Snowmageddon: Why IT Disaster Recovery Plans Matter

Omar Refaqat
| 1/21/2019
Snowmageddon: Why IT Disaster Recovery Plans Matter
Winter has arrived and so have weather reports predicting massive storms. Whether it’s the latest “Snowmageddon” knocking out power or floods and wildfires damaging physical infrastructure, natural and human-made disasters can strike with little or no warning. In 2018 alone, natural disasters caused damage in excess of $160 billion globally, according to reinsurer Munich RE. While enterprises can take reasonable precautions by applying controls such as installing fire suppression systems, universal power supplies, and redundant networks, many disasters occur at a scale that is simply too large for such controls to handle. In those cases, the timely recovery of knocked-out critical functions is essential for restoring effective business operations.
The key factor for a successful recovery from any major disruption or disaster is an effective and updated IT disaster recovery plan (DRP), which is usually part of any solid business continuity planning effort. An IT DRP is required for many organizations operating in regulated industries such as financial services, public sector, and healthcare. An IT DRP is also an indispensable risk management tool that can benefit every organization, regardless of size or industry.
The IT DRP planning process starts with identifying all critical business IT systems and applications and the time frame in which they must be restored in the event of a disaster or major disruption. Metrics such as recovery time objective (RTO) and recovery point objective (RPO) indicate how much downtime and data loss each IT system can endure before a full recovery of the supported business function is no longer possible. These metrics, along with the budget, existing assets, and technology, then determine the solution the company can leverage for the recovery of each critical IT system.  
To recover from areawide disasters, the organization might opt to build redundant facilities or outsource the IT infrastructure to third parties such as private or public cloud providers. No matter the strategy, preparations must be made in advance so that all the prerequisite hardware, software, and data will be available in the backup facility, as vendor supply chains might not operate normally during a disaster.
Data is critical for every organization, and an IT DRP mitigates primary data storage system loss with a data backup and recovery strategy. Backup method, location, and frequency might vary based on the amount and type of data handled by the organization. Various backup options are available, such as on-site storage on hardened systems, off-site company locations, or third-party cloud providers. However, care should be taken that the backed-up data is secured to the same degree as the original and access to it is controlled appropriately.
Personnel is one area of IT disaster recovery that is sometimes overlooked. An organization might have the hardware, software, and data to recover its critical IT systems at a remote facility, but it might discover that personnel is understaffed or underqualified at the backup location. An effective disaster recovery plan identifies key skill sets and personnel needed to support the recovery, and it makes them available when and where they are needed. It also includes specific instructions on how the recovery team will communicate during the disaster and the subsequent recovery phase. Telecommuting and mobility tools can be enormously helpful in IT disaster recovery planning.
Lastly, when a plan is developed and the infrastructure is in place, the final critical piece to the disaster recovery puzzle is testing. Organizations should perform periodic exercises to partially or completely step through their plans and migrate business processes and technology to their backup infrastructure. A plan might seem airtight on paper, but in the event of a real disaster, organization leaders need assurance that everything will work as designed.
So snowdrifts might cut power to data centers, office blocks might get flooded by 100-year floods, and wildfires might cause the evacuation of entire towns. But by implementing a sound IT disaster recovery plan, organizations can make sure they’re not caught unprepared and that they’ll have the best chance to recover critical business functions while keeping customers happy.