Four Common Disaster Recovery Myths

Most organizations have finally been convinced about the need to have a robust disaster recovery (DR) plan to protect their essential workloads. That’s due in a big part to the fact that almost everyone in IT is all too familiar with Murphy’s Law that states if something can go wrong it will go wrong and that other old IT axiom of,  it’s not if something is going to fail – it’s when it’s going to fail. While you may not need a DR plan most of the time, there definitely will come an instance when you will.

A recent Gartner report showed that around 80% of businesses faced an incident in the last few years that required the use of their DR plan. While the need for DR is pretty well established, there are still a number of myths about DR that can hinder a successful implementation. Let’s tackle some of these DR myths.

Our business doesn’t really need a DR plan — Some organizations have this mindset because they are in an area where natural disasters seldom occur.  However, that doesn’t mean that your business is safe from other types of events. For instance, your business could be brought down by cyberattack or ransomware or even the possibility of fire. Plus, disasters and data loss can also be caused by human error. One prime example of that was experienced by British Airways back in 2017 when their entire operations were brought down by an engineering error that resulted in the cancelation of over 400 flights.

Our business uses cloud apps and they are automatically protected – While it’s true that today’s major cloud providers have extremely high levels of availability it’s also true that just running your apps in the cloud is no guarantee that your critical data is protected. All of the major cloud providers do offer geo-redundancy and disaster recovery as a service (DRaaS) but you don’t get these features automatically. Instead, these are almost always add-on services that you buy above and beyond a standard services agreement for Infrastructure-as-a-Service (IaaS) or Software-as-a-Service offerings.

Backups eliminate the need for DR – Backing up your critical workloads and data is certainly the core of a sound data protection strategy. However, backups don’t guarantee that you will be able to recover all of your data following a disaster. The data that can be restored by a backup is only as the current of the point-in-time when the last backup was completed which means there can be possible data loss. Backup and DR are both separate and essential pillars of overall business continuity and data protection strategy. Backups provide vital data copy and archival functions and they can provide a last line of defense in a disaster recovery situation but they don’t provide the fastest recovery time objectives (RTOs) or the shortest recovery point objectives (RPOs). Dedicated DR and DRaaS solutions can provide far faster recovery with less data loss.

We have a DR plan so we’re all set – Having a DR plan is great. However, many businesses make the mistake of thinking that once they’ve created a DR plan, that’s all that they need to do. Unfortunately, that’s not ever really the case. Businesses are not static entities where nothing ever changes. Instead, most organizations are continually deploying new applications as well as changing and updating business processes.  For your DR plan to work when you need it to, you need to go back and periodically review and update the plan to account for the changes in your business. Further, to really have confidence in your DR plan you need to periodically test it or at least select portions of it to ensure that everything is working the way you expect it to.