By Matt Rhodes, Commercial Services Manager, Quiss Technology Plc
The growing threat of cyber attacks has moved IT disaster recovery planning up the agenda for many businesses, but why pay every year for something you are never likely to use?
Developing an IT disaster recovery plan, with step-by-step procedures for recovering disrupted systems will identify business-critical IT systems and networks. It will assess the required recovery time and establish the steps to restarting, reconfiguring and recovering them.
Instead of outsourcing the entire responsibility for disaster recovery to external service providers, it’s possible for smaller businesses to plan and protect their business, but only pay if disaster strikes.
The first step in ensuring a recovery plan minimises the impact of any disaster is to undertake a business impact analysis that identifies and prioritises critical IT components and systems. A variety of recovery strategies will help ensure systems can be restored quickly and effectively, with a contingency plan to replace damaged systems.
Regularly testing the plan identifies problems and allows everyone to train for implementing the necessary procedures. It also highlights areas for improvement or change and keeps the plan up to date with changes in infrastructure or business operations.
For smaller firms, it’s about balancing risk against the costs associated with recovering from a virus or cyber attack; hardware & software malfunctions or even human error.
Businesses will back up their data regularly and some will even check that recovery is possible from the back-ups. But the age of the backed-up data is another point of risk and each firm will have to assess how much data they are prepared to lose, maybe to have to enter again - generally, the more current the back-up, the more expensive the solution.
But just because data is backed up, what will this data be recovered to, if the IT system, servers, applications, licenses etc. no longer exist?
Most recovery options cost more than smaller business can afford. But when even a short service interruption can cause significant, often irreparable damage to a business, the high costs associated with real time data replication to duplicate servers in different data centres, is perhaps more acceptable.
Smaller businesses can accept more of the responsibility with a slightly increased risk to recovery, but at a much reduced cost. This balance of risk versus cost is the equation smaller firms must evaluate.
Innovative solutions like Inactive/Active Disaster Recovery help smaller businesses protect their future, without committing to the higher costs associated with traditional recovery solutions.
The inactive phase begins with an assessment of the IT infrastructure a business needs to function normally, together with all the information needed to create a copy of the IT environment at extremely short notice - usually within hours. The snapshots taken of each physical or virtual server being supported are stored at the disaster recovery centre.
The necessary server space is guaranteed, with the power and communications to turn this virtual, inactive environment, active, following a disaster. After the initial consultation fee, there is only a small annual maintenance charge until the service is required.
Once active, the business supplies the latest backed-up data, sending tapes or hard drives by courier if necessary. Only at this point are the costs associated with new hardware, software licensing etc., incurred, which are usually covered by the business insurance – but worth checking.
Businesses continue to pay for a service they’ll never use alongside the insurance they have to cover their assets. Yet with a little planning and innovative solution like Inactive/Active DR they can protect their operation and spend money on what they want to happen, not what might happen.