By Sungard AS
An IT disaster can have a severe impact on your company's ability to function. It hampers productivity and employee collaboration, damages the confidence of clients and partners, and potentially even puts the survival of your business at risk. While IT technology has delivered various business benefits, it also carries with it the inherent question of how can companies that are reliant upon it cope when it fails.
Software or network failures account for around 50% of IT disasters – others factors include malicious activity such as hacks, human error, or even extreme weather events. Complex systems, inadequate IT resources and a lack of in-house expertise can also impede prompt disaster recovery (DR).
In the event of an IT disaster, urgent remedial action is vital to keep damage to a minimum. Here we discuss five critical steps your organisation should take if it wants to be resilient…
Create an inventory
Preparation is the best form of insurance, so developing a comprehensive, up-to-date DR plan is essential. This should begin with a clear picture of exactly what your IT assets are at any given point – your hardware, software applications and data, and where they are held. This will help with organising your recovery efforts.
This is also crucial for understanding the impact of a data breach for your business. By having all the different components of your business accounted for, you are able to see which areas may be of higher or lower risk of a breach. By knowing this you will be able to adjust security efforts accordingly, and, in the case of a breach, you will be able to determine priority areas quickly, and effectively.
Recovery Point Objectives
Prioritize what applications or data you need most urgently to keep the business running. Once you know what you need to do to meet each Recovery Point Objective, you can then break it down into actionable steps, assigned to key staff members. The more detailed your plan, the better the chances of a successful recovery, so keep in mind easy to understand and repeatable instructions. Those involved should have clearly-defined roles, responsibilities and spending limits (such as for purchasing replacement equipment), with contact details available in case they are off-site at the time of the incident.
Aim to perform practice drills two or three times every year so that you can be confident your disaster recovery plan works, and so that it can be adapted where necessary. Keep track of uptime, noting any periods that you seem to be particularly vulnerable, identify weak spots in your network and procedures, and remember that your recovery plan must be scaled as your business grows.
To ensure effective data recovery, all business-critical data should be backed-up on a regular basis, ideally several times daily. It's good practice to keep copies of this data securely off-site overnight – many businesses choose to use an external data centre for peace of mind in this regard. In respect of equipment, using standardized hardware wherever possible helps with replacement.
Focus on IT Security
Ensure that your IT security, such as firewalls, passwords and virus protection software, are kept current and that any security patches are installed immediately. This also means controlling access to server rooms, keeping them climate-controlled, and possibly even introducing a back-up power supply if you consider it necessary.
Note: Running alongside any effective DR plan is the need to rapidly identify the cause of the disaster and to bring it to an end.
It is essential to keep in mind, however, that you could always be at risk of a data breach, so while preparation is key it is often necessary to plan for the absolute worst case scenario. This will ensure that if you do suffer a data breach, regardless of the impact it has, you are ready to combat it. To help with this, many businesses are naturally looking at cloud disaster solutions such as Disaster Recovery as a Service (DRaaS), as you only need to pay for the services you require.