Business owners hope that they never have to face their business destroyed by a fire, a natural disaster wiping out their office building, or the other potential disasters that may happen. However, if the current COVID-19 pandemic has taught us anything, it’s that all businesses need to be agile and prepared for potential unprecedented situations. Every I.T. professional in the world recommends a reliable, tested Disaster Recovery (DR) plan.
Recently, I sat down with NetGain’s Shane Wendel, a Consulting Engineer with over 20 years of experience, to discuss what is involved in creating a Disaster Recovery plan, and why every business must have a tested plan ready to deploy. Shane specializes in Disaster Recovery and has helped many NetGain clients prepare their technology for potential disasters.
What is a Disaster Recovery Plan?
In a nutshell, a Disaster Recovery plan is what it sounds like – a plan to recover your business in the case of a disaster, and the disaster can be a plethora of things. Typically, in the past, DR plans were always built around the idea of the office building burning down or an electrical fire in the server room. Basically, a loss of the server infrastructure and all of its data. That’s where everyone started their DR plan, because that’s what everyone felt was the most likely scenario. A DR plan addresses how you get all those systems back online and get the business operating quickly and effectively when something like that happens.
More recently, though, the increasingly likely scenario is a ransomware attack. We’re seeing that far more often than buildings burning down, or being hit by a tornado, or any physical loss of location. Now that must be accounted for in DR plans. And this pandemic is another kind of disaster. Even though it’s a different type, you have to be prepared to manage your technology in a way you did not before.
In order to create a Disaster Recovery plan, you must document all your technology, and then assess all potential scenarios. Then you begin to create the plan for how to recover technology in those scenarios. It’s important to continually update the plan – it is a living, breathing document, not something you can make once and forget about it. It’s also recommended to test the plan for various scenarios and then decide what worked and what could be improved. This allows you to be optimally prepared.
How do Disaster Recovery Plans differ from Business Continuity Plans?
There’s another part of the equation here – the Business Continuity plan. It’s as important as the Disaster Recover plan, and important to know that they are two very different things. People mistakenly conflate them. A lot of companies want to start with the technology, which is the Disaster Recovery plan, and that’s backwards.
Business Continuity must come first. A BC plan is more about thinking of all the scenarios and answering, “How are my people going to work?”. For example, with the pandemic, we’ve seen the question of “How are my people going to work remotely when they can’t get to the physical office location?”. That’s Business Continuity. In the case of the building burning down, getting servers back up is one thing – part of Disaster Recovery. However, no matter what, you still have the question of “Where are people going to work”, which is part of Business Continuity. So, your Business Continuity plan really must come first, because you design the Disaster Recovery technology around the Business Continuity plan. Disaster Recovery is one part of the larger Business Continuity plan.
What are some important questions to ask when creating a Business Continuity plan?
The main things to review are: how long can we afford to be down, how much data can we afford to lose? If we lost all our servers due to a ransomware attack, and had to go to yesterday’s backup, what kind of impact is that going to have? Is that a million dollars in effort? It could be, depending on the size of the business. How much are we willing to spend so we only have to go to a backup four hours or two hours ago?
You must build technology around what the business needs, and what it can afford. That’s an important consideration. Consider what you’re able to spend in order to protect your business, and make sure you know what the potential impact is if systems go down for any number of reasons.
What are the benefits to a business who create a Disaster Recovery Plan? Why do business owners typically choose to do so?
Many people don’t have Disaster Recovery plans, but they should. A lot of clients just don’t think it’s going to happen until it does. It’s a risk management decision. It’s like when you buy your car insurance – you decide if you want a higher or lower deductible, based on your driving record, the cost of your car, etc. That’s what business owners have to do when choosing how much capital to put towards a backup and DR plan.
However, many times business owners focus on what they’re paying for rather than the potential loss in capital that could occur if they don’t have the proper amount of backup. And that loss comes in many forms: lost productivity, lost business, customer relations, business reputation, etc.
By having a well thought out plan that examines your entire business in every scenario, you can backup your technology and be more prepared by having a Business Continuity plan and DR plan. The benefits of having a DR plan are really what doesn’t happen rather than what does – you prevent that lost productivity, the lost capital, that damaged reputation.
Why do you recommend a Disaster Recovery solution?
It’s something you must have to ensure longevity. Forty percent of businesses don’t reopen after a disaster according to FEMA research. It’s just like having fire insurance on your building. If you expect your business to be able to weather all the scenarios that could happen, you must have a plan for your technology. Especially with cybersecurity threats as prevalent as they are today. That alone is a huge risk to any business.
You must make those risk management decisions to recover as best as possible according to your budget. You must think about all the scenarios, and consider how you’re going to respond. Certain clients, such as banks, are required to have some form of a Disaster Recovery plan due to their compliance requirements, but others like manufacturing don’t have any requirements. Every business should have one whether they are regulated or not, because one of the main risks that a DR plan accounts for today is a ransomware attack. No matter what kind of business you are, you are at risk.
Need to create a Disaster Recovery plan, but not sure where to start? Or do you have an existing plan that needs to be tested or reviewed? Contact NetGain for assistance!
Tech Talk Series: NetGain has a variety of subject matter experts on aspects across the technological spectrum. In our series, Tech Talk, we gain insights from these experts to bring you insight and understanding on topics such as security, I.T. infrastructure, and more.