Robust disaster recovery plan a must for business continuity

Today, businesses operate in a highly volatile and dynamic environment. One which is exposed to not just cyberattacks, but war, terrorism, pandemics, and other natural calamities. Disaster recovery (DR) is technically the ability to resume the business operations hit by the disruption caused by catastrophic events. A foolproof DR strategy shouldn’t just aim to restart the operations but also to prevent or minimise the loss of data when the calamity crippled the business. 

Disruption in business operations generally leads to a significant cost escalation and loss for organisations. Without disaster recovery planning; many businesses, especially small and medium-sized organisations, wouldn’t be able to resume their operations. Even if some resume, there is always a chance that they would slip back to their hapless condition within a year of resumption. Disaster recovery planning entails steps of strategizing, assessing different disaster scenarios, deploying compatible and relevant technology, and conducting frequent testing of the system through dry runs and mock drills. 

Just maintaining backups of data and having a recovery process does not make for a foolproof disaster recovery plan. It also entails ensuring sufficient storage and computing power during the transition period. During the offloading, control and operations are transferred from the original primary system to the backup secondary system, also called failover. Post-disaster, when the original system gets restored, the control and operations are transferred back from the secondary backup system to the original system, a process known as failback. 

DRaaS (Disaster Recovery as a Service) gaining currency: 

Disaster recovery as a service (DRaaS) is an as-a-service model that allows a business to back up its data and critical compute network and store it in a secondary system hosted by a third-party cloud service provider. The backup data and the relevant IT infrastructure hosted in a different geographical region would be pumped back to the original primary system to restore normal business operations, after the disaster. As it is a cloud-based service, the organisation doesn’t have to incur upfront costs to own the resources needed for disaster recovery. Given the rising adoption of DRaaS among enterprises, market research firm Technavio estimates that the market size is likely to reach $41 billion by 2025, a CAGR of 45 per cent during the 2020-25 period.

Contours of the disaster recovery plan:

Identifying works and functions of the organisation as per priority helps the organisation to determine how much downtime these critical and non-critical functions could tolerate. Once that is done, an organisation has to decide whether to build a disaster recovery system using on-premise storage facilities or renting storage in the public cloud. While on-premise storage of data has a few downsides like added cost in terms of upfront investments, and time and skill requirements, the benefit that the internal IT team will accrue from on-premise storage is that they will have control and visibility of the stored data. Also, an on-premise disaster recovery system will not be effective, especially in situations when a natural disaster hit the organisation wreaking havoc on both the primary system and backup system. But a third-party cloud service provider where the DR system is on stand-by in a different geographical region would come in handy in such situations. Thus, organisations face a dilemma when choosing between an on-premise DR system and a public cloud. Therefore, some organisations are preferring to opt for a hybrid cloud model in which they store highly critical data on-premise and less critical data on the public cloud. 

The recovery point objective (RPO) is the age of data that must be recovered from the backup secondary system to resume regular operations. The RPO is expressed backward in time from the moment the disaster struck. RPOs may be stated in seconds, minutes, hours, or days. For example, if the RPO is one hour, the IT team must arrange a plan for backups of data every one hour. The RPO helps the admin team to determine the minimum frequency at which the backups must be taken. Similarly, the recovery time objective (RTO) is the maximum time the organisation has decided to take back control, and associate network capacity and data to restore operations from an alternate location after the outage. RPO, along with the RTO, helps the organisation select the right disaster recovery technologies and strategies.  

During the COVID pandemic, the importance of a robust business continuity plan (BCP) has come to the fore. Moreover, several natural disasters like flooding, earthquake along with disturbing political environment always pose a threat to the sustainability of business operations. Therefore, each enterprise with distributed workspaces across the globe should not only devise a robust disaster recovery plan but also should employ the right technology partner to get the optimum outcome.  



Views expressed above are the author’s own.