The recent Chennai floods were a stark reminder of the vulnerability of our modern age mega-cities. In a world characterized by freak weather events globally; this event once again highlighted the quirkiness of nature and the need for effective Business Continuity Plans (BCP) to be put in place by organizations to ensure minimal disruptions and losses in the event of a disaster.
BCP refers to a set of planned measures to be implemented by organizations to ensure continued business operations in the event of a disaster – both natural and man-made. It includes a careful examination of the various threats and risks faced by an organization and preparing an actionable blueprint for minimal business disruption in the event of a calamity. BCP plans include both IT and non-IT related aspects of a business that include data protection and recovery, technology infrastructure, employee safety, facilities management, crisis communication amongst others. In this blog, we shall focus only on IT disaster recovery, a critical subset of business continuity planning in today’s digital age.
According to Wikipedia, Disaster Recovery (DR) is a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Natural disasters include floods, fire, earthquakes, hurricanes, whereas man-made disasters refer to hacking and virus attacks, security breaches, technical and power failure amongst others.
Organizations need to formulate their DR plans based on the criticality of the technology infrastructure for their business. For example – A few hours of downtime can cause severe business loss for an e-commerce business. Similarly a financial institution like a retail bank cannot afford technology outages for long periods of time. Imagine the ATM network of a bank remaining inaccessible to clients for a few hours or days. It would not just cause loss of business but also lead to thousands of disgruntled consumers and heavy erosion of its brand reputation.
Considering this growing dependence of businesses on technology infrastructure, DR planners need to work with various functions (Operations, Human Resource, Finance, Purchase, Sales) within their organization to define the recovery point objective (RPO) and recovery time objective (RTO) for their various business functions. Once these are specified, DR planners should map it to underlying IT infrastructure to support the functioning of these processes. While most business functions would prefer a zero data loss and quick recovery in the event of a disaster, maintaining that level of system agility could involve extremely high costs and therefore opted only by a small fraction of organizations. Considering these factors, the most common measures employed by DR planners to ensure data protection and speedy recovery are:
- Backups on tape and sent off-site on a periodic basis
- Backups to disks on-site and automatically copied to off-site disk, or made directly to off-site disk
- Data replication to an off-site location using of storage area network (SAN) technology
- High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data
The other important step in ensuring a full-proof disaster recovery plan is choosing the type of back-up site in case of a disaster. Once again, this decision has to be based on the dependence of the business on technology. If the organization can afford to manage a few days of downtime without affecting its business, then a cold DR site can be considered. If technology is important but budgets are limited then a warm site should be considered. If technology is extremely critical to the functioning of a business like an e-commerce firm or bank, then the only option is a hot DR site which is cost heavy but ensures almost zero downtime.
Traditionally DR planning and recovery has been the mainstay of in-house IT teams. However in the past few years, an increasing number of organizations have started outsourcing disaster recovery to third-party data center companies specializing in such services. The benefits of contracting Disaster Recovery as a Service (DRaaS) include minimal or no start-up costs, shared costs of staffing and technology resources, managed security at the site and round the clock technical assistance. For non-technology businesses, DRaaS offers the freedom to focus on core business activities while this critical element of their business is managed by a specialized external partner.
The growing demand for DRaaS has led several technology companies to offer it as one of their key services in the current digital age. Organizations planning to outsource their DR services need to do a thorough reconnaissance of the ability of such players before finalizing to ensure their IT infrastructure is in safe hands.
Still thinking? Talk to one of DR experts for a customized solution for your business. Call us at 1800-212-2022 or e-mail us at [email protected]