In this article, we'll cover:
- What is disaster recovery?
- Types of disasters
- How disaster recovery works
- Types of disaster recovery
- The benefits of disaster recovery
- Disaster recovery vs business continuity
- Cyber recovery vs disaster recovery
- What is RTO and RPO in disaster recovery?
- Elements of a disaster recovery strategy
- How are organisations using a disaster recovery (DR) plan?
You may think that you and your organisation are immune. Immune to sudden events or catastrophes that could make all your years of hard work meaningless.But no one is resistant to nature taking its course.
We need to prepare for the uncertainties of the future, including natural disasters. The organisations that have a disaster recovery plan can easily spring back from the losses of a disruptive event as compared to those that don’t. IBM, AWS, VMware, Microsoft, and countless service providers are testament to this fact. Mere data loss aside, there can be much, much more at stake.
Other than natural disasters, there are many reasons why business operations could be disrupted. You could suffer from reputational loss.
What is disaster recovery?
Disaster Recovery prepares an organisation to resume critical functions after a disaster has taken place. If your business uses a computer for data processing and data storage or archiving, a disaster recovery plan can help you restore data and electronic information while minimising negative business impact.
A disaster could result from something such as a hardware malfunction, cyber attacks, ransomware attacks, human error or a flood in your offices. In every event of a disaster, having a disaster recovery plan can help you get your data back.
While disaster recovery doesn’t begin and end with data (replacing office carpets in case of a flood, for example), it’s an area that should be of concern for your business impact analysis report.
A disaster recovery plan does not eliminate every single possibility of failure in your IT setup but ensures that an equipment failure does not interrupt your normal operations or business needs. Your disaster recovery plan helps you strategise the steps to follow in the event of a disaster, so key operations do not suffer.
The disaster recovery plan follows a disaster response. It is a documented process that will help an organisation regain access and functionality in the shortest amount of time during a period of acute stress. The plan would include details on recovering data and communicating with employees about the event and how to ensure business continuity in the event of a disruption, on-premises, or elsewhere.
Types of disasters
Some disruptive events could affect your IT infrastructure while others could damage your offices and physical spaces. Your disaster recovery plans should consider all kinds of disruptions. Disasters can include (but are not be limited to) the following:
- Natural events like earthquakes, hurricanes or floods
- Failure of equipment because of a hard disk failure or power outages
- Human error, accidental erasure of data or mishandling of hardware
- Criminal or military attacks
- Malware or ransomware attacks
How disaster recovery works
Disaster recovery backs up data and maintains your computer processes in an off-premises location not affected by the disaster. When your IT infrastructure collapses or cyber security fails because of a natural disaster or a cyber-attack and your data management takes a blow, your business can recover the lost data from this location.
Backing up data to a remote location is a priority in disaster recovery, but an organisation can also transfer its computer processing to that location as well to sustain operations (known as failback).
Types of disaster recovery
Organisations have the option to choose from one or more of the following disaster recovery methods:
- Back-up: this is the simplest yet most necessary type of disaster recovery. You need to continuously store data off-site or on a removable drive.
- Cold site: in case your physical premises are compromised, your organisation will set up a basic office for their employees to work after a natural disaster or fire.
- Hot site: a hot site has up to date copies of your data. Data is backed up in real-time and thus any disruption means that you can have your data back from exactly the point the disruption occurred.
- Disaster Recovery as a Service (DRaaS): this is a private cloud service that moves your processing to its cloud storage in case your servers are down. Also known as a Virtual Management System (VMS), you can continue your operations from the vendor’s location.
- Datacentre disaster recovery: these are physical disaster recovery tools like fire suppression equipment to ensure your IT equipment survives a blaze.
- Virtualisation: the use of virtual machines at an off-site location, can function as backup of some operations or even a working replica of your complete computing environment.
The benefits of disaster recovery
With the advent of private and public cloud computing, our data and confidential information traverse the internet at a mind-blowing rate, which makes us more susceptible to risks. IT infrastructure has become complex and data isn’t always stored on physical files anymore. This complexity results in frequent outages and system breakdowns. The business impact of system downtime because of outages is quite high, which makes a disaster recovery plan a necessity.
Enterprise resiliency and a business continuity plan are the key reasons for a business to have a detailed and well-tested disaster recovery plan. Other reasons are:
- To ensure smooth operations.
- To minimise the extent of damage because of a disruption.
- Planning for a potential disaster helps minimise the economic impact of the interruption.
- A disaster recovery plan can ensure faster recovery to an optimal state of operations.
- To train personnel in emergency procedures.
Disaster recovery vs business continuity
Disaster recovery and business continuity aren’t interchangeable but they’re not mutually exclusive either. Business continuity helps ensure the entire organisation is functional during and after a crisis. Disaster recovery, on the other hand, is about getting your IT operations up and running.
Business continuity has many considerations not related to technology. Business continuity includes disruptions like the departure of key employees, supply chain problems because of road blockades, and disruptions to utilities. Business continuity plans are more comprehensive than disaster recovery plans, as they account for not only business data but personnel and other assets.
Cyber recovery vs disaster recovery
Cyber recovery is very different from disaster recovery. Cyber recovery is a more sophisticated process that safeguards your data in case of a cyber-attack. If you maintain regular backups, it is possible that you replicated compromised data during a cyber-attack. In a cyber recovery system, data is stored in a cyber vault environment. It is physically and virtually isolated from your data centre. Data protection is ensured this way.
Cyber recovery is not disaster recovery but it can be part of a robust disaster recovery plan.
What is RTO and RPO in disaster recovery?
RTO (Recovery Time Objective) is the time an organisation takes to return to full functionality after a disaster. When you set your disaster recovery strategy, your RTO would be the maximum time it would take to get your IT infrastructure up and running.
RPO (Recovery Point Objective) is the number of transactions lost from the time of the event up to the full recovery of the IT infrastructure. For your disaster recovery strategy, your RPO will be set at the amount of data you can afford to lose.
Both of these are important metrics in your disaster recovery strategy.
Elements of a disaster recovery strategy
A comprehensive disaster recovery plan would ideally establish a sensible Recovery Time Objective (RTO) that allows a realistic downtime to get things back in order. Your RTO will help decide the time and money that can be spent in the most cost-effective way when disaster recovery planning.
This will be followed by a communication plan. Distribute roles and responsibilities among your staff. Everyone should have a backup in case they are not available on the day of the crisis. It may be possible that employees might have to work offsite, so it needs to be ensured that software is available to employees working remotely. Test your disaster recovery plan with regular drills.
What’s in a disaster recovery plan?
Orchestration of a typical disaster recovery plan includes:
- Risk evaluation to detail all possible threats
- Emergency procedure to be carried out when an emergency occurs
- An inventory of your IT assets
- Maximum allowed outage time for critical systems
- Tools that will be used for recovery
- A disaster recovery team that will lead the recovery effort
- Determine your data backup strategy, i.e. how often do you need to replicate data on your backup server
- Test your backups to ensure data is being replicated properly
How are organisations using a disaster recovery (DR) plan?
Organisations find it difficult to independently draft disaster recovery plans that can help them bounce back and minimise damage in the event of a disaster. They struggle to evolve their disaster recovery process as per the dynamic of the digital landscape and complex business operations. With big data, hybrid cloud computing and social media, companies have to cope with massive amounts of data that has to be captured and stored at an exponential rate.
Cloud services have allowed organisations to outsource their IT disaster recovery plans and offer a disaster recovery solution, also known as Disaster Recovery as a Service (DRaaS).
Your organisation’s disaster recovery efforts are mostly dependent on the communication between teams and personnel. To minimise the economic threat, you need to make sure your teams stay connected by phones if their computers are compromised. A disaster can put a dead stop to business continuity. Communication among the team and with customers is key as you anticipate, plan for and survive an unforeseen disaster.
Use RingCentral’s multicloud business communication system to ensure your communication systems remain online so you can work together for a proper return of service with minimal issues.
Originally published Nov 14, 2022, updated Nov 30, 2022