Almost every recent survey done on the state of backup indicates a very low level of confidence in an organization’s ability to recover in the event of a disaster. There are three reasons for this result. First, the management may not know IT is as prepared as it is which indicates a lack of reporting. Second, IT may not have a plan in place that gives the organization confidence. Third, respondents may be right; IT may not actually be able to recover in the event of a disaster.
Step 1 – Set Expectations and Have a Plan
The single biggest reason for low recovery confidence is “recovery” is not well defined by the organization. Recovery may focus only on the recovery of mission-critical applications or it can be as broad as recovery of all data and all applications. IT needs to take the lead in setting expectations with the rest of the organization in defining what “recovery” actually means.
Once having defined recovery, IT then needs a plan. Most recovery efforts are not well defined. Instead, they are a series of heroic efforts on the part of IT personnel to bring applications back online. While there is always a place for IT heroism, confidence comes from the organization watching IT go through a systematic series of events that bring applications back online in a predictable manner.
Step 2 – Practice Makes Perfect
Once having defined specific plans, IT needs to test those plans on a regular basis. Disaster recovery tests are typically a once a year fire drill that IT performs. These tests are not frequent enough to instill recovery confidence. With today’s advancements in data protection as well as the availability of virtualized infrastructure and the cloud, testing application recovery quarterly, monthly or even weekly is possible and won’t require much of IT’s time.
Features like Instant Recovery and Disaster Recovery as a Service allow IT personnel to set up an isolated test infrastructure where IT can practice recovery tasks on a regular basis.
Step 3 – Communicate
With the plan defined and a regular testing procedure in place, IT needs to take the final step of communicating the plan and results of the testing to the various stakeholders in the organization. IT can’t just assume that they know, they need to be sure of it. The reporting should include the current plan, results of the most recent test and modifications to the plan as a result of that test.
Part of improving recovery confidence is procedural; have a plan, practice the plan and communicate the results. The procedural aspect, while it may not be what the organization wants to hear, can be completed without any purchase of additional hardware and software. However, improving the plan, making sure recoveries objectives are consistently met and exceeding recovery objectives often require upgrades to IT’s data protection capabilities.
In our on demand webinar “2018 Disaster Recovery Checklist“, we look at five key areas where IT can cost-effectively improve its ability to protect against disaster.