotcom Boom of the early 2000s. Not only the amount of data stored grew exponentially, but it needed to be accessed online and new dangers emerged. Cyber attacks became a real threat that needed to be dealt with.
Now, we don’t even need regulations enforcing institutions to have disaster recovery plans and backups, because it’s so obvious to everybody that no company can function properly when it loses its infrastructure (see our article: Improve Your Security by Offshoring Software Development), just as a human body cannot function without vital organs. But what exactly is a disaster recovery plan, how to prepare it and what is needed to execute it? Let’s find out.
13 steps to security
The goal of a disaster recovery plan is to get ready for an emergency that can potentially disable information systems of an institution, minimise its effects and get the business operations running properly as fast as possible after an incident happens. The plan needs to be stored in a safe way and tell how and in what order to rebuild the system. A basic template of a disaster recovery plan was prepared by IBM and it an be adapted to any organisation:
Step 1: Major goals – a description of priorities and an outline of the whole plan
Step 2: Personnel – who is responsible for what
Step 3: Application profile – what applications are vital for the organisation
Step 4: Inventory profile – what does the organisation own physically and who is responsible for what element of the inventory
Step 5: Information services backup procedures – when, how often and how the data needs to be backed up, also where the information are supposed to be stored
Step 6: Disaster recovery procedures – here needs to be thoroughly described what emergency procedures need to be followed in the case of an incident to protect not only information, but also lives. The procedures need to be simple enough, so they can be realised rapidly.
Step: 7: DR plan for mobile site – a mobile site setup plan that can be executed when an organisation cannot function in its normal HQ, but communication is still needed. It includes everything needed to build temporary infrastructure, for example wiring diagrams and electrical service instructions.
Step 8: DR plan for hot site – a hot site is a temporary site that allows the organisation to function while its original infrastructure is being rebuilt.
Step 9: Restoring the entire system – procedures to follow in order to recover the whole, original system the company had before the incident.
Step 10: Rebuilding processes – damage assessment and the physical start of rebuilding the data centre.
Step 11: Testing the disaster recovery and cyber recovery plan – no recovery plan is good if it’s not tested after being prepared. It should also be tested after it was being used to rebuild the infrastructure to ensure everything went well.
Step 12: Disaster site rebuilding – a documentation of all the assets, such as hardware and floor plans. Also, current needs.
Step 13: Record of plan changes – not only a DR plan needs to be up to date, every change needs to be documented for further analyses.
Software infrastructure for disaster recovery
The general outline of a disaster recovery plan seems complicated, because it does not specify how to do anything. However, there are experts who specialise in implementing such plans in companies and there are tools to ensure disaster recovery goes smoothly after an incident. Obviously, nobody wants to be forced to actually use these solutions, but everybody needs to be ready for the worst to happen. And when it comes to the worst – be sure to be able to use them.
However, the difficult part is selecting the best kind of disaster recovery software for your needs. Let’s take a look at some of the most popular and recommended solutions to make it easier.
Veeam Backup and Replication is a huge backup solution that can be customised for businesses of all sizes, so it meets the needs of most organisations. It is commonly used by big corporations and startups and offers all critical functionalities that make disaster recovery after the worst incidents possible from a single management console. What is important, Veeam Backup and Replication is very versatile and works for both server-based and cloud-based systems. It supports Microsoft Active Directory, Microsoft Exchange, Microsoft SQL and Microsoft SharePoint. Also, it encrypts data to make it secure while stored.
It is not perfect, though. Even though setting up and using it is fairly simple, the application tends to display unclear error messages and users find them hard to properly diagnose. Also many users don’t like its reporting system and prefer to supplement it with a third-party tool.
Arcserve boasts that they are one of the cheapest solutions out there for companies that need backup and recovery solutions. However, this tool is best suited for smaller businesses, as it does not offer the best cloud-based backup service for corporate users. Also, it does not allow for recovery of single files, instead, if such thing is needed, the application needs to restore entire databases.
Despite the limitations, it is still worth considering, because it takes no time to deploy, it’s inexpensive to use and just perfect for startups.
Microsoft is a veteran of cloud services and it was pretty clear that this IT giant needs to offer a disaster recovery solution, too. Microsoft Azure Site Recovery is a comprehensive tool that promises ease of use, cost-effectiveness and dependability. Does it deliver it all? The answer is simple: yes. It’s the perfect solution for all institutions running their operations with the use of the Microsoft stack. It’s a huge tool with support of Linux and Windows on physical servers and virtual machines and it’s easy to set up, but its users tend to claim that using its actual recovery functions seems to be overly complicated and if used to its full potential – it’s not that cost-effective at all. Also in the case of Microsoft Azure Site Recovery, failover is a manual process.
If you can’t avoid it – be ready
Incidents simply happen and nobody is 100% safe. You can get hit by a car, you can have a cardiac arrest or simply trip over and fall. The same goes for computers and their software infrastructure. Each incident that happens can lead to data loss and without the data – no organisation can function properly. The only way to minimise the damages is to be ready for anything and to have a plan. Recovering the lost information as quickly as possible can save a company from disappearing from the market and it’s fairly easy to do. So why risk? Besides using cybersecurity insurance, having a plan is a must!