Those involved in the development and deployment of disaster recovery (DR) are reviewing plans as a matter of urgency. This year has served as a stark reminder of the possibilities, security and stability that IT brings, and with this our vigilance against adverse events and business-altering surprises has become sharper. If you’re reading this, it’s likely that you’re considering updating your DR plan. Here are five lesser-known (but equally important) surprising elements of a DR plan that you may not have come across in your research. Or, to read our 10-point template for reviewing a DR plan, click here.
- Planning for equipment and software lifecycles
Knowing that your disaster recovery technologies and hardware are in place is one thing. But having faith that they will make the grade when the pressure hits is entirely different and arguably more important. After all, if DR technologies fail to perform when most needed, there is zero value in their inclusion
Therefore, your DR plan should include an inventory of all IT assets that are critical a successful plan deployment. As part of this inventory, assigned members of the IT and operational teams should not just note what technology they have in their arsenal, such as servers, software and hardware. They should also log fixed and scheduled data such as license renewals, end-of-life dates and update cycles.
DR planning is about being ready for anything at any time. So, measure your current DR technology provision against pragmatic business continuity objectives, such as working remotely for an extended period or operating at higher capacity immediately following a disaster, to determine whether proactive upgrades or infrastructure investments are needed. If your current provision would hold you back from achieving those priorities or you have doubts that your tech is truly futureproof, don’t hesitate. DR is an insurance policy, after all.
- Failover system performance
DR used to be straightforward – short-term survival with minimum data loss. That won’t cut the mustard in today’s world though. Experts in the field are predicting that a tipping point has been reached in attitudes toward DR and business continuity and that post-national lockdowns, the acceptable performance standard will be higher.
The new approach is to thrive, not simply survive. To remain a competitive force regardless of a disaster and to only lose data in the most severe of circumstances. This means that failover systems may need to be augmented and elevated to deliver a powerful virtualised solution, instead of a skeleton system with discernibly (and often, intentionally) lower performance. You can read more about IT infrastructure and continuity here.
- Failover and remote access security
A failover system will be highly functional and highly secure, and achieving this one of the critical elements of a DR plan. When working with what is essentially your plan B, application availability and data security are paramount. So, take care to ensure that effective failover and remote access security is in place, especially firewalls, filtering, advanced threat detection and two factor authentication, and that staff are well-trained in remote access security policies.
Failover systems are typically accessed and used slightly differently than business-as-usual infrastructure. Therefore, duplication may fall short and new cybersecurity vulnerabilities may be present and additional solutions may be necessary for this infrastructure alone.
- Avoiding plan task redundancy
It’s a little ironic that despite the great lengths we go to in developing and resourcing a plan, so many businesses continue to assign single owners to critical tasks. If you’re one of those organisations, when you next review your plan, we recommend making sure that at least two colleagues can competently perform any one critical task within your DR plan. Sickness, last-minute holidays or even sudden resignations can unnecessarily place the business in an additional state of vulnerability – the last thing you need when disaster strikes!
The principle of covering all bases applies to DR plan testing, too. When running a full-scale test (which we recommend undertaking once or twice annually), involve as many IT users as possible. Testing a plan only with technology and task owners will not accurately simulate a disaster scenario and therefore be less effective at pinpoint weak spots, which could be as simple as colleagues being unsure how to access their virtualised desktop.
- Ensuring that backup is compliant
One of the more surprising elements of DR plan is discovering that data backup can become a risk in itself. Identifying the data you need to back up, how often you back up, how quickly data can be recovered in the event of loss (plus how much of it is retained) and how to access recovered data are key metrics of any DR plan. You can read more about typical DR metrics in our Ultimate Guide to Disaster Recovery here. However, if compliance isn’t a key factor in your backup plans, in avoiding one disaster you may walk headfirst into another one (resulting fines and bad press).
This may be an obvious one, but diligently check (double check, and then triple check!) that your backup procedures, data storage, processing and security meet the compliance requirements of your government, trade bodies and supplier and customer agreements. It’s easy to assume that because one box is checked, such as GDPR, that all other regulations are satisfied too.
Do any of these surprising elements of a DR plan apply to you? If you need help to create a disaster recovery plan or you’re concerned about how long you’d last without IT, call a K3 consultant on 0844 579 0800 or email firstname.lastname@example.org.