07th December 2015
Regardless of whether your business is a global enterprise or a oneman band, having a disaster recovery plan in place is pretty much nonnegotiable. Almost all organisations rely on IT to some degree for many, it's the beating heart of their business and the consequences of an unexpected outage can be massively costly. And yet we still very often come across customers whose disaster recovery plans are incomplete, ambiguous or even nonexistent. It's simply not seen as a high business priority, despite some rather alarming statistics that suggest the contrary. According to EMC, for example, data loss and downtime currently cost organisations globally about £1 trillion per annum the equivalent of half of Germany's gross domestic product.
This should provide ample impetus to create or update your own disaster recovery plan. Of course, this is usually easier said than done, especially without expert help and knowledge of the industry standards that underpin worldclass business continuity programmes. But it's still worth considering the following five starting points:
What's my recovery point objective?
Recovery point objective (RPO) refers to the maximum age a backup can be allowed to reach before it ceases to facilitate a return to normal operations. Put more simply, it's a way of expressing how much data you can stand to lose. For some systems, you might set an RPO of upwards of 24 hours, which means a daily backup should be sufficient to ensure business continuity after a disaster. For other, more missioncritical services, your RPO might be as low as one to four hours.
What's my recovery time objective?
Recovery time objective (RTO), on the other hand, describes the maximum acceptable interval between a disaster and the affected organisation's return to normal operations. So, it's basically how long you can afford to be without your data and applications. Again, you might be able to get by comfortably for a few days without one or two of your less important systems, but in the case of more missioncritical services such as line-of-business applications your RTO should be much stricter.
Will I get a chance to test my plan?
Earlier this month, a survey from Plan B found that while British businesses are largely getting better at disaster recovery planning, one area of the discipline remains consistently overlooked testing. Fewer than a third (31 per cent) of organisations test their plans more than once per year, the research found, while only a fifth (21 per cent) test every component at once rather than piecemeal. It may sound obvious, but these are important steps to ensure your RPOs and RTOs are met.
Will my service providers support me?
Consider also how your contracts with suppliers might affect your ability to recover from a serious incident. If you work with a cloud or colocation provider, the distance between their premises and your own as well as their availability to provide technical assistance at any time of day could significantly alter your ability to meet RPO and RTO targets.
How much will all of this cost?
Obviously, nobody really wants to pay for a disaster recovery plan. It's a big investment, and one that's growing bigger and bigger as business IT becomes more complex. And yet ROI remains tricky to quantify.
Here at Sovereign, we recommend the careful use of techniques such as testing and development environment redeployment, global load balancing, and less aggressive RTOs to drive the cost of disaster recovery down. To learn more, or to find out how we can help your business prepare for the unthinkable, get in touch.