Disaster recovery 101: What you need to know about disaster recovery (and how the cloud changes things)
The term "disaster recovery" has been bandied around the world of IT for decades. During that time it has meant many different and frequently contradictory things. To some people, disaster recovery means getting data systems up and running after something bad happens. To others, it means finding a way to keep things running until you can get back to your data center after something bad happens. And sometimes disaster recovery means getting an organization ready so that when something bad happens, you’re prepared.
You may notice a common theme in the idea of disaster recovery: something bad. That bad thing can range widely, from a burst pipe in the machine room to a terrorist attack to a natural disaster. You need to prepare for more than just the obvious.
Fortunately, while the preparation process differs depending on the nature of the disaster, most of the recovery is pretty much the same. And fortunately, some aspects of disaster recovery have become much easier. For instance, with the advent of the cloud, it’s now possible to use data that’s already in cloud storage.
What’s a disaster?
When you plan for disaster recovery, it’s important to decide what constitutes a disaster, versus what’s simply an inconvenience. In general, anything that significantly impairs day-to-day work can be considered a disaster, including a major power outage, a hurricane, a snowstorm taking down the roof of the server room, or terrorism.
“Significantly” depends on your organization and how it conducts business. Not everything bad is necessarily a disaster; some events are a disaster to you that are not to others. For example, if your organization has several locations, each of which has access to corporate data and can conduct routine activities for the whole company, then you may encounter inconveniences but few disasters. On the other hand, if your organization has a single location, a single data center, and a minimal staff, then anything that causes a disruption might trigger a disaster recovery response.
But even then, not every event is necessarily a disaster. For example, a power outage might not matter much if your data center is equipped with on-site generating capacity and you have a way to get adequate fuel delivered. However, a minor power outage at another location could be a disaster if it takes out your network access and you don’t have a backup connection.
It’s worth noting that a disaster in this context does not necessarily mean widespread destruction, loss of life, or general catastrophe. What a disaster means to you is defined by what interferes with your operations to the point that it endangers your business and thus requires a disaster recovery response. A disaster recovery response is the set of actions your organization must take to continue operations in the face of an unforeseen event.
But unforeseen isn’t the same thing as unplanned. Even if you have no way to know what the future may hold in terms of bad things, you can still plan for them.
Such planning can take two forms. One is to plan for events that may keep your organization from functioning but would allow business to resume once the disaster conditions end. A flood may block access to your facility but leave it untouched, for example; the real problem isn’t so much recovery as it is business continuity. You still need to use your disaster planning so you can stay in business, but the parts of your plan that involve rebuilding your facility aren’t necessary.
However, there is the other form. Some disasters may damage or destroy all or part of your data center or computing facilities (such as employees’ desktop systems) and may result in significant downtime. While you hope this doesn’t happen, if it does, you need to have put your ducks in a row well in advance. For example, you need to set up procedures with your insurance carrier to expedite claims for rebuilding and ensure you have coverage for downtime and contingency operations ahead of time.
Likewise, if you have more than one business location, then you have a way to keep operating while you rebuild. However, you have to make sure that all functions, not just the critical ones, can be performed at the alternate location.
Finally, the type and extent of the disaster affecting your business matters. For example, think again of the flood example, the one that blocks the road leading to your facility but leaves the facility untouched. If your employees have access and the road is uncovered fairly quickly, the disaster will be limited. On the other hand, if the disaster prevents your employees from getting to work and makes working from home difficult or impossible, then the disaster requires a greater response.
But the nature of that response still depends on the nature of the disaster. Because of this, you need to know what kind of disaster it is, and how long your facilities may be unavailable.
As a result, you need to create a plan for any foreseeable event, from hurricanes to the zombie apocalypse, and document a separate plan for each eventuality. (Fortunately, most plans have a lot of overlap.) Then, if the disaster actually happens, you need to determine which plan to execute. In some cases, you may need to draw a response partly from one plan and partly from another.
This all sounds overwhelming, and indeed it can be. Disaster preparation is a lot of work. However, while it does require a lot of organization, you don’t need to go it alone. Disaster recovery services can provide a turnkey disaster recovery implementation, and disaster recovery consultants are ready to provide as much or as little disaster recovery assistance as you want.