22
Fri, Nov
1 New Articles

How to build a successful disaster recovery strategy

Security News
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Whether your industry faces challenges from geopolitical strife, fallout from a global pandemic or rising aggression in the cybersecurity space, the threat vector for modern enterprises is undeniably powerful. Disaster recovery strategies provide the framework for team members to get a business back up and running after an unplanned event.

By IBM Corporation

Worldwide, the popularity of disaster recovery strategies is understandably increasing. Last year, companies spent USD 219 billion on cybersecurity and solutions alone, a 12% increase from 2022, according to a recent report by the International Data Corporation (IDC) (link resides outside ibm.com).

A disaster recovery strategy lays out how your businesses will respond to a number of unplanned incidents. Strong disaster recovery strategies consist of disaster recovery plans (DR plans), business continuity plans (BCPs) and incident response plans (IRPs). Together, these documents help ensure businesses are prepared to face a variety of threats including power outages, ransomware and malware attacks, natural disasters and many more.

What is a disaster recovery plan (DRP)?

Disaster recovery plans (DRPs) are detailed documents describing how companies will respond to different types of disasters. Typically, companies either build DRPs themselves or outsource their disaster recovery process to a third-party DRP vendor. Along with business continuity plans (BCPs) and incident response plans (IRPs), DRPs play a critical role in the effectiveness of disaster recovery strategy.

What are business continuity plans and incident response plans?

Like DRPs, BCPs and IRPs are both parts of a larger disaster recovery strategy that a business can rely on to help restore normal operations in the event of a disaster. BCPs typically take a broader look at threats and resolution options than DRPs, focusing on what a company needs to restore connectivity. IRPs are a type of DRP that focuses exclusively on cyberattacks and threats to IT systems. IRPs clearly outline an organization’s real-time emergency response from the moment a threat is detected through its mitigation and resolution. 

Why having a disaster recovery strategy is important

Disasters can impact businesses in different ways, causing all kinds of complex problems. From an earthquake that affects physical infrastructure and worker safety to a cloud services outage that closes off access to sensitive data storage and customer services, having a sound disaster recovery strategy helps ensure businesses will recover quickly. Here are some of the greatest benefits of building a strong disaster recovery strategy:

  • Maintaining business continuity: Business continuity and business continuity disaster recovery (BCDR) help ensure organizations return to normal operations after an unplanned event, providing data protection, data backup and other critical services.
  • Reducing costs: According to IBM’s recent Cost of Data Breach Report, the average cost of a data breach in 2023 was USD 4.45 million—a 15% increase over the last 3 years. Enterprises without disaster recovery strategies in place are risking costs and penalties that could far outweigh the money saved by not investing in the solution.
  • Incurring less downtime: Modern enterprises rely on complex technologies like cloud-based infrastructure solutions and cellular networks. When an unplanned incident disrupts business operations, it can cost millions. Additionally, the high-profile nature of cyberattacks, lengthy downtime, or human-error-related interruptions can cause customers and investors to flee.
  • Maintaining compliance: Businesses that operate in heavily regulated sectors like healthcare and personal finance face heavy fines and penalties for data breaches because of the critical nature of the data they manage. Having a strong disaster recovery strategy helps shorten response and recovery processes after an unplanned incident, which is critical in sectors where the amount of financial penalty is often tied to the duration of the breach.

How disaster recovery strategies work

The strongest disaster recovery strategies prepare businesses to face a wide variety of threats. A strong template for restoring normal operations can help build investor and customer confidence and increase the likelihood you will recover from whatever threats your business faces. Before we get into the actual components of disaster recovery strategies, let’s look at a few key terms.

  • Failover/failback: Failover is a widely used process in IT disaster recovery where operations are moved to a secondary system when a primary one fails due to a power outage, cyberattack or other threat. Failback is the process of switching back to the original system once normal processes have been restored. For example, a business could failover from its data center onto a secondary site where a redundant system will kick in instantly. If executed properly, failover/failback can create a seamless experience where a user/customer isn’t even aware they are being moved to a secondary system.
  • Recovery time objective (RTO): RTO refers to the amount of time it takes to restore business operations after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need do when they’re creating their disaster recovery strategy.  
  • Recovery point objective (RPO): Your business’ RPO is the amount of data it can afford to lose and still recover. Some enterprises constantly copy data to a remote data center to ensure continuity. Others set a tolerable RPO of a few minutes (or even hours) and know they will be able to recover from whatever was lost during that time.
  • Disaster Recovery-as-a-Service (DRaaS): DRaaS is an approach to disaster recovery that’s been gaining popularity due to a growing awareness around the importance of data security. Companies that take a DRaaS approach to disaster recovery are essentially outsourcing their disaster recovery plans (DRPs) to a third party. This third party hosts and manages the necessary infrastructure for recovery, then creates and manages response plans and ensures a swift resumption of business-critical operations. According to a recent report by Global Market Insights (GMI) (link resides outside ibm.com), the market size for DRaaS was USD 11.5 billion in 2022 and was poised to grow by 22% in the years ahead.

Five steps to creating a strong disaster recovery strategy

Disaster recovery planning starts with a deep analysis of your most critical business processes—known as business impact analysis (BIA) and risk assessment (RA). While every business is different and will have unique requirements, there are several steps you can take regardless of your size or industry that will help ensure effective disaster recovery planning.

Step 1: Conduct a business impact analysis

Business impact analysis (BIA) is a careful assessment of every threat your company faces, along with the possible outcomes. Strong BIA looks at how threats might impact daily operations, communication channels, worker safety and other critical parts of your business. Examples of a few factors to consider when conducting BIA include loss of revenue, length and cost of downtime, cost of reputational repair (public relations), loss of customer or investor confidence (short and long term), and any penalties you might face because of compliance violations caused by an interruption.

Step 2: Perform a risk analysis

Threats vary greatly depending on your industry and the type of business you run. Conducting sound risk analysis (RA) is a critical step in crafting your strategy. You can assess each potential threat separately by considering two things——the likelihood it will occur and its potential impact on business operations. There are two widely used methods for this: qualitative and quantitative risk analysis. Qualitative risk analysis is based on perceived risk and quantitative analysis is performed using verifiable data.

Step 3: Create your asset inventory

Disaster recovery relies on having a complete picture of every asset your enterprise owns. This includes hardware, software, IT infrastructure, data and anything else that’s critical to your business operations. Here are three widely used labels for categorizing your assets:

  • Critical: Only label assets critical if they are required for normal business operations.
  • Important: Assign this label to assets your business uses at least once a day and, if disrupted, would have an impact on business operations (but not shut them down entirely).
  • Unimportant: These are assets your business uses infrequently that are not essential for normal business operations.

Step 4: Establish roles and responsibilities 

Clearly assigning roles and responsibilities is arguably the most important part of a disaster recovery strategy. Without it, no one will know what to do in the event of a disaster. While actual roles and responsibilities vary greatly according to company size, industry and type of business, there are a few roles and responsibilities that every recovery strategy should contain:

  • Incident reporter: An individual who is responsible for communicating with stakeholders and relevant authorities when disruptive events occur and maintaining up-to-date contact information for all relevant parties.
  • Disaster recovery plan manager: Your DRP manager ensures disaster recovery team members perform the tasks they’ve been assigned and that the strategy you put in place runs smoothly. 
  • Asset manager: You should assign someone the role of securing and protecting critical assets when a disaster strikes and reporting back on their status throughout the incident.

Step 5: Test and refine

To ensure your disaster recovery strategy is sound, you’ll need to practice it constantly and regularly update it according to any meaningful changes. For example, if your company acquires new assets after the formation of your DRP strategy, they will need to be folded into your plan to ensure they are protected going forward. Testing and refinement of your disaster recovery strategy can be broken down into three simple steps:

  1. Create an accurate simulation: When rehearsing your DRP, try to create an environment as close to the actual scenario your company will face without putting anyone at physical risk.
  2. Identify problems: Use the DRP testing process to identify faults and inconsistencies with your plan, simplify processes and address any issues with your backup procedures.
  3. Test your disaster recovery procedures: Seeing how you’ll respond to an incident is vital, but it’s just as important to test the procedures you’ve put in place for restoring critical systems once the incident is over. Test how you’ll turn networks back on, recover any lost data and resume normal business operations. 

Disaster recovery solutions

Modern enterprises rely more than ever on technology to serve their customers. Even minor outages can cause critical downtime and impact customer and investor confidence. The IBM FlashSystem Cyber Recovery Guarantee is designed for anyone who purchases a new FlashSystem Array with IBM Storage expert care and IBM Storage Insights Pro.

IBM is a leading global hybrid cloud and AI, and business services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM's legendary commitment to trust, transparency, responsibility, inclusivity, and service.

For more information, visit: www.ibm.com.

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: