Data recovery times versus Business Continuity
17 Dec 2019
The ability to recover your entire IT environment following a disaster is absolutely imperative. Not only can it affect infrastructure and networks, but also often the most mission critical element, which is business data. The key to successful Disaster Recovery (DR) is to understand what constitutes a disaster, and how long a business can survive without their data, so that effective planning can be put into place. Statistics indicate that businesses unable to recover fast enough from a disaster do not survive in the long term. But, how long is ‘too long’ when it comes to DR?
What constitutes a disaster?
In the past, DR was referred to as the ability to recover data or infrastructure from a natural disaster such as an earthquake, fire or flood. While this is still relevant today, the definition of a disaster has expanded, in part because data is more mission critical than ever. It is now essential to be able to recover completely from any outage in the IT environment.
This includes malicious attacks like ransomware which can potentially cripple a business, as well as accidental failures. Accidents may include equipment failure such as an electronic fault in fire suppression solutions which may cause them to trigger and destroy equipment, or even the unintentional loss of data through human error.
The precise definition of what constitutes a disaster versus simply a data loss event will differ depending on an organisation, or even a specific department. However, IT and data are the backbone of any organisation and without access to this infrastructure the vast majority of businesses are unable to function.
How long is too long?
The time it takes to recover from a disaster depends on the nature of the disaster and the impact of numerous variables from enterprise down to divisional level. Factors that affect recovery include the volume of data to be recovered, what infrastructure needs to be configured for data to be activated, the location of the backup data and connectivity.
An acceptable time frame for recovery also depends on the data that has been lost or compromised as well as the nature of the enterprise. Some businesses can survive up to 72 hours without access to certain data, while other businesses need to be up and running within just a few hours of an event. However, there are not many businesses that can survive longer than a few days without their data and if recovery cannot be completed in time, there is a real risk that business continuity will be severely impacted.
In order to determine how long is too long, organisations must firstly identify the infrastructure, data types and volumes critical for business continuity. Only then can it be determined where investment needs to be made to ensure the proper redundancies are in place. Unless businesses understand the impact of a data loss event, they cannot adequately put measures in place to reduce this impact.
Ensuring you can recover effectively and in good time
According to poll results from a Commvault webinar on Cloud Disaster Recovery, 33.6% of organisations have multiple tiers of Recovery Time Objectives (RTOs) and the majority of respondents (36.4%) would also prefer recovery time of four hours or less. The first step to ensuring you can recover effectively is to understand RTOs, data and the value of data to the business, which requires a business impact assessment. Planning is essential to help understand what needs to be recovered in the event of an incident.
As technology is evolving and cloud and hosted offerings become increasingly affordable, many organisations are turning to always on, always available offerings. This can help to reduce RTO, but it is also essential to ensure providers have contingency plans in place. Depending on the nature of business data being stored, an organisation may need to ensure that their cloud data is replicated at multiple sites to ensure availability even if the provider experiences an incident. If secondary location replication is not affordable or not deemed necessary, organisations need to prioritise data in order to ensure that data can be recovered in the right manner to restore business as soon as possible.
Testing your RTO is also critical so that in the event of an actual disaster the process is effective and can run smoothly. If a plan is in place and has never been tested, when a disaster strikes businesses may find themselves in trouble. Effective DR ultimately comes down to planning, understanding your data, and above all being fully prepared for WHEN, not IF, a disaster will occur.