The Roadmap to Recovery: Disaster Recovery and Business Continuity
November 10, 2015
By Sean Donaldson, CTO, Secure-24
Disasters are inevitable, but mostly unpredictable. No one is ever fully prepared for a disaster. Does your company have a disaster recovery or business continuity plan in place?
“Disaster Recovery” (DR) and “Business Continuity” (BC) are often used interchangeably. The truth is, they are not the same and it could be catastrophic for organizations to think that protecting IT assets in the event of a disaster will also provide business continuity. Disaster recovery is data and systems-centric, while business continuity is business operations-centric. What IT executives must remember is that a declared disaster triggers the implementation of a business continuity plan before the implementation of a disaster recovery plan.
Before we delve into the difference between DR and BC, it might be worth defining what constitutes a disaster. Although there is not a universally accepted definition of a disaster, the following a good definition is: a situation resulting from an environmental phenomenon or armed conflict that produces stress, personal injury, physical damage, and economic disruption. This definition applies to all forms of disasters, but it also applies to significant IT outages that cause business and technology disruption. It is usually the responsibility of the company experiencing the disruption to declare a disaster, based on its unique situation.
Types of IT Disasters
Information technology disasters are either major or minor. Determining if a disaster is major or minor does not necessarily mean how far reaching the impact on employees or how much data is at risk. For example a small amount of the critical data could compromise an organization just as much as the loss of a large amount of data. Another consideration when determining if a disaster has caused a major or minor loss of data is how long it will take to recover the data. It is entirely possible that a small data loss would necessitate a complete restoration of the entire company database, a Herculean undertaking for most companies.
Some typical life events that can lead to declaration of an IT disaster include:
• Inclement Weather (Hurricane, tornado, etc.)
• Power outages
• Internal sabotage
• Large scale equipment or software malfunctions
• Disabled communication networks
What is the difference between Business Continuity (BC) and Disaster Recovery (DR)?
Business Continuity and Disaster Recovery are not the same. Disaster Recovery refers to specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency. In Information technology, such steps may include restoring servers or mainframes with backups, or provisioning Local Area Networks to meet business needs.
Business Continuity describes the procedures to ensure that mission-critical business functions can continue during and after a declared disaster. Business Continuity therefore is interchangeable with a Disaster Recovery Plan (DRP) and suggests a more comprehensive approach
to ensure a company can continue operating and generating revenue, not only after large-scale calamities, but also in the event of smaller disruptions such as key staff departures. Continuity represents a much larger scope of planning, process and procedures than disaster recovery. However, given the dependency most businesses have on technology, disaster recovery is a top priority because it supports all the elements of the business continuity plan.
Time is of the essence following a disaster. Whether the focus is on data, systems, physical locations, employees or customers, time is the largest enemy of business continuity. The issue of time-to-recover highlights several critical business continuity questions:
• What do we need recovered first to conduct business?
• What do our customers need to assured of our stability?
• What do our business partners required to continue normal operations
• What do our vendors need to continue to work with us?
Additionally, high availability and disaster recovery are not the same. Though both concepts are related to business continuity, high availability involves ensuring that systems are consistently operating at peak performance, whereas disaster recovery involves some amount of downtime. High availability should still be an expectation for production environments even with good DR and BC planning. A highly available system and infrastructure design ensures that minor events, such as a hardware failing, are minimally impactful and do not require a full DR event.
It is best practice to have a manual recovery process in place to fall back on. Although it may not be the fastest, most reliable road to recovery in comparison to IT-based systems, if it can help maintain operations and revenue generation, then the juice is worth the squeeze.
The biggest impediment to Business Continuity and Disaster Recovery planning is resistance on the part of executive management to provide adequate support and funding. Other challenges facing IT staff interested in implementing BC and DR activities are: high levels of change taking place within the organization, lack of support from business units, and lack of time for business continuity efforts.
In conclusion, although disasters are few and far between, and we all believe that a disaster will never happen to us, the fact is, they do happen and they can happen to anyone. Good business continuity and disaster recovery plans will keep companies up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more.
Does your company have a plan for the road to recovery? Food for thought…