June 21, 2022
Originally published in November 2015
It’s a common misconception that in the event of a disaster, insurance plans will protect the company and facilitate its continued survival. Yes, insurance can go a long way in repairing the physical damage sustained to the building premises, but no, insurance packages will not bring back lost data from the data center. It is to be noted that for some businesses, having a cyber insurance policy isn’t an option, but a requirement.
The need for cyber insurance aside, a Disaster Recovery plan is necessary. In the 21st century, virtually everything that supports a business’ operation is digital and stored away. Without access or recovery solutions, vital components of the company will be lost forever. After a disaster, companies often cannot access a list of customers to even inform them a disaster occurred, let alone carry on with business as usual.
Given that information, it is no surprise that 60% of companies affected by a disaster never open their doors again. Another 25% of the surviving companies will limp on only to fail within another year. So, it is absolutely vital that companies of all sizes seriously consider a Disaster Recovery strategy.
The Four Phases of Developing a Disaster Recovery Plan
Establishing a Disaster Recovery strategy takes place in four phases.
1. Define: First and foremost, a company must ask the hard questions to define the elements of their business that are truly mission-critical as well as an acceptable threshold of downtime.
- Recovery Time Objective (RTO): This refers to the maximum amount of time key business systems will be inoperable.
- Recovery Point Objective (RPO): RPO involves data recovery and indicates the maximum time period in which data will be lost after a disaster. So, a RPO of ten minutes would mean that, in the event of a disaster, only the previous ten minutes of data would be lost. It is important to note that RPO does not refer to the amount of data that would be lost, only the amount of time. It is possible for very little or an extreme amount of data to be lost within the given RPO threshold, it is just a matter of how much data the company is creating just before the disaster strikes.
2. Design: Once the objectives and parameters are established, a company can then move on to designing a solution.
3. Implement: Whether the solution involves software, colocated hardware, the cloud, or other alternatives, the Disaster Recovery Strategy can now be put into effect.
4. Test: Finally, the strategy has to be tested and as many people as possible within the department must become familiar with the steps needed to recover the data. This will be a critical fail-safe should that day ever come.
The Four Disaster Recovery Phases in Action
To illustrate the four phases of Disaster Recovery, we’ll take a look at a recent Mindsight project. Mindsight consulted a manufacturing company in the Chicago area whose business involves dealing with volatile chemical ingredients. The company had a limited IT staff with no prior experience implementing a Disaster Recovery solution, and no second data center. Furthermore, their existing data center was a mere 100 feet from the production line. If there had been a significant accident on the line, there’s almost a guaranteed chance that the company’s data center was going down.
The Mindsight Solution
Every organization will have different requirements for their disaster recovery solution, so Mindsight’s strategy for this company is best understood as an example of the kinds of steps a company should take to protect their data.
Define
- RTO and RPO Time: Mindsight worked with the company to balance their requirements with their budget and found RTO and RPO times of one hour to be the most cost-effective timeframe.
Design and Implement
- Private Cloud Colocation Solution: To protect against data loss in the event a freak accident destroyed their on-premise data center, a private cloud environment was built in a colocation data center elsewhere in Chicago.
- Veeam: Because the company operated in a fully-virtualized environment, Mindsight used a tool called Veeam to both replicate the data and fine-tune the replication to keep it as fresh as possible without causing performance issues.
- Managed Services: Due to the client’s limited staff, the company chose to leverage the experience of the Mindsight engineering team to monitor and manage their solution.
Testing
- Non-invasive Test and Run Book: Mindsight performed a non-invasive test to make sure each component of the DR strategy would work as expected in the event of a disaster. As the test was performed, Mindsight engineers documented in a run book every step necessary to recover the business. The run book was then given to the company after the test. With it, they were able to successfully, and without the assistance of Mindsight, recover the environment on their own. This way, in the event of a disaster, multiple teams have all the necessary resources to complete the disaster recovery process.
Like what you read?
Contact us today to discuss Disaster Recovery.
About Mindsight
Mindsight, a Chicago IT consultancy and services provider, offers thoughtfully-crafted and thoroughly-vetted perspectives to our clients’ toughest technology challenges. Our recommendations come from our experienced and talented team of highly certified engineers and are based on a solid understanding of our clients’ unique business and technology challenges.
For Further Reading:
A single data center is far from safe. Anything from a sprinkler system malfunction to a tornado could utterly destroy a Chicago data center. Check out this Mindsight blog post where we outline some strategies to safeguard a company’s data, “2 Key Ways to Protect Your Data: Colocation and Cloud Solutions.”