Developing a strategy before disaster strikes is the key component of all successful DR plans. In the middle of a disaster, panic sets in, response times are elongated, and rush decisions are made. Each minute, each hour that goes by is money and credibility lost.
A pre-determined plan ready to set in motion will minimize disruptions to business colleagues and their systems and maintain operational stability of the business in the event of a catastrophe.
Objectives of a sound strategy will:
- Guarantee the availability of support systems;
- Minimize delays and outages;
- Provide standards and goals of the disaster recovery plan; and
- Eliminate any compromised decision-making during disasters.
Where to Start
First you have to determine whether you need to build a new disaster recovery plan from scratch, or improve on an existing plan. Environmental and technological changes are constantly occurring so it is necessary to update your strategy to reflect these changes on a regular basis (making sure your plan will still work for the any shifts in the threat-risk landscape).
Determine Outside Threats
No matter where you begin the strategic process, you have to consider possible threats and exposures. Sometimes it makes sense to “freshen-up” your list with a walk-around, external threat and risk assessment. This can prompt you to think about new ones that may occur, including power outages, hardware failure, or weather related physical damage, to name a few. However, you won’t be able to put your finger on of all of them – it’s the uncertainty of forecasting future events. Use historical data to analyze the frequency of events that have occurred in the past and probability of them re-occurring in the future. Some are threats you cannot avoid, but you can prepare for.
Evaluate Critical Risks
After you have identified possible threats, you then need to focus on the data centers and systems that are most critical to the function of your business. For a data center there are many potential vulnerabilities: physical destruction due to fire, structural collapse, water leakage, loss of power, power spikes, loss of heating / air conditioning, de-humidification and potentially, sabotage. Consider how any and all threats may impact your ability to sustain safe and continuous operation of your systems and what this will do to your bottom line. Doing this will help you focus on the actual costs of downtime and assign a financial value to the loss of your most important systems. Completing a business impact assessment will help you sort-out the desired speed of recovery and how much essential data loss is tolerable, and to quantify and justify the financial costs of protection of any particular system.
A Holistic Strategy
A holistic approach to disaster recovery is necessary to determine recovery alternatives and solutions and their benefits to affected business functions. In some cases, fixing one “gap” may reduce another. For example; the virtualization of hard drives and processors creates an opportunity to consolidate a number of systems on fewer physical devices at a recovery site. However, this may “force” a mixed group of critical and non-critical systems to failover, even though some systems are not as important to the business. This complicates the job of IT. More effort will be required to set-up, test and maintain recovery procedures for individual systems, especially, when underlying technology is shared.
If you do not carefully develop the strategy of the disaster recovery plan, the implementation phase can create new challenges. Before implementation, all recovery site and recovery technology options need to be considered and their impact on your program.
Cost-effective implementation and maintenance of a disaster recovery plan hinges on a well-developed, carefully thought out strategy.
