Vortex Blog

As the business world becomes more dependent on technology, there are number of precautions they have to take in order to protect their operations. When it comes to business computer systems, preparations have to be implemented in the event an incident occurs that puts data at risk of permanent loss due to an unexpected disaster.

Technological disasters can occur as the result of such situations as flooding, fire, power surge…etc. The following list outlines the basics of setting up a disaster recovery plan:

1. Risk Assessment: Determine possible risks to your computer system. This can include natural disasters, viruses, worms, power outages etc… Prioritize the threats and their impact. You should also consider how long your system can be down before it starts to negatively affect your business. Determine which data and applications are essential to the business. Conduct security assessments to analyze personal computers, data and voice communication application controls, operating procedures, systems and access control software security, contingency planning, backup procedures, and database security systems.

2. Determine Protection Costs: Once you have identified the risks, assess how much it will cost to protect your system so that you can create a budget. Costs can include the disaster recovery equipment, data upgrade software and equipment, recovery planning software, back up equipment, emergency support, and other emergency equipment such as emergency generators.

3. Develop a Recovery Plan: IT staff should create a plan to back up and protect important and critical systems. A special team should be assigned to create the plan. Use a specific script that will test, repair, and recover programs and data. The plan should identify weaknesses and how to strengthen them, how to shorten the duration of the outage, and make recovery an easy process. Record the impact of a lengthy loss to operations and essential business functions. Make sure all departments and appropriate personnel understand the plan.

4. Acquire Appropriate Technology: Assess what is required to implement the plan. Purchase recovery hardware and software required to support and maintain the disaster plan. Upgrade any essential systems

5. Simulate the Plan: Perform tests on the system to see if the recovery plan contains any glitches. Repair any problems in the recovery process. Test often to maintain integrity of the plan. You also want to make sure you are up to date on current threats and are prepared to deal with them effectively. The plan should be easy to understand, maintain, and run.

6. Establish Maintenance Programs: Run maintenance checks to make sure that you maintain support for the plan. If necessary, revise the plan to accommodate new threats.

Creating a disaster recovery plan can be an expensive and time consuming task. Although the risk of a major disaster is relatively minimal, the result could be disastrous for the business. With the amount of new viruses and worms making their way through the internet, the threats to businesses are a constant daily problem. For this reason, it is well worth the expense of creating a disaster recovery plan.

An essential element of implementing an effective disaster recovery plan is to have the support of a knowledgeable full time staff. Constant testing, updating, and modification will ensure the plan stays intact. Staff should be trained to react immediately to a sudden disaster and implement the plan effectively. You never know when disaster is going to strike. It just makes good business sense to make sure you are prepared.

No doubt about it, losing bits bites. Even the loss of a tiny amount of information can prove to be a company’s undoing. Lose a lot of them and you can be in a whole world of trouble from lawsuits to financial ruin.

A big part of disaster recovery, then, is copying the bits and storing them somewhere else other than the main data centre. But where should one squirrel that second data centre where it will be both safe and readily accessible? In other words, how far away is far enough? It is, by all accounts, a tricky question.

The question of how far is far enough arose after 9/11 when a significant area of Manhattan was shut down as a result of the horrendous terrorist attack on the World Trade Centre buildings. Some estimates show as many as 18,000 businesses were affected.  All of the recovery vendor sites were filled to capacity.

A backup data centre hundreds of miles away can’t effectively mirror data in real time, so the risk of lost data between the last backup and the event is increased.  Disaster recovery site placement isn’t about the IT, it is about the disaster. If the CEO lies awake at night worrying about the Mayan 2012 apocalypse, then the moon or Mars might be good, if impractical, choices for DR site locations. Fortunately, most business executives have a narrower and more realistic view of the disasters they want to hedge against.

Mapping the Threat

The first step to determining where your disaster recovery centre should be is to map the probable threats to your company. Your geographic area will determine the nature of the most likely threat.  If you’re located where there are natural disaster propensities, then close by may not be the best answer.  Another negative is having the DR facility located on the same power grid as the primary data centre, which will then cause the same exact challenges if there is a blackout or brownout.

If these environments are not a challenge for you, having your DR site close by is a good option because your staff can still get to work and service the facility. Some companies with multiple data centres construct a centrally located DR facility for this purpose.

Before you stick a pin in the map and call it your new DR home, double-check the logistics of moving to and using the site.

While almost all companies backup their data, there are other elements to consider in the realm of high availability and disaster recovery.  The application and the infrastructure need to be protected as well, if the organisation intends to continue business operations and/or to minimize downtime when an event occurs.

Indeed, developing a checklist of needs is in order, and then you will know exactly what to backup and how to evaluate the proposed DR site.

The ‘distance debate’ really boils to risk and cost.

In order to answers the “How far is far enough?” question, ponder the following factors:

1. The level of data protection and fibre optic distance limits.
2. The topography of the area for vulnerability to natural disasters and malicious physical attack.
3. The logistics and infrastructure to support the movement of people (including work at home options) and resupply goods such as diesel fuel.
4. The nature of facilities options and cost of upgrade.
5. The regulatory requirements/guidance for specific industries for “out of region” recovery.
6. The other options to improve recoverability from a range of threats to business operations.

This last one is vital, some organisations get all wrapped up in distance issues without recognising other gaping holes to maintaining operationally stable, available, protected and recoverable business systems. Efficient and effective management of risk to business operations is a ‘big picture’ game.

Rules of Damage

While the perfect answer for each company will differ according to individual need, there are a few general rules to guide you through the site selection process.

Consider regional disasters first. If you are close to hurricane or earthquake zones, then you should have your recovery centre at least 100 or more miles away.  Another risk factor might be a nuclear power plant.  On a smaller scale, you obviously do not want your recovery centre located in the same flood plain as your production data centre.

If wide-spread disasters are not at issue, think smaller distances. As an absolute minimum, three miles should be sufficient to avoid problems.  Generally, however, having a recovery centre at least a 100 miles away should still be considered a best practice for data centre recovery. This is usually impractical, however, for office or work area recovery where transport of significant numbers of people is necessary.

Don’t overlook people-issues in DR site planning. For work-area recovery, DR centres typically need to be within 20 to 30 miles of the standard work area. In addition to the distance, ideally you should look for a site which has multiple means of transporting the people to the site (e.g., roads, light rail, train, boat, etc.).  This helps ensure that if one transportation mode is down or blocked that your people are still able to arrive at the recovery centre.

Cloud Cover

By performing a risk assessment on the business that includes geographical location, physical location, labour force availability, point of where the revenue stream is generated, the business will be able to make informed decisions on ‘how far is far enough’.

The ideal answer to this question is for the business to work towards implementing true Cloud computing. Then there is no dependency upon the physical office space.  That means your telephone system, network infrastructure and workspace should all be through a hosted environment.

Using the Cloud to cover DR issues is a viable option even though for businesses that have large office pools, true Cloud computing may not be possible because of the constraints of the business operations. But the Cloud still can help you avoid many of the problems associated with having your own DR site. The Cloud is even beginning to reverse the entire DR equation.

Overall, in the last five years, disaster recovery and business continuity planning have become easier and less costly because of the availability of automated electronic storage processes for critical data.

Even so, there are hurdles to overcome in developing and implementing a disaster recovery plan and process. Some of the main obstacles include the difficulty of obtaining management support for disaster recovery goals and identifying and obtaining support for roles for individuals to perform in executing the plan.

For the typical manager, disaster recovery planning is important, but not as important as the day-to-day operations.  Gaining support for continuity plans by linking them to specific high-priority missions of the company or agency. For example, assessing the business impact of the loss of specific types of data can show the effect on the agency mission if the data were to be lost or unavailable.

I believe there are seven tiers of disaster recovery. In the lowest tiers, there is a loss of data, little or no backup and limited recovery. In the middle tiers, there is manual or automated backup of data. In the upper tiers, there is fully automated backup of data and of applications.

One of the most important first steps in planning is accurately classifying the data by its importance.

The next step is drawing up a plan and identifying roles. Too often, people may be identified for a role without being knowledgeable or committed to performing the role. Those are issues that will be worked out through discussion and exercises.

A simple strategy that can be executed effectively is more worthwhile than a complicated strategy for which managers and IT employees are not fully on board.

The pitfalls of a disaster recovery plan are too much detail, too much information, and people don’t ‘own’ their roles.

It’s easy to get wrapped up in the planning of doomsday scenarios that might impact your business. However, it’s the smaller everyday disasters, such as power or service outages, failed equipment, or lost or corrupted data that are more likely to impact your business’ productivity. While major disasters occasionally happen and shouldn’t be overlooked, start by preparing for day-in and day-out upsets.

No company can afford to have a disaster disrupt its business. Despite this, the opportunity and technology costs of a feasible disaster recovery plan have traditionally been too high for the masses to properly plan for and ensure continuity.

However, recent advancements in infrastructure and the proliferation of technology have made BC/DR less about the technology and more about developing, communicating, and executing a good plan making it more accessible for the average business.

Still, many companies don’t know where to begin. Whether you’re thinking about developing a BC/DR plan, or already have one on paper, keep these points in mind to make your plan more bulletproof.

1. Prevent the Disaster in the First Place

“That’s a disaster waiting to happen,” is not something you want to hear in your data centre or while examining your business’s core infrastructure. All too often, when visiting prospects, I see an old desktop on the floor serving as one of the company’s core servers.  Sure, it’s easy to deploy, but it truly is a disaster in the making.

One of the most basic, yet overlooked aspects of BC/DR is ensuring your infrastructure is housed in a clean, safe environment with limited access to ensure maximum uptime. Making initial investments here, so you can start with a stable and clean infrastructure, will enable you to plan for and respond to the more important disasters, rather than dealing with interruptions that could have easily been prevented.

The upfront investments are minimal compared to the amount of downtime that can be caused by a failed hard drive or power supply, or even someone tripping over a power or network cord because of a disorderly setup.

In addition, invest in devices such as Uninterruptable Power Supplies (UPS) or redundant hard drives in a RAID (redundant array of independent disks) configuration to protect your organization’s computers, data centre, and other equipment in the event of disruptions to your power supply.

2. Start Small

It’s easy to get wrapped up in the planning of doomsday scenarios that might impact your business. However, it’s the smaller everyday disasters, such as power or service outages, failed equipment, or lost or corrupted data that are more likely to impact your business’ productivity.

While major disasters occasionally happen and shouldn’t be overlooked, start by preparing for the day-in and day-out events that face your business. Start with one focused scenario and plan it out entirely. Document, review and communicate the plan to everyone within the organization.

Most importantly, stage a test of your plan to make sure it is effective. Identify ways to save time or improve it, and ensure everyone is comfortable with the process. Train multiple people in the response plan, in the event that a key decision maker is not available at the time of disaster.

Once this process is complete, if the plan proves practical, apply it to different scenarios and disruptions. Your organization’s response to larger or longer-term disaster scenarios will be a culmination of the smaller response scenarios you have created.

3. Take the Human Out of Human Intervention

Once you have developed and communicated the BC/DR template to your team, take a step back and determine its feasibility. One scenario plays out like this:

Bob takes a tape backup home every night. Last week, your database was corrupted, and you need a tape from two weeks ago to restore the database. Unfortunately, Bob is now away on vacation and the needed tape is inaccessible, sitting on his counter at home.

Many logistical issues can be avoided by removing the human intervention factor from your BC/DR plan. Consider services such as online data backup and recovery, which lets you securely back up data to an offsite location and then restore that data to the same or a different location depending on your needs.

Authorise multiple people in your organisation to access the service to ensure the function can be performed in the absence of an individual. Online data backup and recovery services also eliminate your business’ reliance on an antiquated technology, such as tape backup, and nullify the tape jockeying duties that usually aren’t performed regularly anyway.

4. Move to a Cloud Near You

You might want to consider enlisting an outside provider to assist in BC/DR planning and execution. Service and cloud providers use redundant and scalable platforms that typically would not be cost-effective for a lone enterprise to implement on its own.

For example, email defence services that scan your email for viruses or spam might also offer a queuing service that, in the event of a failed email server, queues your email until the server is restored. It can provide you with a Web page, so each of your users can view their queued emails and continue communication with key constituents.

Another example: A standard feature of hosted PBX services lets employee’s forward phone calls to their mobiles after a determined number of rings. Since the PBX resides in the cloud (not the company headquarters), the call forwarding would still occur even if a disaster were to take out the organization’s primary office.

Whether you choose to develop your plan internally, or outsource some or all of your IT functions, BC/DR planning should not be a chore. Aim to achieve small successes with one process or product, and build from there. As you test and train, the next logical step will fall into place. Like all major technology decisions, do your due diligence and find out what makes the most sense for your company’s unique business requirements.

Online data backup services are set to grow over the coming years after a new report was released, highlighting the expansion of cloud storage.  According to the research carried out by IDC, 15 per cent of information in the “digital world” will be stored online by 2020, with providers set to enhance security.

Online file backup is likely to add to this, and the report goes on to say that “even more information could ‘pass through the cloud’, that is, be transported using a cloud services email system or shared community, be stored temporarily on disk drives in the cloud [and] be secured via a cloud service”.

The report also identifies challenges to the growth of online backup services, including the need to have reliable, fast broadband and problems that businesses may face in the initial conversion process.

It was recently explained by an IT expert that online backup is vital as there are situations where no amount of money can replace the value of the data lost.

With time, online backup storage has become more cost effective and user friendly. The cost of online data storage is falling drastically and business owners in different parts of the world are waking up to the many merits of this form of storing valuable data. The traditional tape backup methods are no longer effective and many “new age” IT managers are moving to online backup storage and online data backup.

With online backup storage, the cost of storing data is significantly less. The costs of hardware, maintenance, personnel, and tape pick up and drop off which are present in storing data in tapes is no longer required when using online data backup. Such a storage process can also eliminate the physical security risks associated with tapes. Data can be transferred automatically over a secure and encrypted network to secure data centres.

Online backup storage is also more reliable than tape storage. According to the estimate of experts, as many as 10% to 40% of tape backups fail. This however is not the case with online storage. In online backup storage, near instant data recovery is possible.

The hassles involved with tape backup are done away with in online backup storage. The backups can be automated and no human intervention is needed at any stage of the process. With online backup, there are also daily backups and continuous data archiving, and the data can be easily accessed at the click of a button.

Given all the merits, many business owners looking for secure and cost effective ways of storing their invaluable data are turning to online backup storage. With secure online backup in place, they can stop worrying about untoward incidents, such as server crashes and continue with their productive work.

Almost two-thirds of businesses across Europe would waste a day or more to recover from system downtime because their data is not adequately backed up.

Research carried out by Vanson Bourne found that only ten per cent of companies were confident of recovering data within an hour while 19 per cent did not back up individual devices.

Furthermore, British companies had an even worse record, with 38 per cent not having any backup solution at all, including online backup services.

Grant Clifford, Director of Vortex Backup Ltd: “With little room for downtime in today’s business environment, it’s surprising that many companies still don’t carry out regular backups.

“But backup and recovery does not have to be complicated, there are simple steps organisations can take to avoid the unnecessary costs of system failure.”

A solution such as ProBak provides online data backup that protects businesses from even the worst scenarios of data loss, minimizing downtime.