/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Chief information officers (CIOs) in Asia have particular need to ensure their business is prepared for natural disasters such as flood, fire and earthquakes to protect organizational vulnerability.
In a new era of information management, many data recovery plans are now outdated, rigid and are incapable of adjusting to constant market changes. As cloud-based data storage and data recovery (DR) evolves, it is time for many organizations to rethink disaster recovery to improve cost savings, collaboration and efficiencies.
Data recovery plans should consist of a business continuity and disaster recovery program that bridges the gap between business critical needs and IT dependencies, links to the overall business continuity plan (BCP) and incorporates the use of cloud-based data recovery.
This ensures that any downtime is minimized and operations continue to run smoothly and seamlessly even in the face of a catastrophic disaster.
Getting Started
Â
Step 1: Business Impact Analysis
This first step is to understand what critical business functions are required for the organization to survive during an outage. This can be identified by conducting a business impact analysis (BIA) for each business process. It should then be revisited regularly, since business processes may become more or less critical over time.
A BIA helps organizations translate their critical business processes into manageable data to build and implement comprehensive DR strategies and plans. Data from a BIA maps applications to pre-defined recovery tier levels based on Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
The RTO is the time from when a disaster is declared until service is restored. The RPO is a measure of maximum allowable data loss; for example, the 24 hours since the last tape back-up was made and moved off-site.
It is imperative to use BIA results to establish application and infrastructure dependencies to determine appropriate recovery categories (tier levels or classes of service) and the recovery order based on dependencies and criticality. In the case of cloud-based data back-up and recovery, it is essential that this information is communicated to the service provider before a disaster strikes.
BIA findings should include:
Financial impacts
Operational impacts
Recovery time objectives by functional area
Recovery time and recovery point objectives by application
Identified business process/function inter-dependencies
Identified key application inter-dependencies
Summary of business work area requirements
Observations
Understanding this information can help an organization determine which and how information should be backed-up in the cloud, type of cloud-based data recovery options, or if cloud-based recovery is the right option for them.
Step 2: Selecting a Service Provider
The next step is to determine a service provider that best suits its business needs.
Some categories that should be discussed with a service provider before selection include:
Security
Encryption
SIEM
Network intrusion
Network security features
For some enterprise customers, solution integration is often an important requirement of any service provider; and if a company has international locations, it is important to know where the data is being stored.
Step 3: Designing, Preparing for and Executing on a Plan
The next step is to define a DR strategy that has the ability to quickly recover assets, invoke critical people and continue IT-supported business processes. A detailed, well thought-out DR plan is dependent on pre-defined recovery objectives, strategies, and scenarios derived from the BIA.
DR solutions are implemented once the strategies are identified, confirmed and funded. During implementation, several DR plans and associated instructions are developed to address a different audience.
DR steps and plan declaration procedures should be well documented so that any technical resource could understand and use the documentation and instructions. These procedures should include instructions on gathering details of an event, escalation procedures, how to communicate the declaration and engage people, processes and external vendors.
Measurement is the Bottom Line (How to Test Effectiveness)
In order to keep DR plans in line with business objectives, enterprises should put a strategy in place that periodically updates, measures and analyzes the effectiveness of the plans.
An important measure of DR planning and implementation is integrated testing and end-to-end user testing to discover interdependencies between applications or systems. It is also critical that the service provider has the necessary bandwidth to allow for normal production traffic for all employees and stakeholder accessing the information.
When a disaster strikes
In an enterprise with multiple data centers or processing locations, any given locale may be the DR site for a number of applications and services. It's vital for data center managers to understand what demands may be placed on their centers when a disaster happens elsewhere.
Even the best DR plan testing may leave some questions unanswered, such as:
Is there adequate network bandwidth to handle DR and normal production traffic?
Is there adequate infrastructure (space, power, HVAC, network) at the recovery site to add new equipment for low-priority applications and services?
If the plan calls for the addition of new hardware at time of disaster, is there enough time to procure, install and configure the new hardware needed to restore data, databases and applications before it significantly impacts the business?
Can the recovery site support the additional on-site personnel needed to execute multiple recoveries, including low-priority applications?
Can exercises at recovery sites be performed without negatively impacting on-going daily production?
Does the DR program include testing application and infrastructure across dependencies, as opposed to single application testing?
If using a test/development environment is part of the DR solution, have these systems been scoped to house production and run production processing?
If the organization is using cloud-based back-up and recovery services, many of these concerns are alleviated.
Conclusion
Because organizations cannot predict a disaster and the level of its impact, it is difficult to document detailed IT restoration plans. However, it is critical to provide enough data to predetermine ownership, assets, and leadership of restoration efforts along with timeframe to complete restoration efforts.
As the dependency of business on technology continues to grow and as the rate of natural and man-made disasters rises, disaster recovery planning is critical to supporting any organization. Through proper alignment of recovery objectives with business needs, risk mitigation, well designed DR strategy and plans, and effective exercises, you can feel comfortable that your data center and your business are well prepared.
The author is country manager, India ITO Services, HP ES.