Business Continuity/Disaster Recovery: Start With A Plan

Today’s modern business needs to content with a number of complex issues. On top of competing for labor and market share, businesses must also prepare for scenarios which could disrupt their productivity or prevent operations. This is known as Business Continuity. By assessing and mitigating risks to their productivity, a business can ensure stable cashflow and success of their business units.

Disaster Strikes!

Even the best Business Continuity plan cannot prevent all Disasters from occurring. These disasters can be manmade or natural. Your local region could experience extreme weather that damages your office or datacenter. A gas leak could occur that makes your office uninhabitable. A hacker could infect your network and hold your data for ransom. All of these scenarios could interrupt your business workflow and put your employees and customers at significant personal risk. When a disaster strikes, a business must have a Disaster Recovery Plan in place to address the scenario.

A Disaster Recovery Plan will detail who will need to respond, tools available to responders, procedures to follow and overall objectives during disaster response.

Focus: Procedures and Backup Solutions

There are two tools which are essential to the success of a Disaster Recovery Plan:

1. Procedures
2. Backup Solutions

Procedures are written documents that detail your recovery scenario and actions necessary to recover. Each Disaster Recovery scenario should include a basic procedure detailing the following:

1. What is the scenario covered?
2. Who is a part of the Disaster Recovery team? Define the roles and resources attached to the plan.
3. What specific tasks must be completed to recover from the disaster?

Backup Solutions are systems, tools, and subscriptions which allow you to recover your data based on different time points. These tools allow you to meet objectives laid out in your Recovery Time Objectives and Recovery Point Objectives.

A good backup solution will help you implemet rock solid, Out-of-Band managed backups that store your data in multiple locations and with a quick restore period. A good backup solution will also allow you to run recovery exercises, verifying backups on a continual basis.

Example

Scenario:

The server rack that housed your application servers was damaged due to an accident.

Disaster Recovery Team:

Team Lead: A Manager or Project Manager who has decision making powers and trust of company leadership
Engineer: A technical resource or resources who have the appropriate skills to complete the tasks listed in the procedures list
Communication Lead: An agent of the team devoted to providing updates and timelines to the organization or customers effected by the outage.

Task List:

1. Identify the problem and state the recovery objective
The application servers have been destroyed. To recover, we must migrate our application servers to new hardware or virtual machines. We will recover from a nightly backup of application servers. We will perform this recovery to our cloud based data center, which does not have the network configured correctly. We will need to redirect traffic from the primary site to the cloud data center.
2. Plan goals and and assign work to resources
We will recover the environment in 24 hrs time from initiation of Disaster Response. We will need to engage a network engineer, a cloud specialist, and an application specialist to assist in this work.

Work assignments:
a. Recreate network at cloud data center - network
b. Redirect traffic from the main site to the backup site - network
c. Identify appropriate recovery object to restore - infrastructure
d. Restore application servers into the new environment - infrastructure, network
e. Verify that all servers, databases, and other components are operational
f. Communicate updates to customers and stakeholders on an hourly basis until service has been restored - communication lead
g. Coordinate team efforts and track progress, interface with company leadership - team lead

3. Identify tools and information needed to complete work
Identify the credentials and permissions that your resources will require to complete their assigned tasks. Additionally identify any spend that will occur and ensure that it will not halt progress on DR.
4. Assess risks involved in implementing disaster recovery
Create a risk assessment for any actions in the DRP that would put business operations at risk. In this case, changing the network traffic routes could disrupt other business operations for other products.
5. Communicate to stake holders the intent and timeline of the mission
6. Identify any financial or legal action that needs to take place as a result of Disaster Recovery

Vendors

There are a number of vendors who can help implement good backup solutions. These can either act as an end to end solutions, such as Datto BCDR or Axcient, or it can act as a part of a larger backup strategy, such as Veeam or Synology.

1. Axcient
2. Comet
3. Veeam
4. Datto SIRIS
5. Synology
6. Acronis Cyber Protect

Conclusion

Business Continuity and Disaster Recovery are essential to businesses of all sizes. By accurately describing and addressing risks, businesses can ensure that they will remain profitable and flexible in a constantly changing security landscape. By creating a Business Continuity and Disaster Recovery Plan common disaster scenarios, IT teams can reduce risk to the organization.

Next week, we will review optimal backup architecture, and compare some vendors who might fit into your backup strategy.

Contact Me!

Did you find this helpful? Maybe discovered a flaw? Please contact me at:

• blake@foxlabsolutions.com
• Linkedin