Four tips on disaster recovery prep for IT business leaders

Senior Systems Engineering Manager at Cohesity, Ezat Dayeh, joins Technology Magazine to discuss the one thing every IT and business leader should have learnt during the past two years: prepare for the unexpected with a disaster recovery plan.

Cohesity are a next-gen data management solution recognised as a leader in 2021 by Gartner.

Dayeh insists that by preparing and testing those disaster plans regularly, leaders can ensure their business is prepared when worst-case scenarios take place. 

Disaster recovery (DR) plans – which is an organisation’s methods for responding to and recovering from a major event – play a critical role in helping businesses to cope in a crisis. From natural disasters to cyberattacks, a thorough and well-tested DR plan can ensure your organisation is up and running quickly, keeping customers served and revenues flowing.

What’s more, having a DR plan in place is just the starting point. Unless your process is tested regularly and thoroughly, how can you be sure it will work? With increasing numbers of stories about services falling over and not getting back online quickly, the question Dayeh asks is simple: is anyone still testing their DR plans?

Read on to hear Dayeh's top tips on DR planning and testing.

1. Undertake sandbox testing

Testing your DR plans shouldn’t be a crisis in itself – your partner must ensure that they can provide non-disruptive DR testing. Third-party DR services should be able to draw on a range of virtual equipment to test your plan. 

Often known as a sandbox test, this procedure makes it possible for your business to undertake full testing without affecting any production servers. That means that even while the test takes place, your operational activities continue as normal.

Also make sure your thirty-party tester can give you detailed results from your sandbox. Any tech-based solution for DR planning should use audit trails to reduce operational complexity and streamline compliance requirements. 

2. Complete a through data classification

Data is commonly viewed as the crown jewels of the organisation, but some information is more valuable than other knowledge – and unless you have an effective data-classification strategy, you won’t know which data must be protected at all costs.

Organising data into classes is the cornerstone of effective data management. If you know what use cases your data supports – from security and compliance to customer service and cost optimisation – you’ll know how valuable your information is and the lengths to which you should go to protect it.

Your DR plan should take this data classification into account. Your tier-based approach should ensure business-critical data is not just backed up, but always available. If the worst happens, and your network is down, your DR plan must ensure that renewed access to this data is prioritised. 

3. Run a simulation exercise

Reviews of DR plans and tabletop exercises, where people across the business get together to analyse your strategy, will only take you so far. If you really want to know how effective your DR strategy is, then you’re going to have to run a simulation exercise.

Rather than simply talking, this simulation creates a worst-case scenario and then role-plays the plan with your IT team. The exercise should also bring in other business stakeholders and third-party vendors to create a full view of dependencies and requirements. 

As a step up from a virtual test, this simulation might involve actual physical testing of hardware, networks and services. The aim is to test – in as much detail as possible – whether your current DR strategy is fit for purpose, without disrupting operational activities.

4. Pull the plug out – and turn everything back on again

Sometimes a virtual test won’t be enough. While you’ll want to ensure your DR tests don’t affect day-to-day operations, the only way you can be completely sure that your policies are effective is – in the simplest terms – to pull the plug out and switch everything back on again.

These full interruptions to business service will impact the hardware, cloud-based services and data that your organisation uses every day. A complete interruption to the business will likely knock all front-end services offline, so you’ll need to run a full test like this at a time that causes least disruption to employees and customers.

This short, sharp shock will prove to everyone in the business that the DR plan is ready and available when the worst-case scenario happens. And if pulling the plug does show that there are gaps in your DR plan, then you’ll know exactly where to fill them.

Take nothing for granted

The last couple of years have proven the importance of being prepared for the unexpected. With the increased frequency and cost of cyber attacks, a robust set of disaster recovery processes combined with proven technology have never been more essential. Organisations should look for ease of use, automation, and the ability to truly control their data recovery and application availability service-level agreements. 

While some challenges are almost impossible to foresee, an effective DR strategy will mean your business is ready to cope with even the most challenging twists and turns.