We ask this question because data center outages are inevitable. In fact, a 2013 survey revealed that more than three-quarters of respondents experienced an outage within the past 12 months, and 42 percent within the past six months. Only 14 percent of these incidents were caused by a natural disaster.
The key is to have a disaster recovery strategy in place that can minimize the risk and consequences of a disaster. Unfortunately, most organizations are woefully unprepared. Only 30 percent of survey respondents said they are protecting at least three-quarters of their IT environment with a DR strategy. 36 percent test their DR plan just once a year, while 18 percent have never tested it. 77 percent aren’t even sure that their DR plan will work.
According to the American Management Association, approximately half of businesses that experience a significant outage, and don’t have a DR strategy, never recover.
In addition to the obvious impact on business operations, failure to implement an effective DR strategy creates serious compliance issues. Many government and industry regulations require a DR and business continuity plan in order to ensure the integrity, availability and security of sensitive data in case of an unplanned outage. Organizations that don’t meet these standards, particularly in the retail, legal, financial and healthcare sectors, can be subject to fines, penalties and legal action, and the damage to the organization’s reputation can have long-lasting consequences.
Clearly, most organizations must reassess their DR and business continuity strategy, or begin developing one, in order to minimize downtime and related risks. There are certain factors that should be considered when developing or updating a DR plan:
Risk assessment: Determine how susceptible your organization is to disasters caused by security breaches, weather events, human error and other factors. Also, assess the impact of disaster, including costs and data loss.
RTO/RPO definitions: The recovery time objective (RTO) is the maximum acceptable time that any component of your network can be down. The recovery point objective (RPO) defines the age of files that need to be recovered. Defining these objectives helps to determine the best DR strategy and the frequency of data backups.
Remote replication: By replicating data and applications to a different geographic location, access can be quickly restored, enabling business functions to resume with minimal disruption.
Prioritization: What applications, services, processes and data are essential to business operations and regulatory compliance? Create tiers to establish an order for restoration, beginning with mission-critical functions.
Regular testing: If you haven’t tested your DR plan, you should assume it doesn’t work. Tests should be conducted quarterly and whenever major organizational changes take place. You should also develop criteria that must be met in order to pass each test.
Many disasters can’t be prevented. What you can control is how prepared you are to deal with an outage. By documenting, updating and testing a formal DR plan, organizations can continue or quickly resume business operations and maintain regulatory compliance while dramatically reducing risk.