I was recently having lunch with a friend, a small business owner, and we managed to get onto the subject of disaster recovery. As part of this discussion, he laughed and began to explain the process they had in place just a couple of years ago.
The business was based in a small office with a server cupboard near reception. Their receptionist was charged with heading into their server cupboard once a week on Friday, removing one USB stick and replacing it with another. The removed USB stick would then be stored in her car for the week, accompanying her to the post office, Waitrose, the gym etc, until it was swapped back the following Friday.
He went on to explain that this continued for a year and nobody really understood how the data was backed up – they all simply placed their trust in the IT company they outsourced to. It turned out that the backups began to fail about 3 months into the process, and the receptionist has mostly been carrying around a useless USB stick. Needless to say, they chose a different IT supplier at that point and managed to put a more reliable DR plan together. Something that didn’t include USB sticks.
This got me thinking though – who’s looking after the little guy? A lot of the blogs I’ve read about DR are aimed at medium SMEs and larger corporations, and presume that you have an in-house IT department or an existing wealth of DR knowledge: what about smaller companies and those businesses who are just starting out? With this in mind, I wanted to put together a list of considerations that all organisations should bear in mind when taking first steps into the world of disaster recovery.
When you begin to look at DR, ask yourself this big question for different circumstances, such as “what if we only backup once a week?”, “what if we lose everything?”, “what if our offices burn down?” Asking yourself these simple questions will set you on your way to working out about how a disaster might affect your business and help you realise what your DR needs truly are.
Backup regularly and sensibly
Backups are fundamental. They’re the single most important thing to think about when you’re considering DR. Of everything you could possibly lose in a disaster, the one thing that is totally irreplaceable is your data. In many respects, your data is your business. Think of waking up one morning and not having those projects you’ve been investing months into, all your contract information, even info contained in your day-to-day emails.
If you do only one thing to prepare for disaster, make sure it’s backing up your data. Do it regularly, and make sure you’re storing that data off-site for added protection. If you’re unsure as to how often you need to backup, allow for the worst case scenario. For example, if you’re thinking about weekly backups then ask yourself what the impact would be if you lost days’ data. If you don’t have off-site facilities, there are many local IT providers who can help you.
It’s important to weigh up the cost of your DR solution against the potential cost of downtime. Having a truly flawless DR plan with automatic failover and seamless continuation sounds ideal, but it often comes at a high price and would be a fruitless investment if the cost of downtime is drastically lower than the cost of your DR solution. It’s a balance that only you, knowing your business and industry inside out, can judge.
The famous phrase “Fail to plan and you plan to fail” applies very nicely to DR. Put together a clear plan that you’re prepared to follow if the worst does happen, and keep yourself familiar with the plan. Don’t hog it either – anyone who needs to be involved should be brought into the process from the onset and needs to be just as prepared. Remember though, your DR plan doesn’t necessarily need to be complicated. Just ask yourself the essential question “What happens when x goes down?” and tackle each hurdle one at a time.
Whilst we’re on the subject, do have a backup of your DR and business continuity plans: they’re not much good to you if they go up in smoke or get sent to the great Recycle Bin in the sky. It needs to be regularly tested and kept up-to-date, so plan regular overviews.
Don’t try to allow for every bizarre and unlikely scenario possible: keep to the basics. For example: in the UK there’s probably no need to plan discretely for a tsunami or mass alien abduction when the end results (of local flood/mass staff sickness, respectively ) are the same as ‘normal’ disasters you’ll already be catering for.
Consider the cloud
Setting up a cloud solution for your DR environment is a great option as it offers the flexibility you’ll need in an emergency to continue running your systems on either a small or a large scale, dependant on what has been affected in your live environment. And whilst we’re here, you need to ask yourself: “If the various elements of my IT infrastructure can operate so well in the cloud, why am I not hosting my live environment there in the first place?”
And what a very good question that is. By hosting your live services in the cloud and keeping regular on-site/off-site backups, you can dramatically reduce your risk, save money on your DR scope, and probably save money overall.