Disaster Recovery and Business Continuity
This is the aspect of business which we all hope we will never be implemented, but it is a very important aspect that needs to be considered, planned for and a documented process defined as there could be serious implications with your business insurance policies if a claim was required and a DR & BC plan did not exist within the organisation.
A Disaster in terms of IT could be a fire in the server room, a malware attack such as Cryptolocker that renders business files or applications inaccessible, or other more natural disasters that we usually think of such as flood or earthquake for example.
Sure the chances of your DR plan being put into action due to an earthquake is pretty remote, but fires in hotels are quite common and cyber security risk from malware are on the increase and probably the greatest risk of all in terms of IT.
Disaster Recovery is the process you follow to get your IT systems back up and running again in the event of a disaster that has impacted access to your electronic business systems.
Business continuity is how you will continue to trade and transact your business if other aspect of the business are effected, such as offices destroyed in a fire for example. Business continuity planning will include a designated location for temporary office, temporary phones system and how your business would function until things were back to a normal footing.
It can happen to anyone
The Moorfield Hotel in Shetland was destroyed by fire in July 2020, enquiries continue to investigate the cause but a small electrical fire in a housekeeping cupboard is thought to be where the fire started.
Thankfully all guests and staff escaped unharmed.
Due to great planning by the hotel management company the site was using Hotality’s HOTBackup service to backup the on premise fileserver data to a Hotality secure data centre located in Enfield 700 miles away.
Thankfully due to Hotality’s HOTBackup service the server was restored in a matter of hours to a Microsoft Azure hosted server instance. This allowed the business to quickly regain access to the critical information needed at a difficult time for everyone concerned.
How is your data backup strategy, when did you last test your backups?
The first aspect of a good backup recovery stategy is to ensure you have multiple generations of your data secured on a regular basis in an alternative secure location safely away from the original data source.
You may think you’re covered because you have multiple backups. But if those backups are in the same location as your servers, then whatever affects your server may also have affected your backup data too. Many IT providers do file level copies of data to a separate USB or NAS drive for example to avoid the cost of backup software, whilst this can protect you against hardware failure as its a duplicate copy on different hardware, but if a Cryprolocker style malware attack infected the server, the backups could also be encrypted and rendered unusable when they are needed most leaving your business without access to critical data.
It is therefore important to have a professional tried and tested backup strategy in place for the business.
Your off-site backups should be separated by what is called an ‘air gap’, meaning there is no direct connection between your on-site environment and your backups off-site, thereby ensuring they are protected from disaster, change or corruption.
You may have off site backups but are you confident you can get access to them when you need to? Do you also have access to the backup and recovery software needed before you can initiate a restore? Have you calculated the time to perform a restore? Amazon S3 storage which is a cheap source of backup storage has an enforced download speed limitation, that means it could take up to a week to download a typical server image before it can be recovered.
With our HOTBackup Complete service not only would you have an on-site and off-site backup of your servers, you would also have a replicated virtual machine ready-to-go, in our own datacenter, all stored data is held in the UK and can be accessed directly if required within a couple of hours.
After each and every backup is completed, it is restored to our recovery platform and tested for integrity. In the event of a true disaster, we can simply power it back on and make it available to you to access remotely as a contingency until full operations are restored.
What is in a Disaster Recovery Plan?
A disaster recovery plan is a document that lists the steps, stake holders and recovery priorities and timescales required to get the most critical IT business systems back up and running again. This would include a list of who to contact in an emergency, detailing where and how to recover the IT servers, network and systems. The plan would also detail priorities for system recovery, IT staff contacts, business/key-user contacts, a list of staff with the power to invoke the DR plan and sign off on any costs required to put the plan into action, supplier contact information, including any information IT, the business and external suppliers require. One must also think once the recovery is complete how your end-users will access the recovered systems and from what location they will do so.
When you discuss disaster recovery within your business and start to design a plan, the business often drives what data they are prepared to lose (this is called the Recovery Point Objective) and the time they are prepared to be without access to that data (called the Recovery Time Objective). The level of RPO and RTO therefore dictates the minimum solutions you require.
For a business that cannot afford much downtime an IT continuity solution is required, we can help with this to create a replicated copy of your critical IT infrastructure so there is no gap in service availability whilst systems are restored.