Business Continuity & Disaster Recovery Planning
Disasters, unpredictable by nature, can strike anywhere at anytime with little or no warning. Recovering from one can be stressful, expensive and time consuming, particularly for those who have not taken the time to think ahead and prepare for such possibilities. However, when disaster strikes, those who have prepared and made recovery plans survive with comparatively minimal loss and/or disruption of productivity.
Disasters can take several different forms. Some primarily impact individuals -- e.g., hard drive meltdowns -- while others have a larger, collective impact. Disasters can occur such as power outages, floods, fires, storms, equipment failure, sabotage, terrorism, or even epidemic illness. Each of these can at the very least cause short-term disruptions in normal business operation. But recovering from the impact of many of the aforementioned disasters can take much longer, especially if organizations have not made preparations in advance.
Most of us recognize that these potential problems as possibilities. Unfortunately the randomness of some of these disasters lulls some organizations into a sense of false security-"that's not likely to happen here." However, if proper preparations have been made, the disaster recovery process does not have to be exceedingly stressful. Instead the process can be streamlined, but this facilitation of recovery will only happen where preparations have been made. Organizations that take the time to implement disaster recovery plans ahead of time often ride out catastrophes with minimal or no loss of data, hardware, or business revenue. This in turn allows them to maintain the faith and confidence of their customers and investors.
Disaster Recovery Planning is the factor that makes the critical difference between the organizations that can successfully manage crises with minimal cost and effort and maximum speed, and those that are left picking up the pieces for untold lengths of time and at whatever cost providers decide to charge; organizations forced to make decision out of desperation.
Detailed disaster recovery plans can prevent many of the heartaches and headaches experienced by an organization in times of disaster. By having practiced plans, not only for equipment and network recovery, but also plans that precisely outline what steps each person involved in recovery efforts should undertake, an organization can improve their recovery time and minimize the time that their normal business functions are disrupted. Thus it is vitally important that disaster recovery plans be carefully laid out and regularly updated. Organizations need to put systems in place to regularly train their network engineers and mangers. Special attention should also be paid to training any new employees who will have a critical role in the disaster recovery process.
There are several options available for organizations to use once they decide to begin creating their disaster recovery plan. The first and often most accessible source a business can drawn on would be to have any experienced managers within the organization draw on the knowledge and experience they have to help craft a plan that will fit the recovery needs specific to their unique organization. For organizations that do not have this type of expertise in house, there are a number of outside options that can be called on, such as trained consultants and specially designed software.
One of the most common practices used by responsible organizations is a disaster recovery plan template. While templates might not cover every need specific to every organization, they are a great place from which to start one's preparation. Templates help make the preparation process simpler and more straightforward. They provide guidance and can even reveal aspects of disaster recovery that might otherwise be forgotten.
The primary goal of any disaster recovery plan is to help the organization maintain its business continuity, minimize damage, and prevent loss. Thus the most important question to ask when evaluating your disaster recovery plan is, "Will my plan work?" The best way to ensure reliability of one's plan is to practice it regularly. Have the appropriate people actually practice what they would do to help recover business function should a disaster occur. Also regular reviews and updates of recovery plans should be scheduled. Some organizations find it helpful to do this on a monthly basis so that the plan stays current and reflects the needs an organization has today, and not just the data, software, etc., it had six months ago.
Not many years ago when a business wanted to find the ways to prepare itself against disaster and ensure business continuity should catastrophe strike, the bulk of the organization's time, money, and effort would be spent on ways that disasters could (hopefully) be avoided altogether. Often the outcome of an organization's search for ways to protect their most critical business applications (in order to shore up their business continuity if disaster hit), was that they found they could potentially avoid harm through the use of redundant data lines. As news of this information spread, it did not take long before the words "disaster" and "recovery" were replaced by "continuity" and "resumption."
While a small percentage of corporate entities were still dedicated to disaster recovery as one way of maintaining business continuity, the bulk of the focus was placed on disaster avoidance. Over the last several years however, that paradigm has shifted and a new kind of disaster preparation has replaced that type of thinking. Avoidance is a great idea in theory, but cannot always be reproduced in real life.
The horrific events of 9/11 brought into sharp focus the short comings and inadequacies of the idea of avoidance plans as preparation. The urgent need to regain business continuity after the disaster, and the inability of many businesses to be able to gain access to their normal critical business functions were a wakeup call for corporations everywhere to reevaluate the plans they had previously put in place to mitigate such events. 9/11 made many organizations realize the vast inadequacy of their current plans as they saw the heavy price paid by many organizations for their unwitting vulnerability. Attempting to avoid disaster was a good place to start, but now organizations realized that they must prepare for unavoidable circumstances as well.
Connectivity / WAN Redundancy
One of the most common areas of vulnerability for organizations when a disaster strikes is the loss of their WAN connectivity. Earthquakes, floods, and acts of war can certainly disrupt the use of an organization's data lines. But loss of WAN connectivity can happen even without a major catastrophe. Much simpler threats such as the accidental cutting of data lines or equipment failure can have the same devastating net result on connectivity. Whether the cause is a construction mishap from the new building next door, or the effects of a far more serious event like a flood, fire, or terrorist attack, if an organization loses their connectivity their business continuity is often lost as well, and they are functionally in a state of disaster.
The loss of WAN connectivity can have serious consequences for an organization's daily business activities. Emails, financial transactions, ERP/CRM systems, order placement and processing, are just a few of the critical operations affected by WAN connectivity. If connectivity is lost these activities can be severely slowed or halted altogether until data lines can be recovered. Thus, having a functioning WAN system is critical for productive business operation and should be an integral part of any disaster recovery plan.
There are several methods available for organizations who want to ensure a high availability of WAN connectivity as part of their disaster recovery plan. The earliest techniques used to back up data lines were complex and cumbersome. They used multiple data lines that were connected to a programmable router. Complex programming allowed data to be passed over multiple connections which helped reduce vulnerability to a single line and helped protect against backbone failure. This technique, though far from streamlined, was better than no back-up system at all and did help maintain at least some business continuity.
Since that time the technology has evolved and a more elegant technique is available. This new technique involves the use of intelligent devices that can handle multiple data lines of different speeds from multiple providers simultaneously. These devices, called Router Clustering Devices, intelligently detect if a line, component or service is failing and then proceed to switch the flow of data to other available and working lines. These advancements provide better protection for an organization's data flow. They reduce the potential mess of disaster recovery and in turn increase business continuity when disasters do happen without the complexity and awkwardness of the old system.