— December 14, 2018
From natural disasters, errant employees, malware to even a rodent with an appetite for cables — the likelihood of an organization suffering a data disaster has never been greater. An organization’s best defense is to plan for business continuity and disaster recovery by using best practices that guide organizations to possibly prevent and/or better manage an (unpredictable) disruptive event.
An organization cannot risk the catastrophic damage to data and reputation that a breach can cost. Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $ 3.86 million. And more damaging than that is the loss of reputation and customers — 65 percent of customers who have had their data compromised said that they lost trust in an organization, and one in three chose to discontinue their relationship permanently.
Let’s start by understanding what the terms imply and their key components.
Disaster Recovery Planning
Disaster recovery is the immediate process by which an organization can recover its IT business infrastructure after a disruptive event. It is largely IT-specific and is often part of the Business Continuity Plan. As each organization’s IT processes and systems can vary, there is no one-size-fits-all Disaster Recovery Plan. However, a plan typically includes:
- Preventive measures that mitigate risk and prevent an IT disaster from occurring. Examples include backing up data on the cloud, conducting routine security audits, etc.
- Detective measures that help discover potential threats. For example, updating antivirus software, installing server/network monitoring software, etc.
- Corrective measures are steps to quickly restore the IT system after disaster strikes.
Apart from the objectives and processes/measures, the Disaster Recovery Plan also has to include people or teams responsible for its implementation.
Business Continuity Planning
Business Continuity Planning refers to the more comprehensive process that encompasses preventive steps and recovery processes when dealing with both major disasters and relatively minor ones such as employee exits, third-party vendor issues, supply chain interruption, etc.
The processes under business continuity planning include analysis, design, implementation, testing and maintenance. Of these, analysis lays the critical groundwork for successful business continuity planning. It includes Business Impact Analysis which defines the various business function, their criticality and the acceptable Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each of the functions. It also comprises of Threat Analyses with a list of potential threats and the recovery steps to be taken for each of them. Threat Scenarios correlate the Business Impact Analysis and Threat Analysis with documented scenarios and steps that the business should take to effectively respond to the threats.
Analysis is followed by design of the solution/identification of tools that can be used. For example, identifying a SaaS backup and restore solution for offsite backup and quick recovery. After that comes Implementation and Testing of the various solutions across the organization. Finally, the Business Continuity Planning has to be maintained — updated annually/biannually to keep up with organizational/business/market changes.
Criteria for Success
For the Disaster Recovery Plan or the Business Continuity Plan to be a success, it helps if certain key criteria are met, including:
- Stakeholder Buy-in: For Disaster Recovery or Business Continuity planning to not be another routine fire drill, stakeholder buy-in is required to elevate it to the high-priority planning that it is.
- Holistic Focus: While recovering data and getting systems up and running is your top priority, planning that encompasses other “non-tangibles” or preventive steps should not be neglected. For example, having regular security trainings for employees, ensuring support staff backup, etc.
- Regularly Update Plans: As the organization and its business and IT processes evolve, so must the Disaster Recovery Plans/Business Continuity Plans. To ensure relevancy, the plans must be updated at significant milestones such as major version updates, mergers/acquisitions, etc.
Our Take at Spanning
Across verticals, our clients have reiterated to us the crucial support accurate and quick data recovery can make, particularly when hit by malware, sync errors, and accidental or malicious deletion.
As Will Critchlow, founder and CEO at Distilled puts it, “With Spanning Backup, we can sleep easy, knowing that in the worst-case scenario, we can quickly recover business-critical data even if we somehow lost it from our main accounts. It’ll pay its biggest dividends at the most stressful moments in the future.”
The fact is disaster can and will strike. Timely preventive and corrective steps can make the difference between total mayhem or calm recovery. A reliable backup and restore solution, particularly one where data is stored securely on the cloud is an essential part of a rock-solid Disaster Recovery Plan and to ensure Business Continuity.
“Your job does not end with just moving your data to the cloud. While Google [and Microsoft] provides a robust and redundant infrastructure, it does not cover for an object that is either accidentally deleted or maliciously deleted,” says Steve Simmons, director of IA at AMAG Pharmaceuticals.