There’s a lot resting on a CIO’s shoulders when if comes to disaster recovery (DR) plans. Data is now a core asset so disaster recovery is no longer just about system recovery but also about data recovery. You will probably be surprised to hear that about 40% of organisations don’t have a disaster recovery plan of any sort and even if they do exist they may well not be maintained to reflect the ever-changing infrastructure, and worst of all they are not tested.
There are tried and tested best practices which will help you put together a robust disaster recovery strategy, below we suggest 7 you will find an invaluable place to start.
- GET PERSONALLY INVOLVED
Don’t leave your DR planning to a few IT people who have a bit of time on their hands. Make DR planning a strategic and business imperative and make sure that all your business colleagues are proactively informed. Encourage them to give feedback while being aware that you are the lead on this programme
2. BEGIN WITH A RISK ANALYSIS
Risks run from manmade to natural disasters and come in all shapes and sizes from idiotic mistakes to tsunamis. Assign each one a likelihood of occurrence, being neither too confident nor too pessimistic. Your plan should include a systems prioritising strategy, categorising your systems by criticality. Be aware of scenarios where any downtime might be critical and those where it might be some time before major issues will occur.
3. DEAL WITH RESISTANCE
IT teams have in place rock-solid, secure and stable infrastructures and people are unwilling to mess with them. If they are asked to they often play the ‘security’ card. You need to counter this by reassuring your team of the trust your institution places in external suppliers, from HR, legal and financial and that IT is no different. This argument might be easier if you are already using SaaS applications like email, Office and ERP tools so use this success to leverage your case.
4. TIE YOUR CLOUD AND VIRTUALISATION EFFORTS TOGETHER
Disaster recovery should appear high on the list of budgetary priorities for any IT team; it rarely does. So you might piggyback DR costs for planning, solution selection, deployment and testing on some other IT effort and virtualisation is one of the most appropriate. Virtualization gives you portability of applications and the pay-as-you-go cloud economic model gives you an affordable off-site option for any DR strategy. Don’t forget that you will need a robust recovery option which ensures that applications and data are recoverable without threatening business continuity.
5. MAKE MOBILE A CENTRAL ELEMENT OF YOUR PLAN
Mobility is becoming one of the top concerns for any IT team and with Gartner predicting that by 2017 50% of employers will require staff to bring their own devices into the workplace suddenly the risk of data loss from personal devices is a major issue. It is essential that you work with your institution to develop a AUP (acceptable use policy). This will provide a framework for what the enterprise can and can’t do with an employee-owned device and how much access any employee can have to institutional data. Your DR plans will need to revolve around this policy.
6. DON’T LET DR TESTING IMPACT MORALE
Don’t let fear of the unknowable impact on your smooth running of your team. Set sensible expectations for your team and put in place regular check-points to make them feel confident that they are heading off disaster with their work. Over the long term you need to build a culture where DR testing is no different from testing an application before deployment; don’t let it become stigmatised.
7. HAVE GENUINE BELIEF IN YOUR DR PLANS
There are numerous risks and contingencies which you will need to account for in any DR plan. Be savvy and use the cloud and virtualisation to more easily meet the DR requirements within your budget. If you use real-world examples, preferably from within your own institutions, and show how you will manage any crisis without damaging activity or security you are half way towards making your DR plan part of the fabric of running your business.
If you can’t stand up in front of your senior management team, tell them you have a comprehensive DR plan and demonstrate how risks are mitigated and continuity assured, you need to go back to the top of this list and start again.
Look at ComVault for more information on this.