Written by Ezat Dayeh, Senior Systems Engineering Manager at Cohesity
The one thing every IT and business leader should have learnt during the past two to three years is the importance of a simple maxim: prepare for the unexpected. By putting in place processes for disaster recovery, and then testing those plans regularly, leaders can ensure their business is prepared when worst-case scenarios take place.
Disaster recovery (DR) plans – which is an organisation’s method for responding to and recovering from a major event – play a critical role in helping businesses to cope in a crisis. From natural disasters to cyberattacks, a thorough and well-tested DR plan can ensure your organisation is up and running quickly, keeping customers served and revenues flowing.
However, while every IT and business leader should now recognise the importance of these plans, research suggests that some are slower on the uptake than others.
What’s more, having a DR plan in place is just the starting point. Unless your process is tested regularly and thoroughly, how can you be sure it will work? With increasing numbers of stories about services falling over and not getting back online quickly, the question we ask is simple: is anyone still testing their DR plans?
Unfortunately, the answer to that question is ‘nowhere near enough’.
IT and business leaders must do better. To ensure their organisations have a trusted route back to recovery, organisations must test the robustness of their DR plans.
From sandbox testing to data classification and onto simulation to pulling the plug out, here’s four ways to ensure you have a DR plan that works.
Conduct sandbox testing
Third-party DR services should be able to draw on a range of virtual equipment to test your plan. Testing your DR plans shouldn’t be a crisis in itself – your partner must ensure that they can provide non-disruptive DR testing.
This procedure, often known as a sandbox test, makes it possible for your business to undertake full testing without affecting any production servers. That means that even while the test takes place, your operational activities continue as normal.
Also, ensure your third-party tester can give you detailed results from your sandbox. Any tech-based solution for DR planning should use audit trails to reduce operational complexity and streamline compliance requirements.
Create an effective data classification strategy
Unless you have an effective data-classification strategy, you won’t know which data must be protected at all costs.
Organising data into classes is the cornerstone of effective data management. If you know what use cases your data supports – from security and compliance to customer service and cost optimisation – you’ll know how valuable your information is and the lengths to which you should go to protect it.
Your DR plan should take this data classification into account. Your tier-based approach should ensure business-critical data is not just backed up, but always available. If the worst happens, and your network is down, your DR plan must ensure that renewed access to this data is prioritised.
Setup a simulation exercise
If you really want to know how effective your DR strategy is, then you’re going to have to run a simulation exercise.
This simulation creates a worst-case scenario and then role-plays the plan with your IT team. The exercise should also bring in other business stakeholders and third-party vendors to create a full view of dependencies and requirements.
As a step up from a virtual test, this simulation might involve actual physical testing of hardware, networks and services. The aim is to test – in as much detail as possible – whether your current DR strategy is fit for purpose, without disrupting operational activities.
Pull the plug out – and switch everything back on again
While you’ll want to ensure your DR tests don’t affect day-to-day operations, the only way you can be completely sure that your policies are effective is – in the simplest terms – to pull the plug out and switch everything back on again.
These full interruptions to business service will impact the hardware, cloud-based services and data that your organisation uses every day. A complete interruption to the business will likely knock all front-end services offline, so you’ll need to run a full test like this at a time that causes least disruption to employees and customers.
This short, sharp shock will prove to everyone in the business that the DR plan is ready and available when the worst-case scenario happens. And if pulling the plug does show that there are gaps in your DR plan, then you’ll know exactly where to fill them.
Don’t take anything for granted
The last two to three years have proven the importance of being prepared for the unexpected. With the increased frequency and cost of cyberattacks, a robust set of disaster recovery processes combined with proven technology have never been more essential. Organisations should look for ease of use, automation, and the ability to truly control their data recovery and application availability service-level agreements. This next-gen data management also offers organisations an essential set of capabilities to take on the disaster recovery challenges businesses are facing today.
While some challenges are almost impossible to foresee, an effective DR strategy will mean your business is ready to cope with even the most challenging twists and turns.