5 Signs Your Disaster Recovery Plan is Doomed

Disasters happen to businesses. No-one likes to think about it, but even the most well-run, carefully managed operations are subject to events outside their control. If the worst does happen, it's vital you're able to bounce back quickly and keep downtime to a minimum.

Why a strong disaster recovery plan is more important than ever

There are a range of issues that could lead to firms experiencing downtime - and the consequences of this may be different from company to company. If you do a lot of business online, a DDoS attack that knocks your website offline could be a critical issue, whereas for others, this may be a minor inconvenience.

However, incidents that affect critical tools such as payment systems, customer databases or communications solutions will be hugely disruptive for any business.

Some of the issues that can lead to downtime and must be considered as part of a disaster recovery plan include:

• Natural disasters - Floods, fire, earthquakes, hurricanes or anything else that could disrupt your facilities - and especially your data centers - need to be evaluated for likelihood and potential damage
• Power outages - Even a short outage of 15 minutes can cause major problems - and with UK research suggesting this could affect as many as one in three businesses every year, you need redundancies in place to keep operating in the event of a power issue
• Hardware failure - The failure of IT equipment in the data center, such as servers, can leave businesses without access to critical data and applications and can be time-consuming and costly to recover from
• Cyberattacks - An increasing problem is cyberattacks such as ransomware that seeks to shut down services by encrypting critical data until payments are made to the hackers

The knock-on effects of any of these can be huge. For example, look at the disruption caused recently in the US when a cyberattack hit energy infrastructure firm Colonial Pipeline. This caused it to shut down its operations for over a week, leading to major shortages of gasoline throughout the eastern US.

While this may be an extreme example, it illustrates how disruptive downtime can be and the particular challenges faced by certain sectors.

5 reasons you could be heading for disaster

To avoid these effects, a disaster recovery (DR) plan is essential. This should spell out how to manage backups, when and how to move to secondary systems and how to get primary services up and running again.

However, putting a plan together is only half the challenge. If you don't pay close attention when developing it, you're likely to have gaps that can come back to haunt you. And if this is the case, you likely won't realize where the weaknesses are until it's too late.

Therefore, here are a few key signs you need to be aware of that indicate your plan won't work should you ever need it.

1.  You haven't fully prepared

It should go without saying that the number one cause of DR plan failures is strategies that are incomplete, unclear or confusing. Yet while 95% of organizations claim to have a DR plan in place, 68% admit it isn't written down. This can lead to delays in getting systems up and running and confusion about who's responsible for what, so a fully-documented plan that covers every contingency is a must.

2.   You lack understanding of dependencies

Many DR plans revolve around turning to backup systems for both data recovery and applications. Yet these often don’t take into account the complex dependencies needed for failover systems to work smoothly together, such as boot orders or application requirements. For example, poor configuration settings can prevent backups from functioning properly.

3.  You haven't considered corrupt or compromised data

When it comes to getting backup data into your system, you need to be sure of the integrity of this information. As well as a range of issues that can result in corrupted backup data, an increasingly common problem is loading backup data that’s already infected with malware.

Some ransomware creators have developed programs that can lie dormant within networks long enough to be included in backups, then activated when businesses try to run DR plans in order to recover from ransomware incidents. It's therefore vital that whatever backup technology you use is able to detect any errors and test data before entering production environments.

4.  You aren't following best practices for media management

How you get data online can also cause issues, especially if you're still relying on older media such as tape backups or removable, remote hard drives. While these formats offer resilience, if they aren't handled properly they can greatly delay recoveries. Even something as simple as mislabelled physical media can cause headaches, so don't overlook these. Supplementing such backups with solutions such as cloud storage is a good way to build in more redundancy and reduce your time to recovery.

5.  You haven't tested enough

Most of the above problems can be compounded because you haven't adequately tested your DR plan under real-world conditions, or you haven't rerun tests after making changes. It's therefore vital to have a regular schedule for testing your procedures, as well as doing so every time you make changes to configurations or processes.

This should also assess issues such as how long DR plans take to implement. After all, even if the plan itself will get the business back up and running, if it takes too long, this could end up costing you tens of thousands of dollars in unnecessary downtime.