Disaster Recovery Planning: What Every Business Needs to Know
For businesses today, disasters come in all shapes and sizes: natural disasters like hurricanes, fires, and floods; technology disasters, like system failures and cyberattacks; and human disasters, like terrorism or acts of violence.
While these scenarios originate from different sources for different reasons, they have three things in common: they will occur (if they haven’t already), they will impact your business, and they require a comprehensive disaster recovery strategy.
In this climate, a disaster recovery plan is non-negotiable. But getting started can be overwhelming. If you don’t have a strategy in place, where do you begin? If you have one, but it needs refreshing, what’s the best way to update your plan? Let’s take a closer look.
Major disasters seem like something that happens to other people in other places – until they happen to you. And unfortunately, the statistics suggest that a disaster will hit sooner rather than later with serious implications.
- More than half of companies (54%) experienced a downtime event that lasted more than 8 hours – one full work day – in the past five years.
- Just 2% of organizations recovered from their latest incident in under an hour.
- 1 in 3 organizations were hit by a virus or malware attack in the last five years.
- Only 35% of outages are caused by natural disasters. Another 45% are operational, and 19% are due to human error.
- Site outages typically cost businesses at least $20k for every day of downtime, with more than a quarter of organizations reporting that one day of downtime would cost over $100k.
If you’re a small business, the numbers are even more unsettling. According to the Colorado Springs Gazette:
- Nearly 40% of small businesses close after a disaster – and only 25% of that group ever reopen.
- 52% of small businesses say it would take at least 3 months to recover from a disaster.
- 60% of businesses feel that in spite of their best efforts, their disaster recovery plans were not useful during their worst events.
In spite of these facts, 75% of small businesses do not have a disaster recovery plan in place, and of those that do, 75% believe their plans are inadequate.
Enough numbers. It’s clear that a disaster recovery strategy is an imperative for every business – and that most businesses are struggling to implement a plan successfully.
Disaster recovery planning vs. business continuity planning
Before we get deeper into disaster recovery planning, let’s agree on a definition. TechTarget defines a disaster recovery plan as a strategy intended “to prepare your business in the event of extended service outages caused by factors beyond your control and to restore services to the widest extent possible in a minimum timeframe.” To meet this goal, “All of your company’s sites are expected to implement preventative measures whenever possible to minimize operational disruptions and to recover as quickly as possible when an event occurs.”
This might sound remarkably similar to another joint business/IT objective: business continuity. Yet while disaster recovery and business continuity (and their respective plans) are closely related, they’re not the same:
- Disaster recovery refers to restoring the data and applications that run your business should your data center, servers, or other infrastructure get damaged or destroyed.
- Business continuity focuses on enabling a business to operate with minimal or no downtime or service outages.
Put more simply, disaster recovery typically deals with how to manage unplanned events reactively, while business continuity is more of a proactive strategy, especially given the move to cloud environments. Your business likely needs both, but for the purposes of this post, we’ll focus on disaster recovery planning.
The fundamentals of a disaster recovery strategy
Your disaster recovery plan should account for each element of your IT ecosystem, including your systems, applications, and data. To ensure that all of your bases are covered, the plan should anticipate the loss of one or more of your system components, including:
- Physical environment(s)
The final bullet is perhaps the most important. These days, your data is your business’s lifeblood and must be protected as such. Your disaster recovery plan should incorporate each of the elements on the list above, but prioritize data recovery and backup.
5 steps to a successful disaster
There’s a reason that so many companies either don’t have a disaster recovery strategy or aren’t satisfied with their current plan: it’s not easy to plan for every type of disaster for all of the components listed above. It is, however, necessary for the security and viability of your business. Here’s how to get started
1. Get executive buy-in.
A successful disaster recovery strategy starts long before you start digging into the technology. It’s essential that the right people are on board to support the process. This includes leaders from business groups and IT, and an executive sponsor who truly believes in the project and its impact on the business. A strong disaster recovery plan comes from prioritized cross-functional collaboration, which is typically only possible when the higher-ups make it clear that this project takes precedence.
2. Do your homework.
With the team in place, begin analyzing your business processes. The priorities of your disaster recovery plan should map in detail to your business priorities, so you need to define the latter first. At a basic level, this business impact analysis assesses which systems and applications are most critical to your organization’s functioning. There are two sides to this coin: the components that enable the crucial operations that run your business, like supporting your products, servicing your customers, and making money; and those that introduce the most risk via threats and vulnerabilities. Your business impact analysis and risk assessment should include both.
3. Agree on a strategy.
So far, we’ve used “disaster recovery strategy” and “disaster recovery plan” somewhat interchangeably, but they are actually two different steps in the overall process.
Your strategy is the high-level evaluation that looks at how disaster recovery fits into your business objectives and what it will take to implement it. It should consider things like:
- Results from the business impact analysis and risk assessment
- Resource availability: what people, technology, and other physical assets can or should be included in your disaster recovery plan, and how can you ensure their availability when necessary?
- Technology: what tools will you use to support your disaster recovery plan?
- Data: how specifically is data handled and protected as part of your plan?
Only when the entire team has reached agreement on these points, from your executive sponsor to the folks in the trenches who will be managing the processes, should you move forward to the specifics of the plan.
4. Create your disaster recovery plan.
Your disaster recovery plan is the execution arm of your strategy. It translates your objectives into a tangible checklist of steps to follow to ensure that your business is protected. It should include:
The “why”: the objectives and goals driving the plan
The “what”: your critical IT systems, prioritized by business impact and risk, as well as their expected recovery times, authentication tools, etc.
The “who”: the roles and responsibilities of each disaster recovery team member
The “where”: any geographical considerations
The “how”: specific action steps required to restart, reconfigure, and recover systems and networks. This will also include technological considerations, such as the use of disaster recovery and data backup tools.
5. Test your plan.
It’s not enough to create a plan – you need to ensure that it works. This step is notoriously neglected; only 40% of companies test their plan once a year, and more than a quarter test “rarely or never.” Why? It can be time-consuming, complex, and resource-intensive. It can also, however, identify gaps, incorrect assumptions, technology issues, process inadequacies, missing elements, plan inconsistencies, human resource problems, and more – all of which could play an indispensable role when it’s not a fire drill.
How to build an effective disaster recovery solution stack
Ensuring your company’s safety during an unplanned event may start with a strategy, but also requires on-the-ground tools to put that plan into action. Fortunately, there are a wide variety of technology solutions – on-premise and in the cloud – to meet the disaster recovery needs of any business. These range from:
- Data backup solutions, from basic tapes to comprehensive cloud storage
- Physical data center strategies, like cold-site, split-site, or hot-site solutions
- Cloud-based disaster recovery services, from private cloud to DRaaS (disaster recovery as a service) to a hybrid approach combining both
The right answer for your business will depend on your resources and objectives. It also shouldn’t stop with traditional disaster recovery solutions. Disaster recovery tools, wherever they’re hosted, coordinate the response of your systems and applications in case of emergency. But what about your other vital resources: your people?
Emergency notification systems like AlertFind give you the capabilities you need to ensure your employees’ safety during a disaster. While your primary disaster recovery tool protects your IT infrastructure, an emergency notification system puts you in contact with your people for greater peace of mind and a faster return to productivity in an unplanned event. With features like multi-channel messaging (email, text, voice, social, etc.), two-way communication, geofencing, and global coverage, AlertFind complements your disaster recovery solution to guarantee that your team members are as well protected as your data center.
Whether you’re creating and implementing a disaster recovery strategy for the first time or upgrading your existing plan, taking your organization’s security and stability into your own hands is a smart move. Strategic disaster recovery definitely isn’t simple. It is, however, imperative to the continuity of your integral processes, the safety of your people, and ultimately, the success of your business.
Aureon, 5 Downtime and Recovery Statistics for Your Business to Avoid,
Backbox, 5 Shocking Statistics on Disaster Recovery,
Colorado Springs Gazette, 7 shocking disaster recovery stats for small business owners,
Direct2Dell, The difference between disaster recovery and business continuity,
InvenioIT, 2016 Disaster recovery statistics that will give you pause,
TechTarget SearchDisasterRecovery, Small business disaster recovery planning template and guide,
Zetta, State of Disaster Recovery 2016
You are well on your way toward protecting your staff and organization.
Take the next step toward protecting your organization by learning more about emergency notification systems and the vital role they play in your emergency preparedness plan.