On August 24, 2005, when the storm that would become Hurricane Katrina was several days out from landfall along the Gulf Coast, Walmart’s director of business continuity activated the company’s emergency operations center, recalled key staff, and set years’ worth of plans into motion. In the days that followed the devastation of Katrina, Walmart was able to deliver 100,000 free meals and 1,900 truckloads of supplies to survivors and to provide emergency workers with supplies and protective gear.
Although every organization won’t have to prepare for and respond to a natural disaster of this magnitude, the rise of cyberattacks and damage from weather events has made sound backup and disaster recovery planning even more important in recent years. In fact, Gartner calculates that the cost of each minute of IT downtime is $5,600, and only 2 percent of companies are capable of restarting operations within an hour of a disaster event.
Backup and Disaster Recovery Plan Overview
Though related, backup plans and disaster recovery plans are different from one another. A disaster recovery (DR) plan focuses on how an organization can resume operations following an impact to applications, networks, hardware, and/or databases caused by a weather event or a cyberattack. Alternatively, a backup plan is the process that your organization follows to store all of your important business and customer files, software, and configurations in a secure, geographically separate location so operational information can be recovered as needed.
Because your business generates a large amount of data and files, the risk of corruption, compromise, theft, or loss of this data can be crippling to your operations. Therefore, creating and implementing a data backup strategy, in coordination with a DR plan, can minimize system downtime and expedite a return to normal operations.
Components of a Comprehensive Plans
The moments immediately following a disaster event isn’t the time to come up with a plan of action. Instead, it is critical to have a plan in place that is well documented, communicated, and practiced in order to protect your organization and prepare for recovery.
What does such a plan look like? Below are four key components that your organization can include in its plan to ensure that your business is prepared for the worst.
Assessment of Mission Critical Systems
As with other efforts, it is often hard to know where to start with DR and Backup planning, but. Conducting a system and data inventory followed by prioritization should be your first step. Identify all applications, hardware, software, configurations, databases, and batch processes run across your organization and use this information to identify which systems are the most critical to business operations.
From there, expectations can be laid out for when and in what order each system can be recovered. Additionally, this is the time to determine how often each system needs to be backed up so the requisite planning can be done to meet those expectations. This can include the number of copies, the type of copies (file or image level), and how accessible the copies should be.
Mechanism for Detection, Analysis, and Escalation
Not all threats to your business operations will come with weather forecasts; unexpected threats such as earthquakes, fires, or cyber intrusions can come without warning. In any case, there must be systems and processes in place to detect and report an intrusion or incident either via technology (i.e., incident detection system) or employees’ word of mouth. Once staff is alerted to an issue, system logs and data can be reviewed so the scope of the incident, its potential impact, and how it should be escalated can be accurately determined.
Any DR plan should have a component that identifies the staff needed to perform containment activities and what those activities are. In the event of a cyberattack, this can include disconnecting a system from the larger site network to prevent the threat from spreading and preserving systems with sound forensics practices so further analysis can be done. Whatever the actions, coordination between IT staff and business leadership should be confirmed so the impact to operations from different disaster scenarios is understood before they happen. Alternatively, in a weather event, the safety of your employees is paramount. A DR plan should outline where employees can wait out an event and what is expected of them in the hours, days, and the weeks that follow.
One of the most common things you will hear from IT professionals with experience in DR and backup planning is that you need to keep your plans and processes up to date to reflect your current environment and requirements. Because a lot can change between the inception of your DR plan and a potential event, it should be a priority for your organization to keep the plan up to date as new systems, databases, and operational needs arise so your plan is properly aligned. A good rule of thumb is to review every six months or when a major system or operational change is initiated.
Bringing It All Together
Disaster recovery and backup planning is never a fun undertaking, but when your organization plans for the worst, your business will be able to set itself apart from the competition and limit losses when disaster strikes.
So, whether your organization is just starting with the planning process or it already has plans in place, using these best practices as a guide can help to make sure you devise the right backup strategy for your unique environment.