Disaster Recovery 2.0: Protecting Businesses from Potential Catastrophic Risks

By:  Mohamad Rizk, Manager System Engineers, Middle East at Veeam

Unpredictability is a fact of life, and nature brings plenty of it. Be it flooding, fire or even earthquakes and hurricanes, businesses worldwide can be susceptible to a whole range of natural disasters. Unfortunately, business leaders normally don’t think it will happen to them. They have insurance and believe that is the box ticked. However, just because you might get a financial return if your data centre floods, that’s only part of the problem resolved. What happens to your services and data that keep your businesses running? The likelihood is you’re looking at some form of downtime and service outage, which is going to hit your business in all manner of ways.

Whether it is caused by cataclysmic weather, technological malfunctions or human actions, an IT outage can be devastating. But businesses can be put off extensive disaster recovery plans by the perceived cost and complexity. That leaves many relying on outdated and untested processes, or worse – without any recovery plan in place at all.

Once upon a time, organisations relied on the old ‘ten mile’ rule, to work out the appropriate distance to store data backups. But with recent natural disasters impacting whole cities – or even whole countries – such rules are now redundant. In today’s ever changing environment, businesses can take advantage of the cloud and Disaster Recovery as a Service (DRaaS) to ensure that they are properly protected and always online.

Disastrous consequences

Businesses can suffer from a whole range of issues when an outage strikes. At the lower end of the scale, there’s the loss of employee productivity. This cost in itself can soon mount up, with Gartner estimating that firms lose on average $5,600 for each minute of downtime.

But with the rise of digital, businesses are under more pressure than ever to deliver an “always on” service, as downtime can have serious consequences for their customers. Think back to UK bank TSB’s three-week outage in April 2018. Thousands of the bank’s customers reported issues ranging from fines levied on outstanding payments to accounts being drained by fraudsters. Now there has been an eightfold increase in consumers leaving the bank, pushing it into a half-year loss, with a figure of £176.4 million attributed to the technology meltdown. All in all, the financial and reputational consequences of a disaster can be extensive.

An unplanned outage can happen to any business, at any time. IT teams have to ensure that they have a redundancy plan in place so that, as and when a company is affected, data remains available and the impact of the incident is mitigated as much as possible. Far from being a ‘nice to have’ or a sign of excessive caution, disaster recovery is a business imperative.

Safety in the cloud(s)

Disaster recovery has often centred on off-site servers, or even tapes, depending on how far back you go. But now, cloud computing offers an excellent alternative to these traditional disaster recovery methods, be it using disaster recovery as a service (DRaaS) from a service provider or simply putting backups in the cloud.. Moreover, when an outage takes place businesses don’t need to wait for on-premise servers to be recovered or incur the delays – and occasionally the risks – of having IT teams travel in person to the recovery site.

DRaaS is a valuable cloud-based model. The approach delivers comprehensive disaster recovery by replicating a business’ physical or virtual servers to provide failover. With DRaaS, business-critical applications can be up and running almost instantaneously after an incident.

Like other ‘as a Service’ models, DRaaS offers significant advantages for businesses of a range of sizes. The lower costs open up availability for smaller businesses, who could otherwise have struggled to implement such a service in-house. Equally, its scalability benefits the larger enterprises, whose needs might vary depending on the number of servers, applications and databases being used at any one time.

And whatever the size of the company, IT teams recover valuable time that might otherwise have been dedicated to back-ups. As a result, DRaaS is an increasingly popular option, with 25% year on year growth predicted for the offering over the coming decade.

Implementing DRaaS

To develop the most appropriate strategy, and to evaluate the role of DRaaS, businesses must consider disaster recovery in the context of their overarching business strategy. The best place to start is with a business impact assessment.

It’s important to work out which apps and business processes are most critical to keeping the business available all day, every day. Estimate the maximum amount of downtime the business can stand for each of these business processes before it fails. From there, work out what your ideal recovery targets would be for these apps and processes.

Running through some hypothetical scenarios might be helpful. How much data loss can you handle? How quickly do you need to be back up and running? How much would downtime cost the firm, in terms of output and broader consequences? All of these questions will help to define the recovery time objectives (RTOs) for the business and the best approach as a result.

Compliance is also an important consideration for scoping a disaster recovery strategy. With both the GDPR and NIS Directive in place, companies must ensure that they understand where specific data will go once shared. Any service provider worth its salt will be fully compliant with the legal requirements of the geographies they operate in. By finding the right platform, businesses can be confident that their strategy is both comprehensive and fully adherent to local laws.

A huge point that is often overlooked is that just having a disaster plan is not enough. You should look to regularly test the viability and quality of your backups to be certain they are completely recoverable, that the plan will function as expected and all data is where it needs to be (off-site, for example). The last thing you want during a disaster is to find that the plan hasn’t been completely implemented or run in months, or worse, discover there are workloads which are not recoverable.

Disaster recovery 2.0

It’s critical that businesses resist the temptation to bury their heads in the sand when it comes to disaster recovery. IT outages can happen to anyone – and IDC estimates that 80% of businesses that don’t have a disaster recovery plan will simply fail when one takes place.

When it comes to your data and IT services, there is a significant risk a business may never recover if it's not adequately prepared. We live in a digitally transformed world and many businesses can’t operate without the availability of systems and data. These simple points above can bring about the resiliency organisations need to effectively handle disasters, and prove their reliability to the customers they serve. So, while the full value of DRaaS might not be realised immediately, the right disaster recovery plan could prevent an outage from becoming a catastrophe for your business.