01-22-16 | Blog Post
As we’ve discussed previously, there are many parts to a Business Continuity Plan, but what makes IT disaster recovery such an important subset?
For starters, many businesses are relying more and more on IT infrastructure as they become more digitized. They need connectivity, networks, and servers. Some of these companies are being forced to recognize the growing trend to move everything to the cloud, such as the healthcare industry, where HIPAA compliance requires everyone to have an electronic health record as of 2014, while others simply want to stay ahead.
A disaster recovery plan is meant to put a system in place to restore IT operations at an alternate site after a major system failure or catastrophic event. After successfully failing over to your recovery site, the goal is to test the affected systems and put them back into place. Once this is done, your business can get back to focusing on what it does best — generating revenue. Why is this plan so important? Consider what you’re protecting: your critical infrastructure and sensitive data, such as patient information or credit card records. Can you afford the risk of not having a disaster recovery plan in place?
What does disaster recovery entail, exactly?
RPO and RTO
RPO stands for Recovery Point Objective, and it’s the specific amount of time that a business decides it can survive a period of data loss. When you decide how often you need to back up your data – whether that’s every five minutes, or every five hours – that is your RPO.
RTO, on the other hand, stands for Recovery Time Objective, and is the most amount of time a business can afford to have their systems unavailable. RTO can help you determine which facets of your business are mission-critical and which aren’t. For example, if you’re an e-business whose email server was down for an hour but caused you to lose 12 hours’ worth of emailing clients, how would that affect your ability to serve your clients? Can you afford to be down for an hour?
Determining your RPO and RTO is one step in your overall business continuity plan. When you figure out how much time you can or can’t afford to lose during a disaster, you can prepare for the worst that much better.
How do I plan for disaster recovery?
According to FEMA, a recovery strategy should be developed for each component. There are four of them:
It’s your job to identify the critical software applications and data, as well as the hardware required to run them.
To that end, having your sensitive data backed up to a reliable, offsite storage place is an essential first step to an effective disaster recovery. Having your data replicated offsite can help you recover quickly should you suffer a network, hardware or system failure. In addition, you should make sure you implement failover testing to ensure everything transfers over properly when the time comes.
Disaster recovery is like the premiums on an insurance plan. It’s always a pain to make the payments, and nine times out of 10 you don’t need it. But when that one time comes, you’ll be glad you have it. Don’t be stranded when it comes time to make your “claim,” whether that’s because of a natural disaster, a hardware failure, or a DDOS attack that leaves your business offline for several hours. Keep your organization’s operations running smoothly by having protocols and procedures in place for those types of unpleasant surprises and more.
Want to learn more about disaster recovery? Download our disaster recovery white paper and find out more. FEMA also has a business continuity plan template available for download, and has more resources for IT recovery strategies here.