As of December 4, 2018, Neverfail Cloud is offered through Neverfail's preferred cloud service provider, Online Tech, a global leader in secure, compliant hybrid and multi-cloud solutions for service providers. For more information, visit onlinetech.com.
Something we often see in the world of data protection is the confusion of business continuity with disaster recovery. Misunderstanding these terms will leave an organization at significant risk. According to IBM, of the companies that had a major loss of business data, 43 percent never reopen, 51 percent close within two years and only 6 percent will survive long-term. During a disaster, few people care about the definition of these terms. However, one sure way to get through the chaos of losing data and facilities is to know the difference between recovery and continuity.
By definition, business continuity is referred to as the planning and preparation of a company to make sure it overcomes serious incidents or disasters, and resumes its normal operations within a reasonably short period. The plan is focused on the business as a whole, and is put in place to ensure that critical systems remain functional during a crisis.
The concept of business continuity is broken down into three key elements:
- In order for companies to increase their resilience, it’s imperative that critical business functions and the supporting infrastructure is designed in such a way that they are materially unaffected by relevant disruptions, for example through the use of redundancy and spare capacity.
- Rapid recovery to restore business functions after a disaster is crucial. Setting recovery time objectives for different systems, networks or applications can help prioritize which elements need to be recovered first. Other recovery strategies include resource inventories, agreements with third parties to take on company activity and using converted spaces for mission-critical functions.
- The organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not have been, foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.
In order to determine what to prioritize when creating the plan, an organization must conduct a business impact analysis or BIA. A BIA can reveal any possible weaknesses, as well as the impact of a disaster on various departments. The BIA report informs an organization of the most crucial functions and systems to be prioritized in a business continuity plan. Recovery of data and information is most typically the top priority, but it’s not the only thing businesses focus on. Any event that could negatively impact operations is included in the plan, such as supply chain interruption and loss of or damage to critical infrastructure like networking equipment or hard copy data files.
According to IBM, of the companies that had a major loss of business data, 43 percent never reopen, 51 percent close within two years and only 6 percent will survive long-term.
With data being a top priority during and after a crisis, business continuity plans include a very important subset, known as disaster recovery.
Disaster recovery (DR) involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions.
It is the process of securing data with the sole purpose of being able to recover it in the event of a disaster. “Disasters” in the IT world come in many sizes. They can range from the loss of a single but important set of data, to the loss of an entire data center. The recovery of the corporate data may take the same herculean effort as the reconstruction of the company’s infrastructure. Losing any amount of data causes stress and panic, regardless of how large the disaster is. Companies of all sizes therefore, need to have a solid recovery protocol in place.
When creating a disaster recovery strategy, one must first refer to the business continuity plan for two key metrics; the recovery point objective (RPO) and recovery time objective (RTO). With these metrics, the individual creating the recovery plan can determine the best recovery strategy for each system. The budget is then set, and those metrics need to coincide with the budget in order to create a comprehensive strategy.
Some common strategies for data protection include:
- backups made to tape and sent off-site at regular intervals
- backups made to disks on-site and automatically copied to off-site disks. A company could create the backup disks off site originally but would sacrifice a set of back-ups in the process.
- Private Cloud solutions
- Hybrid Cloud solutions
There is a wide range of disasters, caused by both human error and nature, that lead to recovery situations. A certain type of disaster may seem improbable, but it is important to recognize the possibility of it occurring when creating a disaster recovery plan.
Examples of disasters include:
- Application or virtual machine failure
- Communication failure
- Data center disaster (Ex: inadvertent triggering of a sprinkler system, a power failure, a flood or fire)
- Campus disaster (Ex: a tornado that destroys one area)
- Citywide disaster
- Regional disaster (Ex: Hurricane Katrina and Superstorm Sandy)
- National disaster
- Human error (Ex: Deletion of files, downloading viruses and malware)
Testing is critical in DR planning. It helps identify gaps in the plan and provides a chance to rehearse different scenarios. A DR plan has a lot of moving parts, so testing it can help the organization understand exactly what employees should be doing during a recovery phase.
When creating a disaster recovery strategy, one must first refer to the business continuity plan for two key metrics; the recovery point objective (RPO) and recovery time objective (RTO).
Make sure that your business has these plans in place to protect against significant risk. Along with that, your continuity plan must be reviewed, updated, and tested regularly. Everyone must understand the goals of the plans in place so they can utilize all the resources available to them when disaster strikes.