For businesses today, a data breach through a cyber threat or natural disaster is not a matter of if, but when. In 2016, there were more than 90 million cyber attacks on companies and individuals, and in 2017, the world witnessed the largest globally coordinated ransomware attack in history. In today’s 24x7x365, always-on world, a solid disaster recovery (DR) plan is no longer just a “nice to have” — it should be a critical part of every company’s data management strategy.
Backup Is Not the Same as DR
Backup offerings are not optimized to provide the continuous synchronization and fast recovery demanded by today’s modern enterprise. In contrast, an effective DR is the continuous replication of business data to a separate location, where it can be protected from attack and from where it can be restored quickly to maintain business continuity. With a comprehensive DR strategy in place, companies can achieve a recovery point objective (RPO) of less than 24 hours and a recovery time objective (RTO) of mere minutes, restoring any amount of data — from an individual file to a complete virtual machine (VM).
The Advantages of Cloud-Native Backup and DR
A comprehensive answer to the challenges of merging backup with DR is a solution that is architected with the cloud in mind, leveraging the advantages of the public cloud in terms of instant availability and long-term retention, while being optimized for bandwidth reduction and minimizing the impact on end users.
Cloud-native backup and DR utilizes technologies such as global deduplication of virtual data, ensuring that only one copy of each file is maintained. This can allow for bandwidth savings of up to 80 percent and ensures that even remote office locations, potentially with suboptimal WAN speeds, can still be effectively protected. Leveraging the efficiencies of public cloud vendors such as AWS allows companies to take advantage of tiered storage, with data sorted into hot, warm, and cold storage depending on retention and recovery needs. This provides for long-term storage at an affordable price.
Designing an Effective DR Plan
The path toward achieving a comprehensive DR plan may not be clear. Review this fillable Disaster Recovery Template to get a sense of what information you will need to gather and document when creating your own plan. To help you prepare a DR plan for your company, here are four essential steps in the process and some tools to assist you along the way:
Step 1: Perform a Business Impact Analysis (BIA)
The first step in a comprehensive backup and DR planning process should begin with an accurate assessment of your current virtualized environment. How much data are you currently managing? Where is it located? How critical is it to your business operations? Once you have completed this step, the vital question becomes: How would a disruption of this data access impact your business? Think in terms of business opportunities lost, time spent restoring files and rebuilding databases, etc.
This step is crucial to the process because it will inform every decision you make from here on, including how much you will budget for the solution. Obviously, it makes sense to invest more to protect the data that is vital to your company’s ongoing success.
Use this free, downloadable template as a guide when you’re completing your company’s BIA.
Step 2: Perform a Risk Assessment
While a BIA is essential for looking inward at your business-critical data and the impact on your business of any disruption to it, a risk assessment looks outward. It is focused on potential external situations that could negatively impact your business, and the likelihood of such situations occurring. These could include natural disasters (e.g., tornadoes, floods, etc.) as well as man-made events (e.g., power outages, terrorist acts, etc.). This will allow you to gauge the probability that your DR plan will one day need to be activated.
When you’re preparing a risk assessment, be sure to leverage all available records to assess the threat of disaster. Such sources might include (but are not limited to) the following:
- Company records of disruptive events
- Employee recollection of disruptive events
- Local and national media records
- Local libraries
- First-responder organizations
- National Weather Service historical data
- U.S. Geological Survey maps and other documentation
- Experience of key stakeholder organizations
- Experience of vendors doing business with the firm
- Government agencies such as the Federal Emergency Management Agency (FEMA), Department of Homeland Security, U.S. Department of Energy, etc.
Use this handy guide for preparing a risk assessment for your company, as well as FEMA’s Risk Assessment Table.
Step 3: Design a Risk Management Strategy
Once you have identified the critical elements of your virtualized landscape, the business impact of any disruption to it, and the likelihood of disaster, the question becomes: What can I do to mitigate the damage? This is when you need to decide upon a specific solution for backup and DR of your business-critical data.
Although there are sure to be multiple — possibly contradictory — demands, elements that will inform your decision might include the following:
- RPO (how much data you can afford to lose)
- RTO (how quickly your business needs to be back in operation)
- Data residency laws (where your data can legally be stored)
- Budget for implementation
These considerations will allow you to calculate the ROI of competing vendors and select the one that best fits your organization’s requirements. As mentioned earlier, utilizing the public cloud for DR can provide savings in all of these areas.
Step 4: Configure and Test (and Keep Testing!) Your DR Configuration
With your solution in place, you need to know whether your backup and DR system is configured correctly before you actually have to use it. The only way to achieve that is by regularly testing your DR. A cloud-native backup and DR solution allows you to immediately spin up your virtual machines in the cloud for development testing (dev-test) purposes. Ensure that your VMs operate as expected and that data has been backed up in compliance with the RPO you have set.
Bear in mind that testing is not a “one and done” affair — it should be an ongoing, part of your work. Set a cadence that makes sense for your organization and stick to it.
Learn how to execute your DR plan by downloading and reading this guide: How to Build a Disaster Recovery Plan Using the Cloud.