Some say that disaster recovery is not that different from backup. Others try to implement a "set it and forget it" backup and disaster recovery solution. And both of these positions are a great way to lose corporate data. Why?
You see, a successful disaster recovery plan should overview all aspects of recovery, starting from the recovery time and recovery point objectives up to the exact ways by which to restore the affected infrastructure. Ideally, you should have a detailed plan to move your whole infrastructure in any unforeseen event, right up to a pandemic, to keep your company afloat and operational.
So, in a nutshell, disaster recovery is a challenging, complex, and interconnected routine. And yet, no small to medium-sized business can really forget about it and pretend their data is safe and will be available forever. In this article, we'll present an overview of the main disaster recovery challenges that SMBs face in the market today. By focusing on these challenges, you'll be able to enhance your disaster recovery plans to avoid losing precious data.
Overall Complexity
The first big challenge is the complexity of today’s typical corporate environment. These days, your data and workloads are spread between different apps, computers, servers, and platforms.
Not only do you need to review and adapt your software and hardware to the ever-changing reality to stay competitive, but you also face major platform shifts like the recently finished shift from local environments to mostly cloud ones. All that makes a detailed and well thought-out disaster recovery plan a necessity. Moreover, such shifts and complex, ever-changing technological environments mean that you should review your plans and update them regularly.
Increasing Costs
There are three key disaster recovery cost factors:
- Cost of data. First and foremost, your data costs a lot. Your client records, bills, projects, workflows, databases – all of this can be lost, which could mean anything up to bankruptcy for the company.
- Cost of downtime. Any modern business relies a lot on electronic resources. So, once these resources go down, your business, partly or as a whole, cannot operate. This means that you will lose money with every hour of downtime.
- Cost of additional resources and workforce. Lastly, if you are about to create a good disaster recovery plan for infrastructure of any complexity, you are going to spend both your time and your money. And, although the options for spending here are limitless, your budget isn't. You will need more hardware, software, and workforce to develop, implement, and maintain a good disaster recovery solution.
As a result of the first two groups of costs, you typically aim for rather strict recovery time and recovery point objectives. These are the key indicators showing you how fast you should restore your workloads and how much data you can afford to lose. However, the costs of labor and your resources are also quite high, so you should balance your wishes against your capabilities.
Improper Disaster Recovery Processes
A poorly designed disaster recovery solution is no better than a non-existent one. You need to focus your attention on these four stages to make sure that you don't miss anything in your DR workflow:
- Planning. One of the most demanding stages, where you need to define your recovery time and recovery point objectives, come up with the solution architecture, and select vendors for hardware and software.
- Review. At this stage, you review your plan with your technicians and C-level to make sure that you haven't forgotten anything and that your plan will be budgeted.
- Implementation. Once you are all set with the planning and review phase, it's time to actually implement the solution.
- Regular tests and reviews. Schedule regular tests for your new disaster recovery environment to make sure that you are actually ready to recover any workloads and data in different events. Once your tests are complete, review your plan and update it where necessary.
Insufficient Backup Protection
While you might have the right processes in place, you should also take care of the tools you are using. Define whether all of your types of workloads are being properly backed up. For example, if you have employed cloud virtual machines, you will need a specific set of tools and a different approach to make sure that your architecture can be successfully restored.
Secondly, when you perform a backup, it's considered to be unsafe to store all data in one storage.
For this reason, the most popular backup storage approach, the 3-2-1 backup rule, states that at any point in time you should have at least three versions of each file, two of which are backups, and one of the versions should be stored at an offsite location.
Lastly, you should keep in mind the high probability of a successful ransomware attack, the menace of modern-day data security. Sometimes, ransomware aims to encrypt both your files and your backups. Hence, you should stick to the 3-2-1 rule to be able to recover even if one of your backups is encrypted.
Also, you can implement a so-called air-gapped backup technique. This involves having a copy of your data that is completely detached from any infrastructure. This is the ultimate, albeit costly, way to protect yourself from ransomware.
Further reading How to Protect Backups from Ransomware
Hard to Meet the Regulatory Requirements
Lastly, your backup and disaster recovery policies are affected by the sphere your company operates in. There are different compliances, such as HIPAA for healthcare data in the US, or GDPR for the data of EU citizens. These compliances state how exactly you should store and protect your data. Unless you are prepared to pay huge fines, you should stick to those compliances.
Further reading HIPAA-Compliant Backup: Requirements and Implementation
Conclusion
A great backup and disaster recovery plan takes a good amount of effort, money, experience, and expertise. You should keep in mind all the details of your infrastructure, think of dozens of ways to lose your data, and then invent dozens of ways to recover it. All that should be a repeatable, carefully planned process. Sounds challenging, but it is also an absolute necessity for any SMB in the modern world.