We get it: company executives don’t usually want to talk about Backup and Disaster Recovery (DR). You  need compute power to outpace the competition, and flexibility for an increasingly distributed workforce. You need options for a post-COVID world.

We can help you with those things too, but consider, if your company suffers a major data disaster and you don’t have a resilient DR plan, you face an over 90% chance of going out of business within one year.

Sometimes a company’s disaster recovery (DR) readiness can be summed up as one of the following:

“We have a nightly backup but our DR plans are mostly ad hoc.”
“We have a policy, but we’re not consistent. We don’t know how reliable the backups are.”
“We tested our DR plan a couple times last year. The file we opened seemed fine.”

Testing a backup file is one of a thousand steps to minimize downtime exposure and recover all your services within your recovery time objective. Forrester/DRJ’s The State of IT Disaster Recovery Practices and Preparedness, 2020 Survey indicates that the above is no longer the norm. Now over half of companies have a high-level DR program in place, and regularly test them.

Are you one of them?

In the past week alone we have had crippling ransomware downtime at Garmin in Kansas, raging fires in multiple locations of California, and a 4.4 earthquake in Los Angeles. We realize most IT departments struggle to justify their DR budgets, so we hope the following self-directed quiz helps restart some DR conversations.  

Your Disaster Recovery Quiz

To determine your organization’s DR readiness, review and rank yourself on a scale of 1 to 5 on the following 9 topics. We include a chart at the end so you can review your answers:

1 
2 
3 
4 
5 
6 
7 
8 
9 
  • Your DR Runbook should cover all details of your physical and logical architecture, dependencies (inter- and intra-application), interface mapping, authentication, etc. Infrastructure mapping allows organizations to see how applications interact to deliver various functionalities. Regular map reviews will keep your organization from overlooking that new critical resource in your backups.

    The key to getting your DR documentation right is to step through the sequences of your recovery process. The goal is not merely to restore data to servers but to verify the functionality of application services.

    Many organizations feel that as long as their DR strategy can recover the servers, they should be able to recover the business services that run on them. This is not necessarily the case. Your documentation should include a technical recovery plan for each application/service, with a list of steps for the recovery and availability of each resource.

    If your documentation is current, is it also available in hard copy and digital form? Can key contacts and emergency teams access it remotely on their cellphones? Is it a collaborative document, in a cloud-based resource such as SharePoint?

Which DR Readiness level are you?

Now that you have calculated your DR Readiness level, the following chart helps visualize your organization’s likely recoverability, along with other notes:

Level One: Ad Hoc

Almost nothing is being done to ensure readiness to recover from an outage. Occasional backups may be run by various folks, but recovery is completely ad hoc.

The absence of a recovery plan means any event causing downtime will trigger a scramble to try and figure out how to recover.

Most don’t aim for this level. However, in the fast-changing business world, time and budgets are short, and for some organizations, this is the result. Even documenting a few critical technical and business recovery procedures would be a big help, but are often overlooked.

At this level, there may be little or no senior management support for DR readiness, though the recent pandemic may help in changing minds.

Level Two: Reactive

Some protections are in place, including scheduled local backups, remote or cloud-based data copying for disaster recovery, and possibly a server failover process for business continuity. However, there’s no established budget or process for verifying if the DR plan is valid.

Your DR solution might be a set of disparate products instead of a unified solution, which makes its maintenance expensive and labor intensive.

For example, a crisis at Level 2 may involve trying to restore a corrupted database and finding no recent backup exists. After recovering an older version of the database, your team will need to manually reenter the lost data, reducing your overall productivity to a level where advanced DR planning becomes affordable.

Your documentation consists of loosely sketched guidelines or is completely reactive, making disaster recovery planning difficult to measure. You won’t know the cost of system downtime.

Level Three: Prepared

You have documentation with clear recovery procedures. Your recovery point and recovery time objectives (RPO and RTO) are aligned with your business needs.

However, you may still encounter surprises during a recovery operation. For example, your DR team may scramble to resolve a recovery problem because the IT department failed to change the backups when you replaced one of your servers.

With proper, regular testing, these types of problems can be identified and corrected before a crisis impacts your organization’s reputation and bottom line.

Level Four: Pro-Active

Your organization has all the infrastructure and documentation of Level 3, but in addition, you perform proactive validation by testing local recovery procedures and periodic disaster drills.

Your RTO is routinely tested to ensure you minimize the negative outcomes of downtime.

Your DR documentation has become a “living” document that will be periodically reviewed and re-validated so that it is consistent with the company’s business objectives.

Level Five: Resilient

Your disaster recovery program integrates detailed recovery procedures with your business continuity plan. Senior management fully endorses the IT DR planning process, and senior managers periodically attend your DR tests as observers.

Not only have you implemented effective preventive measures to minimize threats, your organization has achieved a level of resilience by using a balanced configuration of resources that include on-site hardware and software, virtualized systems and storage, and either a cloud-based DR provider in concert with your inhouse IT team or an advanced third-party managed IT services provider like AllConnected. Your backups follow the 3-2-1 rule with air gaps.

You are confident that your organization can address virtually any incident quickly, with minimal data loss, and that your IT systems and business processes can be returned to normal production well within your established RTO and RPO limits.

Conclusion

So how well did you do? Did you come out better or worse than expected?

AllConnected would love the opportunity to review your IT resources and find ways to level-up your DR resilience. To request a customized DR Runbook, or to talk with a DRaaS specialist, please fill out the form below.