With the looming threats of natural disasters and cyber disasters like ransomware, organizations need to position themselves to defend against constant threats while still providing value to their customers.
What does disaster recovery mean to you? What does it take to be disaster-ready, and how will you know when you are? These are questions anyone in IT management has asked themselves. The reality of disaster recovery is that it is hard, it takes effort and it requires practice from your labor force. Let’s look at disaster recovery and what it means to be prepared.
To begin, a distinction between backups and disaster recovery becomes necessary. Backups can help you recover from a disaster, but backups are not disaster recovery. Backups have a longer RPO (usually 24 hours) and a longer RTO (cheaper, deeper and less performant storage). Essential services in an organization cannot typically tolerate a potential data loss of up to 24 hours, and these services need to be available as soon as possible. Some organizations serve customers 24/7, and others have regular working hours (not 24/7). Backups typically do not provide the resiliency that organizations require.
Where should you start?
Every organization should understand its application landscape and tier its workloads. Application rationalization enables organizations to classify their workloads into tiers according to purpose and dependency. A rationalization of workloads is an essential first step. Without this step, an organization sees disaster recovery as a costly mechanism.
- Tier 1 Applications provide critical services to run your organization. (< 15 mins RPO, < 4 hours RTO)
- Tier 2 Applications allow secondary organizational functions to operate. (< 24 hours RPO, < 24 hours RTO)
- Tier 3 Applications serve an essential purpose but are easily replicable activities.
The next step is to select the technology appropriate for your organization. Many vendors provide products and services to accomplish disaster recovery goals with similar technology. Select a few and perform a proof of concept to see what works for your organization and labor force.
After you’ve assessed your application landscape, and selected a technology, you must invest time and effort into leading drills for your organization. As the old saying goes, practice makes perfect. Running disaster recovery drills allows you to iterate on the knowledge of your environments and improve your readiness posture. You can create runbooks to document requirements, dependencies and procedures through these drills and withstand the potential knowledge loss of inevitable labor force turnover.
To sum up, the steps required are:
- Step 1: Application Rationalization
- Step 2: Technology Selection
- Step 3: Drilling and Constant Iteration
Disaster recovery is an investment of time, effort and capital—and it’s worth all three in order to be prepared for the inevitable threats to your business.