Back to basics: Disaster Recovery and Business Continuity
Modern organisations must protect against a multitude of threats, be these cyber-threats such as Ransomware or Malware attacks or a physical or natural threat such as an earthquake, flood or fire. The threat of data outage is always there and to successfully protect against it, a concise, up to date and tested plan must be put into place.
Disaster recovery is relevant to organisations of all sizes, and with it being reported that up to 70% of small/medium businesses unable to recover from data loss, disaster recovery is in focus for more than just enterprise organisations.
- Disaster Recovery refers to policy driven procedures to restore data, infrastructure and systems on a larger scale in the event that a natural disaster or a human-made disaster takes place. Disaster Recovery could also include failover to systems that data is replicated to.
There are several variations on how DR can be achieved within an organisation and these often hinge on the RTO and RPO of an organisation and the budget available to implement and run a solution.
- RTO (Recovery Time Objective) is the time limit set by an organisation to have recovered data and have systems running at a normal level, in the event of a disaster.
- RPO (Recovery Point Objective) refers to the last available copy of data that can be recovered from and the maximum amount of time between backup points.
Solutions and Strategy
The most simple variety of disaster recovery is having a secure, offsite full backup that all data can be recovered from in a disaster. This would, however, mean that in the event of a disaster an organisation will need a platform, physical or virtual, hardware or public cloud, to recover the data too, incurring an additional cost.
Disaster Recover as a service (DRAAS) solutions are more likely to use a combination of techniques to enable DR, replication and backup included. These services may include the option to failover to a cloud platform, replacement hardware being supplied, or instant failover to warm hardware.
A successful DR plan will take into account factors including the relative value of data and which data will need to be restored most quickly for an organisation to continue running at operational capacity. Other factors of the wider plan will have to include provisions for staff to continue working and could even cover alternate premises or a plan to enable staff to work remotely.
The way that the organisation begins to recover and work through a disaster is often referred to as Business Continuity.
A comprehensive and well thought out Business Continuity Plan will also include contact details and arrangements for relevant suppliers, colleague and staff.
Business continuity becomes more relevant for organisations with shorter RTO’s. An organisation with an RTO of 48 hours, will be willing to have no continuation of business for that time period where as an organisation with an RTO of several hours will aim to be as continuous as possible, in some cases even failing over or replicating for instant continuity.
- Business Continuity refers to the capability of an organisation to continue operating and delivering a service or product in the event of a disaster or other incident.
Meeting a set RTO is one factor of DR and BC but the real reasoning behind an organisation planning to recover and continue operating can be given a monetary value. If a manufacturing business loses a factory in a fire then the value of the stock will be an obvious loss but if an online business was to lose its website and not be able to take orders, they will also be losing money.
Disaster at the Academy Selsey
In late August 2016, the Academy Selsey, a school that makes up part of The Kemnal Academies Trust (TKAT), suffered a disaster when a fire broke out during a roofing repair job. The fire destroyed 80% of the school site including the server room containing all staff and student data.
Having implemented a full backup solution within the school environment, the Selsey Academy were able to successfully carry out their disaster recovery plan and begin the process of recovering data and ensuring there was a physical site that could be used.