What To Look For When Building A Disaster Recovery Plan

By Adam Mommersteeg, Protera

Disaster is never convenient. If we learned anything from the pandemic, it’s that when a crisis hits, you don’t have the luxury of planning and systematically running software. During a crisis, IT and security teams will be forced to act quickly and efficiently, often amid disorder. Planning for the unknown can be a laborious challenge – requiring a sound recovery plan in place that includes well-executed drills, rehearsals, and testing schedules.

With technology rapidly advancing, new strategies and capabilities have been introduced to streamline the execution and management of business continuity and disaster recovery (BCDR) planning and testing. New solutions can dramatically reduce recovery time and data loss in the instance of an outage compared to what was achievable even just a few years ago. These technologies can address many challenges faced prior, including precious time and resources during unplanned situations.

When implementing a new disaster recovery plan, IT and security leadership need to ask themselves:   Can my current disaster recovery tests be conducted without disrupting the business? Can we afford to devote our workforce or absorb the required downtime for frequent forced testing? Do the recovery time and measure of data loss of my system meet the demands of cyber insurance companies? Or do we simply need a better solution? 

Often, the answers support taking a new approach to technology, and in being strategic when building your BCDR plan. 

Complex Technology Environments Can Hinder BDR Planning 

One issue to watch for is the growing complexity of legacy IT environments. IT sprawl and the rapid pace of change within the business and IT worlds can cause issues with the currency, maintenance, and general upkeep of enterprise IT, even at the largest companies. This can lead to a complex environment that is sometimes cobbled together, resulting in networks so complex that change becomes disruptive, requiring downtime and copious amounts of integration. 

Complexities like this in primary data centers and applications are only compounded when planning, implementing, testing, or modifying a disaster recovery plan.

Streamlining And Controlling Automated BCDR  

Although automation exists in this category, it has not typically been organized or integrated —at least not for the typical mid-market company. Hyper-scalers have addressed this challenge by creating proprietary systems that consolidate the functions of individual tools and applications into a single framework or architecture. This represents a much more holistic, efficient, and thorough way to approach business continuity.

As technology has evolved, the market has launched solutions that use the same holistic strategy as these hyper-scalers, with open-source solutions that can be used in any environment.

Ideally, business continuity and disaster testing should be easy to execute. Administrators should be able to control this process, allowing companies to conduct business as efficiently as possible even during forced testing periods. Flexible BCDR solutions let users select and pre-schedule dates when testing is to take place. And importantly, administrators can choose what departments are to be tested first, prioritizing according to urgency or other criteria.

Reducing RTO And RPO; Increasing Resiliency 

To evaluate the effectiveness of BDR solutions, experts have developed the following standards:  RTO (Recovery Time Objective), or how quickly an application will become available again after an outage; and RPO (Recovery Point Objective), the amount of data loss an application can tolerate, measured in minutes. The longer a solution takes to satisfy either of these touchpoints, the older your data will be upon recovery, and the more data loss the company will suffer.

Solutions should accommodate the needs of the companies they serve, not the other way around. They need to be agile enough to let companies decide how best to apply their capabilities, so businesses can maximize the use of resources and minimize disruption. Similarly, your company should be able to choose what intervals in which you’d like to run testing, whether that’s monthly, quarterly, or otherwise.

If your solutions don’t facilitate this, you may be unnecessarily sacrificing productivity and squandering resources with each test. By taking a more holistic approach to business continuity and disaster recovery, and by acquiring the newest capabilities this market has to offer, IT and security leadership can avoid these pitfalls. They’ll be far more prepared should an actual crisis unfold. 

About The Author

Adam Mommersteeg is SVP Solution Architecture for Protera.