Shulou(Shulou.com)06/02 Report--

There are all kinds of disasters that can happen to data centers. Catastrophic natural events, such as floods, earthquakes and tornadoes, as well as cyber attacks and equipment failures, can be classified as disasters.

Both companies and organizations should refine their actions and processes in the event of a disaster through disaster recovery plans, so as to quickly restore key business functions and avoid significant revenue or business losses.

What is disaster recovery?

In the IT world, disaster recovery focuses on IT systems that support critical business functions. "business continuity" is usually associated with disaster recovery, but the two terms are not completely interchangeable. Disaster recovery is part of business continuity and focuses more on all aspects of keeping the business running in the event of a disaster. Today, IT systems are critical to business success, so disaster recovery has become a major pillar of business continuity.

Disaster loss

If an enterprise has no response to the disaster, then the economic and operational losses caused by the disaster will completely overwhelm it. According to a 2015 report by the IT disaster recovery Plan (DRP,Disaster Recovery Preparedness) Council, one hour of downtime can cost small companies up to $8000, medium-sized companies up to $74000, and large companies up to $700000. And that was three years ago, maybe even higher today.

Another survey by a disaster recovery service provider shows that more than half of the enterprises surveyed (54%) have experienced more than eight hours of downtime in the past five years. Of these, 2/3 of respondents said their companies lost more than $20, 000 a day due to downtime.

Risk assessment, identifying vulnerabilities

Even if your company has some kind of disaster recovery plan, it may still need to be updated. If your company doesn't have a plan, or is working on it, it's best to do a risk assessment to identify vulnerabilities in your IT infrastructure and identify possible problems. Of course, the prerequisite is that you must have a clear understanding of the company's IT infrastructure.

In a recent blog post in the Journal of disaster recovery (the Disaster Recovery Journal), author Tom? Tom Roepke and Steven? Steven Goldman suggests that in a business continuity plan, it is dangerous to deliberately separate the worst from other major threats:

"in general, everyone tries to find or define the worst-case scenario. This is a fatal flaw because it determines the subsequent efforts of the entire plan, even at the subconscious level. Because when we insert a specific scenario-- such as a plague, an earthquake, a cyber attack, etc., we automatically start thinking about and planning response / recovery measures to deal with this particular, subconsciously defined event. When this happens, we will not only form a tunnel-like limited perspective in planning, but may also face the risk of increasing risk. This is because when we deliberately separate the worst-case scenario, only one or two specific areas are overly focused, rather than real events. "

Lopke and Goldman suggest that communicating with the project team should focus on "managing the crisis, rebuilding key business functions and restoring everything."

What is a disaster recovery plan?

Enter the "disaster recovery Plan (Plan) template" in the search engine, and dozens or even hundreds of proposal templates will appear. These templates have a certain reference value for your planning.

The disaster recovery plan itself should basically include the following:

An overview of the plan and its main objectives.

Contact information for key personnel and disaster recovery team members.

A description of the emergency response action after a disaster.

A diagram of the entire IT network and recovery site. (it includes instructions on how to get to the recovery site and the personnel who need to arrive.)

Identify the most critical IT assets and determine the maximum downtime. Understand recovery point objectives (RPO,Recovery Point Objective) and recovery time objectives (RTO,Recovery Time Objective). RPO says that when the business recovers and comes back online, the application can go back or how long its data is allowed to recover. If you choose a 5-hour RPO, the system must be backed up at least every 5 hours. RTO refers to the time required after a disaster, from the IT system outage leading to business standstill to the resumption of supporting the operation of various departments and normal operation of the business.

Make a table of the software, license keys, and systems used to resume work.

Technical documentation of the recovery technology system software from the supplier.

Insurance summary.

Advice on dealing with financial and legal issues.

Public measures (such as maintenance statements, reducing the influence of public opinion).

Set up a disaster recovery team

The plan should be coordinated by IT team members responsible for critical IT infrastructure within the company. Other people who need to know about the plan include the CEO or appointed senior managers, directors, department leaders, human resources and public relations specialists.

In addition to our company, you should know the contact information of suppliers related to disaster recovery efforts, such as software and data backup service providers. Facility owners, property managers, law enforcement personnel and emergency responders should also be listed in the plan (and can even update their names or phone numbers periodically).

After the management has completed and approved the plan, the plan needs to be tested and updated if necessary. Schedule the next review cycle to review disaster recovery functions. When an event occurs (big or small), it must be updated. The plan is not for collection.

What should I do if a disaster happens?

When a disaster has occurred, it's time to initiate your event response. Ensure that the incident response team (if it belongs to a different disaster recovery planning team) has a copy of the disaster recovery plan.

Event responses include assessment (knowing what hardware, software, and systems are affected by the disaster), system recovery and follow-up work (which are useful, which are invalid, and which can be improved).

The next trend? Cloud or DRaaS (disaster recovery as a service)

Just as many enterprises migrate IT systems to the cloud, so does disaster recovery. The advantages of cloud computing include lower costs, easier deployment, and the ability to test plans on a regular basis. However, this may increase bandwidth requirements, or reduce the company's network performance, and require the use of more complex systems.

In 2016, the relevant survey report of Gartner listed more than 250 DRaaS product providers, and the disaster recovery service market is in a good situation, with many products with different characteristics for enterprises to choose from. Limited to space, there is not much description of the service provider here. It is indeed a good choice to leave disaster recovery to professionals, but attention should be paid to a comprehensive evaluation of its products.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.