7 things your IT disaster recovery plan should cover

手机数码 IT World (源链)

Hurricanes. Tornadoes. Earthquakes. Fires. Floods. Terrorist attacks. Cyberattacks. You know any of these could happen to your business at any time. And you’ve probably got a disaster recovery (DR) plan in place to protect your enterprise’s data, employees and business.

But how thorough is your DR plan? When was it last updated and tested? Have you taken into account new technologies and services that can make it easier to recover from disaster? The following are 7 things your IT disaster recovery plan should include.

1. An analysis of all potential threats and possible reactions to them

Your DR plan should take into account the complete spectrum of “potential interrupters” to your business, advises Phil Goodwin, research director of data protection, availability and recovery for research firm IDC. (IDC is part of IDG, which publishes CSO.)

You should then spell out a recovery plan for each scenario. For example, Goodwin says, “If there’s a cyberattack that shuts down servers in D.C., do you have a transition plan for that scenario?”

Of course, not all scenarios are equally likely to occur. So as best you can, try to anticipate which potential disruptors are most probable. Sadly, cyberattacks are becoming “a more likely scenario” these days, Goodwin notes. So, you might want to give cyberattack planning precedence over some natural disruptors in your planning, he explains.

2. A business impact analysis (BIA)

To effectively determine DR priorities, put each major information system through a business impact analysis, recommends Mark Testoni, president and CEO, SAP National Security Services, Inc.

A BIA “identifies and evaluates the potential effects (financial, life/safety, regulatory, legal/contractual, reputation and so forth) of natural and man-made events on business operations,” according to Gartner .

[ Related: 4 top disaster recovery packages compared ]

“Completing a BIA for major IT systems will allow for the identification of system priorities and dependencies,” notes Testoni. “This facilitates prioritizing the systems and contributes to the development of recovery strategies and priorities for minimizing loss. The BIA examines three security objectives: confidentiality, integrity, and availability.”

Testoni adds that a BIA helps establish priorities for your disaster recovery, business continuity, and/or continuity of operations plans. “A standard approach to developing a comprehensive disaster recovery plan is to first develop the policy, then conduct the BIA,” he says. “After creating a prioritization with the BIA, contingency strategies are developed and formalized in a contingency plan.”

You can find BIA templates and questionnaires online from Ready.gov and the National Institute of Standards and Technology , among other sources.

3. People

A common mistake many organizations make in their DR plans is “too much focus on technology and not enough on people and process,” Goodwin says. “IT is an enabler. Never forget you’re not just recovering data and servers.” He recommends thinking about how to build a DR plan in the context of your entire organization. “What behaviors will you need from your user community? What do they need to get up and running again after a disaster?”

Also, identify by name the critical people charged with responding to a crisis, says John Iannarelli, a security consultant and speaker and former member of the FBI Cyber Division. Make sure you have their email, cell and home numbers. Make it clear who will be called in to work during a crisis. Know who you’ll call for help, such as law enforcement, and if possible, establish a relationship with authorities before a disaster strikes. And decide in advance who will speak for your company to the victims, clients and employees in the event of a disaster. “Know what you plan to say, how much you plan to reveal, and how you’ll reassure those who might be nervous of continuing business with your company,” he adds.

4. Updates

Another big mistake organizations make is not updating their disaster recovery plans after changes are made to their internal systems, such as major software updates, notes Mark Jaggers, a Gartner research director focused on IT infrastructure strategies. Your plan isn’t complete unless it takes into account all the technologies, systems and applications currently in use.

Plus, there may be new technologies or offerings to come along since you made your DR plans. DR plans are based on assumptions about the processes and tools available at the time the plans are finalized. “But those assumptions can change significantly, as technology evolution is quicker than ever before and innovations spring from unlikely places,” notes Milind Kulkarni, VP of product management for network resilience company Veriflow.

“Advances in computer science, predictive algorithms and the availability of huge compute capacity at a reasonable price-point allow the emergence of new approaches and solutions to guarantee IT systems’ resilience, uptime, availability and disaster recovery,” Kulkarni adds.

For example, with services such as Amazon’s AWS Snowball, organizations can transfer petabytes of business data to a dedicated, secure appliance on site. Once the transfer is finished, you ship the appliance to the AWS center of your choice, where your data is transferred into the cloud. AWS Snowball and others like it give organizations innovative, affordable new ways to ensure data redundancy, Kulkarni says—which is a foundation of any DR plan.

5. Priorities

“Identify what’s most important,” recommends Iannarelli. “Not everything in your business is worth saving or needs to be protected. Your proprietary information, of course, is. But any info that is for public release is not as important. Think of it as if your house were on fire. What would you grab as you run out the door?”

6. Regular practice drills

[ Related: For IT, climate change means preparing for disaster ]

“Just having a DR plan isn’t enough,” warns Kulkarni. “The plan needs to be regularly tested, and people need to practice procedures, just like a school prepares its students for fire and emergency drills on a regular basis. If not regularly practiced, the plan is ineffective.”

7. A consideration of DRaaS

The growing practice of moving data operations into the cloud has helped give rise to disaster recovery as a service (DRaaS). These on-demand services from providers such as iland and IBM have made DR easier and more economical, which in turn is enabling more organizations to be better prepared for disasters, Goodwin says.

When considering DRaaS, ask how the provider will test and validate recovery of your data and workflows, Goodwin advises, as some testing is more extensive than others.

Don’t wait

The biggest mistake most companies make is waiting until after a cyberattack or disaster to figure out what to do next, says Iannarelli. “In my 20 plus years with the FBI, I’ve never seen anyone fired from a company because of a data breach. But I have seen many people fired for their failure to respond properly to a breach.”

This story, “7 things your IT disaster recovery plan should cover” was originally published by CSO .


Amping up your disaster recovery with Azure Site R... If you are in the process of building or revising your business continuity plans, it’s worth taking a look at Azure Site Recovery (ASR). ASR is a disa...
Backups and Disaster Recovery In this post, we’ll look at strategies for backups and disaster recovery. Note: I am giving a talk on Backups and Disaster Recovery Best Practic...
Cloud Disaster Recovery for MariaDB and MySQL MySQL has a long tradition in geographic replication. Distributing clusters to remote data centers reduces the effects of geographic late...
Post disaster recovery SQL Server database checkou... Question:Post disaster recovery SQL Server database checkout script is required.I need to iterate through hundreds of SQL Server Instances with thous...
Part 1: Automated Backups and Disaster Recovery on... Looking for a fresh, 2018 approach to deploying a Rails app to AWS? We've partnered with DailyDrip on a series of videos to guide you through the pro...
IT World责编内容来自:IT World (源链) | 更多关于

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 7 things your IT disaster recovery plan should cover

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录