March 14, 2017
As a modern IT pro, you probably know what a disaster tastes like. You know the panic of realizing a hurricane is heading toward your data center, or that a Ransomware attack has kidnapped your most critical data; you may have even lived through the aftermath of watching clients terminate their contacts or had to answer to angry management.
There’s really no way around it; every IT crisis brings a certain amount of pain. But if there’s one mitigating factor in reducing that pain, it’s combining a good backup and disaster recovery solution with a well-architected plan.
Sometimes teams will have one and not the other. They have an outdated legacy BDR system, but try to compensate for its shortcomings with a solid incident response strategy. Or they invest in a shiny new BDR tool but assume that’s enough and don’t bother to create a detailed plan. Still other teams don’t do either.
Regardless of which category you believe you fall into, your recovery plan – or lack thereof – could be putting you at risk in a number of ways. Ask yourself the following questions to see where your plan might fall short.
Have you identified your most critical systems, apps and data?
You did? Great. Where are they and how are they protected? How will your BDR system recover when they go down or get stolen or corrupted? If your plan takes a big-picture, generalized approach toward restoring uptime, you may find the reality of recovery asks you to make specific choices in which systems and data get restored first. Prioritize your assets and develop a tiered recovery plan. Make sure this is reflected in your backup strategy; for instance, you may feel safe keeping less important data backed up in one data center, but you should use a hybrid cloud strategy for multiple replicas of your mission-critical information.
Does your recovery plan address each type of risk?
A good plan takes a premeditated approach to protecting your assets from the worst case scenarios – a disastrous employee error, a tornado, a breach, a data center fire. It might be tempting to sketch out plans for only the most likely disasters. But it’s the disaster you don’t plan for that will wind up throwing your organization into chaos.
Do the right people know what to do and who to contact?
Developing a call chain is an important plan of your plan. No matter when or what type of disaster hits, you can almost guarantee that certain staff members will be on business travel in an inconvenient time zone, while experienced leaders with the right answers just left the company. Make sure your call chain includes the people who understand your backup and disaster recovery system inside and out so the team doesn’t waste valuable time trying to figure out the basics. Which brings us to…
How simple and efficient are your BDR processes?
If retrieving physical backups is a major endeavor, or your team is mired in inconsistent workflows, your response procedures aren’t going to be as sharp as they should be in a crisis. Make your recovery processes as easy and speedy as possible so you can quickly execute when every minute matters.
Do you have the right technology?
Your plan may be built on assumptions that your BDR tech will do everything you need it to. If you’ve not yet experienced a disaster with your current solution, though, you can’t be sure that’s the case. Here are just a few red flags that your solution won’t come through for you:
Have you tested your recovery plan? This can be the biggest factor of all. If your plan looks great on paper, but hasn’t been tested, it’s not worth much. Your team must run through your recovery plan, both as a tabletop exercise and a drill. It’s almost certain that something won’t work the way you need it to, or that an important step has been omitted. Only by testing your plan will you discover and patch any gaps – and help build an even stronger and safer plan that can protect you in a time of crisis.