How to Avoid Disaster Recovery Failures
Experiencing a disaster is one of the worst possible events for both businesses and their IT departments. However, there is one worse event – failure to recover from the disaster. While every IT department should have a disaster recovery (DR) plan, that doesn’t mean every DR plan will work.
In the best case, a failure costs the business unexpected downtime and expensive delays while they attempt to recover. In the worst case, the business could go under. That’s not just hyperbole.
According to a report from the Federal Emergency Management Agency (FEMA), 40% of businesses never reopen following a disaster. And for those that do, the impact is so high that another 25% fail within one year. Disaster recovery failure is simply not an option any business wants to experience.
To avoid disaster recovery failure, you should consider the following four points:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
- Identify critical apps, data, and services to recover
- Include stakeholders at every level of the business
- Test regularly
- Update regularly
Let’s have a closer look at some of the reasons why DR plans can fail.
1. Improperly identifying critical disaster recovery components
The first part of an effective DR plan is identifying the different assets and their dependencies for your business critical applications. Identifying your critical applications is typically fairly straight forward. However, today’s applications can be very complex with lots of moving parts and dependencies that can be both critical as well as easy to overlook.
These dependencies can be all sorts of things ranging from local programs and services, to local files and shares, to hard coded name requirements, or to external web services. All of these dependencies should be documented. And if you miss any of them, then your recovery efforts can be delayed or they can fail.
2. Failure to include the right people
To create a successful DR plan, you need to have the right people involved at all levels of the business. You need to have management buy in at the top in order to get both the funding for the plan as well as the involvement from personnel in different parts of the business.
While IT deploys and maintains critical applications, the applications themselves are typically managed and used by employees in various other departments. Key people from these other departments need to be involved in both the creation of the disaster recovery plan as well as subsequent testing. And of course, the actual execution of the DR plan.
3. Lack of testing
While we’re on the topic of testing, a bigger and much more common problem is the failure to actually test your disaster recovery plans. The reality of the situation is that testing DR plans is difficult and time consuming. DR tests can take a lot of time and resources to execute.
These tests are usually run infrequently and often the testing process runs into problems. That said, regular testing is the only reliable way to know that your disaster recovery plans are going to work when you need them.
Several of today’s tier one DR products and Disaster Recovery-as-a-Service (DRaaS) offerings provide the ability to perform full or component testing of your DR plans, allowing you to be sure that they will work when they are needed.
4. Failure to update your disaster recovery plan
Unfortunately, creating a DR plan is not a one-time-and-you’re-finished type of endeavor. It’s inevitable that business processes experience configuration drift. Today’s IT environment is constantly changing. Applications, configurations and business processes drift and become different over time – diverging from the infrastructure that is replicated in the disaster recovery plan.
The only way to accommodate these gradual changes is to periodically perform a detailed review and reevaluation of your DR plans. Periodically adjusting your DR plans will keep them up-to-date with your current business processes and avoid the DR failure of restoring old and outdated infrastructure that no longer works.
Following the 7Ps of DR planning
An old and fairly well known adage from the British Army does a pretty good job of summing up the requirement for backup and recovery – proper planning and preparation prevents piss poor performance (7Ps). Having a strategy and an effective plan for carrying out your DR steps is certainly vital for a successful recovery.
However, as we’ve seen, just having a plan isn’t really enough. Yes, you need a plan but you also have to prepare by regularly and repeatedly reviewing, updating, and practicing your DR processes.