Disaster recovery (DR) is part of security planning which aims to protect an organization from the effects of a significant disaster. DR enables organizations to maintain and quickly resume critical functions after a disaster.

A disaster can be defined as anything which puts operations of an organization at risk. This ranges from equipment failure to natural disasters. The goal of DR is to assist organizations to continue operating normally after a disaster. Planning and testing are part of disaster recovery, and at times it involves a separate physical site for restoring operations.

The importance of disaster recovery: RTO and RPO

Businesses have become less tolerant for downtime as they become more reliant on high availability.

A disaster can bring devastating effects on business. Statistics show that not many businesses have been able to find their footing again after experiencing a significant data loss. But, disaster recovery can help such businesses.

Recovery time objective (RTO) and Recovery point objective (RPO) are two important measurements in disaster recovery and downtime.

RTO is the maximum amount of time taken by an organization to recover files from the backup storage and resume normal operations after a disaster. It can also be defined as the maximum amount of downtime an organization can handle. If an organization has an RTO of five hours, it cannot be down for longer than that.

RPO is the maximum age of files that an organization must recover for normal operations to continue after a disaster. RPO determines the minimum frequency of backups. For example, if an organization has an RPO of ten hours, the system must backup at least every ten hours.

The RTO and RPO assist IT administrators choose the best disaster recovery strategies, procedures, and technologies.

Organizations which need to meet tighter RTO windows should always have secondary data so that it can be accessed more quickly. One way of restoring data more quickly is recovery-in-place. This technology eliminates the need to move data across a network as it moves back up data to an active state on the backup appliance. It can protect organizations against storage system and server failure.

There are several things which an organization should consider before using recovery-in-place. These include the performance of the disk backup appliance, the time needed to move data from backup state to live state and failback. Recovery-in-place can take up to 15 minutes; therefore organizations may be required to perform replication if they want a quicker recovery time.

It requires a comprehensive approach which encompasses software and hardware, power, connectivity, networking equipment to prepare for a disaster. Testing to ensure that DR is achievable within RTO and RPO targets is also required.

DR planning and strategy

A good DR plan helps organizations to have a structured approach when responding to unexpected incidents that threaten the organization’s IT infrastructure. The plan provides detailed disaster recovery strategies for recovering disrupted networks and systems. This helps in significantly reducing the negative impacts of a disaster to a company’s operations.

Potential threats to the IT infrastructure can easily be identified through regular risk assessments. The disaster recovery plan gives guidelines of how to recover things which care critical to the organization.

Disaster recovery testing

Disaster recovery testing helps organizations to identify gaps as well as provides an opportunity to rehearse actions in the event of a disaster. A disaster recovery plan has a lot of moving parts, so testing the plan assists the organization to understand what employees should do during disaster recovery scenarios.

Organizations should always have a schedule for testing their disaster recovery policies. However, they should be wary that these schedules can be disruptive to their daily operations. Frequent disaster recovery testing can drain the employees, but organizations with less regular schedules tend to delay their testing further. Furthermore, organizations should test their DR plans after any system changes.