Imagine this situation: Due to technical issues beyond your control, your entire company server essentially falls off the face of the earth. What do you need to do immediately? What hardware should you replace? Where is the backup, and who will take the lead on which activity? The questions could go on and on, but you get the idea! Answering these questions can take a long time; meanwhile, your business is down, and profits are at a standstill.
Even the best technology malfunctions sometimes, and companies with strong IT security can still experience a breach. With a plan in place, you can help to reduce your risks. However, many companies fall short of addressing all the critical pieces of a disaster recovery plan, leaving them not only vulnerable to lost time but also short of data security compliance regulations.
Charles IT veteran and Team Lead, Dereck Jacques, has seen first-hand the chaos that can accompany a disrupting event without a plan. In his role, he’s helped many companies recover vital data to resume operations. Here, Jacques explains why backup and recovery should be a proactive endeavor, plus the two key shifts you must make to cover all your bases. Let’s start by reviewing some of the basics.
Many people think backup and disaster recovery are the same thing—not the case, though they do go hand-in-hand. Only having a backup is a lower-level, old-school approach where you store copies of your files in a secondary location. Many think restoring backup files is as simple as clicking a few buttons, but that's also not the case. "Let's say you have copies of your files, and your server stops working. You can't just buy new hardware and dump your files in there. You must first rebuild the operating system and restore the file structure before you can put the data back in. This lengthy process will translate into costly downtime and loss of revenue for your organization," Jacques says.
On the other hand, disaster recovery is a holistic approach that involves a plan to restore your environment efficiently in case of a disruption. It ensures that your company doesn't grind to a halt when you lose access to business-critical data. While it does depend on having a solid backup system in place, it stretches beyond that to define a plan for restoration.
Disaster recovery outlines what your team needs to do when your infrastructure experiences a disruption— accessing the backup system is a part of this plan. Today’s backup solutions should create a complete image of your server so you can replicate the environment almost instantaneously.
A disaster recovery plan must address the "who, what, when, where, and how" in the event
Outlining all the necessary actions and roles can help minimize finger-pointing — especially when employees are in stressful situations where a lot is at stake. The detailed nature of a disaster recovery plan helps employees remain calm and avoid making unnecessary mistakes.
Additionally, you must document the plan for every scenario — hardware failure, software crash, data breach, etc. — in written format and make it available to multiple stakeholders in a centralized location. Having the plan in writing means you don't have to rely on a single person who may or may not be available when you need the information. "A disaster recovery plan must cover many different scenarios. What happens if your server stops working? What if you lose internet access for a prolonged period? What to do if Windows OS stops working? This may sound like doomsday talk, but you must sit down and think through all the scenarios. Give each a risk score and create a plan for it," Jacques says.
The more scenarios you plan for, the better prepared you are. If you're getting started, prioritize common ones such as hardware failures, software corruption, and network equipment and connection issues.
Also, with more business processes and functions moving to the cloud, you must consider how you'd handle situations where you lose internet connection and, as such, access to your business-critical data.
Don’t forget to account for security breaches as well. "Ransomware is a hot issue, especially since the pandemic where remote working has increased the attack surface dramatically. But if you have the proper backup and disaster recovery plan, you can likely restore your data and services and go about your day as if nothing has happened if you have a breach," says Jacques.
The first step to designing your disaster recovery plan is identifying what your business needs to function at the most basic, bare minimum level.
Then, document who to contact in various scenarios. Ask yourself questions such as: Who is your internet provider, and what's your account number? Who is your managed services provider (MSP), and what's the number to call when something goes wrong? Which company should you contact if you have to replace your server? Then, document the information in a centralized location.
Next, identify the best method to back up your company data.
Redundancy is key. Create at least one backup in a different physical location (i.e., geo-redundancy.) If you put a hard drive next to your server as a backup, you risk losing both sets of data if there's a fire or flood, Jacques cautions. Also, keep one copy segregated from your network so hackers who infiltrate your infrastructure can't access and destroy the data.
File-level backup is the most rudimentary, but it's no longer sufficient. In today's fast-paced, data-driven business environment, you must have an image-level backup to ensure that you can restore your infrastructure as quickly as possible.
A backup and disaster recovery protocol is essential for compliance with various industry standards and data privacy regulations. Furthermore, it's critical for getting cyber insurance coverage as most providers deny applications from companies that don't have a disaster recovery plan to protect themselves from unexpected IT interruptions or breaches, such as phishing or ransomware attacks. Most importantly, a backup and recovery plan minimizes costly downtime. Imagine your operations grinding to a halt because IT must reinstall the operating system and restore the file structure on a new server. “How much would it cost if your employees are sitting on their hands for four days? That's why having a backup and recovery plan is one of the highest ROI measures you can take to protect your company against unforeseeable circumstances," Jacques says.
You may wonder, "I have moved everything to the cloud, and the vendors promise airtight backup and recovery. Do I still have to worry about this?"
Yes, you do. Reputable cloud providers are very mature in their disaster recovery planning. But they don't look after things like your internet connection. If you can't access your data on the cloud, your business will still experience downtime. Though the initial work of creating a plan requires an investment of both time and money, businesses must consider the alternative of experiencing costly downtime.
So, what are the main takeaways? Most companies need to expand their thinking about disaster recovery. Instead of solely focusing on backups, consider your disaster recovery strategy holistically and define a more comprehensive plan that outlines different scenarios very specifically.
The second shift is continuous testing of your backup solution. Your dashboard may indicate that everything is fine, but the reality may not be the case. "You must ensure that your backup process is working at all times. We use a product called Datto. It verifies that our clients' backup is fully booted in the cloud daily. It takes screenshots to show that everything is working as intended. We perform this check every day and address issues proactively as soon as we get an alert,” Jacques says.
If you don't check your backup regularly to ensure that it's operational and viable, you may be in for an unpleasant surprise when an incident strikes.
A managed service provider (MSP) can help companies craft an air-tight backup and disaster recovery plan. With experience and familiarity in data security, an MSP also can help ensure your protocol is checking all the right boxes. At Charles IT, we take this a step further and continually put the plan to the test. “We recommend our clients run through a full-blown disaster scenario at least annually. We help them replicate the entire server infrastructure in the cloud and ensure everything is connected correctly," Jacques says. In fact, our team practices a disaster recovery simulation with our own special twist. One day each year, the entire team must work from the beach with no access to the office. Tough gig, right? We put ourselves to the test and then celebrate with a clambake and family festivities at the end of the day. To learn more about designing a disaster recovery plan tailored to your business, reach out to chat. We can’t promise a beach day, but we’d love to help!