No entrepreneur wakes up one morning and wishes to lose his company’s data. Yet, by life’s own design, disasters will always take place taking with them valuable business data. The ponderous rampage trail a disaster leaves behind is a sore reminder of the need for businesses to have a full-fledged data recovery plan that can handle any type of disaster, including calamitous weather, earthquakes, and terrorist attacks.
For businesses competing in today’s crowded marketplace, data recovery for business continuity in the event of a disaster can be the difference between turning a profit and recording a loss. Here is a five-step action plan for data recovery for businesses.
Step One: Create a list of all possible threats to the business
Threats come in all forms and sizes. As a first step towards data recovery after a disaster, a business organization should list all possible threats and categorize them according to the magnitude of impact those threats would inflict on the system if they materialized.
The business should also draw a clear picture of its system downtime tolerance based on how much time it can afford to be down without too big an impact on the overall well-being of the business.
Thereafter, it should be possible to calculate the cost of responding to the disaster based on the system downtime tolerance – the lower the system downtime tolerance, the higher the response cost. The list of threats will help eliminate latent threats that can gravely affect a business without a clear recovery path to get back to normal business operations.
Step Two: Outline the business continuity and data recovery infrastructure
A business’ ability to respond to a disaster is only as good as its business continuity and disaster recovery (BCDR) infrastructure. This includes high speed/high bandwidth connections, main data center, a resource duplication remote site and uninterrupted power supply. Failure to have this infrastructure in optimal performance automatically translates to serious obstacles to a business’ profits once disaster strikes.
Generally, the right approach to BCDR is using a “redundant everything” approach at the data center. This philosophy encourages multiple servers and mainframes to continuously run backups.
Consequently, when a problem arises in the business production system, it fails over to the existing local backup that serves as the company’s first line of defense.
When a business encounters a disaster, it is an opportunity for its rivals to dethrone it as it struggles to resume normal operations. Therefore, no business should afford long downtimes.
For most businesses, the greatest test of its BCDR is its power supply. Yet, many enterprises do little to create a BCDR system that would not be halted by a preventable power supply disruption.
A business should conduct a disinterested monitoring and analysis of its network infrastructure and how well it would respond to a disaster. It is quite common for businesses to discover a severed fiber cable at the moment of disaster recovery, which effectively brings the whole process to a resounding stop.
Hence, it is generally a good idea to ensure that network connections are redundant, follow a number of different paths and use a wide WAN topology in dealing with threats that would thrash the very foundations of the business.
Step Three: Build a precise inventory of the business’ IT assets
A precise inventory of the IT assets in a business draws a clear picture of the available business resources as well as the business processes to protect in the event of a disaster. A single disaster that strews a company’s resources can recede every progress the business has ever made since inception.
Today, many vendors have emerged offering enterprise management tools that can help a business to build and maintain an accurate inventory of its IT resources. Most of these vendors sell modules that use advanced software to analyze a business IT infrastructure and store information about available hardware and software.
Typically, the software would also analyze the formation structure of this hardware and software in the enterprise configuration management databases (CMDB).
Step Four: Define a contingency policy based on a set service-level outlook
A service-level outlook tells the management in a business organization how much downtime a certain asset can afford. This information paints the clearest picture of the amount of money that a business must set aside for effective data recovery.
If a business organization’s service-level outlook, configurations, and assets remain in obscurity, it is practically impossible to define a contingency plan.
Consequently, without a contingency plan, there is no clear way of linking business needs to the performance of IT assets and the impact a disruption would have on the general well-being of the business.
Accordingly, it becomes extremely hard to convince business executives to fund the contingency plan.
Step Five: Develop and test the contingency plan
After business executives understand how they can wring profits out of a contingency plan, it is time to develop and test it.
An excellent contingency plan should include:
- Details on the role and responsibility of each department during the data recovery process
- Details on the role and responsibility of each member of staff during data recovery
- Clear procedures to be followed to restore IT systems in the event of an emergency
- Resource requirements for the effective implementation of the contingency plan
- Frequency of testing and training exercises
- Data backup and maintenance schedules
A contingency plan implementation goes through three phases:
- Notification and activation – this happens the moment a disaster strikes
- Restoration and recovery – this phase follows the activation phase after emergency teams have been notified and mobilized.
- Return to normalcy – this is the final phase that determines whether the business will return to using primary resources or keep using the backup system in the event that restoring the business primary resources will be a protracted process.
The contingency plan must thereafter be tested to find out how well it can handle a disaster. Over time, it must be retested to measure the impact that changes in business processes, as well as IT infrastructure, have to its effectiveness and completeness.
Disaster recovery drills should be designed to simulate conditions in the real world. Accordingly, changes should be made to the policy to reflect the changing business landscape.
A business might not have the ability to prevent a disaster in which it loses significant amounts of business data, but it sure can build a capacity to respond to most of the foreseeable disasters and avoid disintegrating into a state of dire confusion as business data goes down the drain.
Feature Image Credit – DepositPhotos