The Disaster Recovery & Business Continuity Guide - How To Avoid IT Disasters In Your Business
Backup and Disaster Recovery (BDR) is one of the most misunderstood processes in IT management. The ominous-sounding phrase implies you have to wait for a disaster to happen before scrabbling around to pick up the pieces as best you can.
As this guide will explain, this is not the case. A Disaster Recovery strategy, will actually help you avoid IT disasters by making server failure, data loss, cyber-attack and other threats less likely and less damaging than they would be without these systems in place.
This guide is a simple, straightforward explanation of what constitutes business continuity, what to include in a BDR strategy, what mistakes to avoid, and why it makes sound financial sense to consider outsourcing BDR to a specialist, rather than doing it yourself.
Disaster Recovery, Business Continuity & Backups
Is disaster recovery the same as business continuity? Yes and no.
- Business continuity is a strategy to ensure your services continue should a disaster happen. It includes contingency plans for IT failure, but is not limited to IT systems. A business continuity strategy could, for instance, include plans to continue delivering services in the event you lose all your stock in a fire, or important machinery is stolen.
- Disaster recovery covers the practical actions, software systems and processes that make business continuity possible. For the purposes of this guide we will only be discussing IT systems. Disaster recovery is also more than simply backing up data, although a BDR strategy will always include regular backups.
What Are The Risks?
With so many more businesses dependent on IT systems than ever before – from laptops and tablets to cloud software and e-commerce websites – the risk of an IT disaster, as well as the potential costs, have never been higher.
An IT disaster could include:
Server faults, computer malfunctions etc. This could involve your own hardware, or that of a service provider, such as your website/email host, or cloud accounting provider.
Your IT systems may be disrupted by a power blackout or lightning striking your building, a communication outage (e.g. phones and Internet going down due to roadworks), or your system could be damaged by a flood or fire.
Your IT security may be deliberatelycompromised by a disgruntled employee (rarebut not unheard of), and computer hardware and storage devices may be stolen, or damaged through vandalism.
Your business could be targeted by malware, ransomware or malicious hacking.
Customer data might be lost or corrupted, or the security of your data could be compromised.
An in-house or third-party software systemcould develop a glitch, fail to update or stopfunctioning.
Many of these risks are, thankfully, comparatively rare, but the cost to your organisation if they happen could be considerable. Any one of these disasters could knock out your IT systems and bring your business to a standstill, costing thousands to resolve and eroding trust among your customers.
The Benefits Of Creating A Disaster Recovery Strategy
It is therefore essential for any business that uses IT systems to have an appropriate BDR strategy in place.
- Reduces uncertainty
Planning for an IT disaster improves risk management and reduces the overall level of uncertainty. This gives customers greater confidence, and can aid retention and can even help with new business acquisition.
- Risk mitigation
While risk can never be avoided altogether, a BDR strategy can mitigate many risks associated with IT disaster. For instance, with adequate backups in place, server failure may not lead to loss of data or service disruption.
- Damage limitation
A comprehensive BDR plan reduces the impact of many IT disasters, leading to less lost data, fewer knock-on effects (e.g. delayed projects, lost sales) and reduced costs to resume service.
- Reduces recovery time
If you have the systems, applications and partnerships in place, the time needed to restore files and renew service is drastically decreased.
How Much Planning Is Necessary?
Having a general idea of how you might continue work if your IT systems are unavailable is not sufficient. The better and more detailed the plan, the more cost-effective it will be and the more likely it will actually work when put to the test.
A good plan will include what technology is involved, disaster recovery processes, and the time needed to restore files and applications.
In the next section we will discuss what constitutes a good disaster recovery plan.
Every minute your IT systems are down you lose money. Employees are unable to work and you can’t process orders. A BDR plan therefore has one overriding priority:
Restore service as quickly as possible.
A disaster recovery plan can be as complex or as straightforward as you need it to be, so long as it serves this basic goal. Ideally, partial or complete service should be restored within minutes by working from a local or cloud-based backup. The cause of disruption can then be addressed (e.g. a server or phone line fixed) without further downtime.
There are two aspects to a business continuity plan or disaster recovery plan: (1) policies, procedures and best practices; and (2) technology. In this section we’ll look at each in turn.
Procedures, Policies, & Best Practices
There are four stages to disaster recovery planning:
Stage I: Risk assessment
- What is the likely origin of the problem?
- What systems are vulnerable to damage?
- How extensive is the damage likely to be and what is the chance of it spreading to further systems?
- How much downtime is there likely to be?
- What hardware will need to be repaired or replaced?
- How much time will be needed to deal with the disaster while still maintaining normal business services?
- How much will the recovery operation cost?
Tip: Don’t underestimate the cost of downtime. This is usually more expensive than envisioned!
Stage II: Business continuity planning
From the risk analysis, a disaster recovery team can be assigned and areas of responsibility determined. You can also identify the technologies required to assist with business continuity.
- Prioritise which files and systems need to be restored first, with a timescale for each.
- Allocate clear roles to each team member, with procedures to follow from the moment a disaster is detected to when service is restored.
- Ensure sufficient resources and equipment are available for disaster recovery.
- Set up a review process to ensure recovery is carried out to the required quality standards.
Stage III: Implementation
Your plan is put through its paces if and when a disaster happens. A hypothetical disaster recovery protocol is always straightforward compared to its real-life counterpart. If possible, pre-emptively test your plan against various risk scenarios in a virtual environment – as you would a fire drill. You may identify flaws in your plan that would be very costly in real life.
It is important that a full appraisal follows each use of your recovery plan. This will identify what worked, what went wrong and what could be changed to improve it.
Stage IV: Restoration
When the disaster has been managed and business services resumed, a full restoration can begin. This may involve installing new hardware, cleansing data, or overhauling security systems – and could take a few weeks.
How does software and hardware play a part in Disaster Recovery? The image below shows the systems we use for our TMB Fully Managed Backup and Disaster Recovery service.
- Your servers are protected 24/7/365 by our backup agents - unobtrusive applications installed on your servers which manage the backups for you.
- Backups are sent to either:
- An on-site server running our TMB backup manager and disaster recovery application, or
- Our secure cloud-based backup and disaster recovery server
- Your backups are managed and monitored 24/7 by our team of remote engineers. You can access your backups at any time through an integrated customer dashboard.
- If a server failure or service disruption is detected, your data and applications can be restored within minutes from your local or cloud backup.
As we have seen, there are several different elements to consider when putting together a disaster recovery plan. You can do this in-house, but it will involve dedicated resources, and for most small- to medium-sized businesses it is more cost-effective to outsource to a specialist managed IT service.
The Cost of In-house Disaster Recovery
The purpose of a BDR plan is to offset the cost and disruption of an IT disaster. The more a plan costs in terms of software systems, employees, training and so on, the less cost-effective it is as an ‘insurance policy’.
As an example, compare the following:
Estimated cost of IT disaster: £50,000 (file restoration, lost productivity, cost of new hardware etc)
Probability: 10% per year
Cost of in house backup and disaster recovery infrastructure: £30,000 (staff time, training, writing and maintaining procedures, data storage, software, backup hardware etc)
Probability: 100% occurrence per year
Faced with such sums compared to the risks, most SMEs should at least consider the comparative cost of outsourcing their BDR plan.
Benefits Of Outsourcing Disaster Recovery
Outsourcing your IT BDR plan is often known as Disaster Recovery Service. There are a number of benefits of this for your business which include the following:
A specialist disaster recovery provider will have the technical know-how and tools to get you up and running again quickly. For a comparatively small monthly subscription, you will have access to skills and capabilities that may cost tens of thousands of pounds to acquire in-house.
2) Reduced downtime
Specialist providers are capable of immediate action and rapid restoration of service whenever you need it. Service companies offer different response times and hours of coverage in their Service Level Agreements (SLAs). For instance, a business could offer you a 4-hour SLA in the case of server failure, or an 8-hour SLA for a less critical hardware fault, within the hours of 6 AM to 6 PM, Monday to Friday.
Tip: We strongly recommend choosing a service that includes 24/7/365 monitoring and response. Even if your business only operates on weekdays, an IT disaster could strike any time of day or night. You don’t want to log in on Monday morning to find that a major server went down in the early hours of Saturday morning!
3) Scalable service and pricing
Disaster recovery providers offer a scalable service with flexible pricing to match. Using a managed service requires little or no investment in hardware or software, and no operational resources. Fees are by subscription and are based on usage, so you won’t be stuck with surplus hardware, or need to invest heavily in IT as your business grows. Most suppliers offer extensive cloud-based storage capacity, fast bandwidth and state-of-the-art data security.
Tip: Don’t just opt for a standard backup solution. This will protect your data but won’t automatically enable you to continue your business, leading to extensive and costly downtime while you restore your systems.
4) All risks covered
When managing disaster recovery in-house, most businesses focus their resources on the costliest and most probable risks, leaving gaps in their armour for lesser risks. A managed service provider will have the knowledge, tools and capabilities to safeguard you against all risks, whether arising from data breaches, accidents, loss of power, intentional harm or other causes.
5) Data protection compliant
As a data controller, it’s your responsibility to safeguard the personal data of your customers, whether it is stored on your premises or that of a third party acting on your behalf. It is therefore essential to choose your BDR supplier carefully. At TMB we provide a secure data centre with advanced encryption and automatic safeguards that ensure your data storage and handling remains GDPR-compliant.
Evaluating Disaster Recovery Services
Our overview of the benefits of using an outsourced disaster recovery service highlights the importance of carefully evaluating different providers. There are hundreds of managed IT service providers out there, ranging from one-man bands to large national companies.
Each offer a slightly different service, with different prices, coverage and capabilities. We recommend three criteria when selecting the best service for you:
Despite the cloud, location still matters for managed disaster recovery providers, because you may need on-site support. If your business is in Portsmouth but your service provider is in London, it may take them several hours to reach you should a critical server go down. Choose a supplier with sufficient coverage to fulfil your service requirements and the agreed SLA.
Costs varies widely for disastery recovery. A service should be proportional to your disaster recovery needs and the extent of your infrastructure. A larger business with more data or services to protect will expect to pay more than another company that just requires simple backups. Choose a provider that allows you to tailor your disaster recovery service so you don’t pay for capacity you don’t need. It is also a good idea to benchmark the provider’s prices against industry standards. The cost has to realistically cover their expenses. If the quote appears too high or unrealistically low, ask the supplier to explain their pricing. The cheapest providers may not be able to provide the quality or level of service you require.
Quality is the most important factor to consider when evaluating a service. How successful will a company be at implementing the disaster recovery solutions you pay for? Independent reviews are a good place to start. Professional accreditations, memberships and any awards for good service are also good indicators of the level of service you should expect. Ideally, you should choose a company with a consistent record of good service over several years in business.
Tip: Verify the quality of the software and hardware solutions used by the supplier, including their security protocols. A disaster recovery service is only as good as the tools they use!
This brings us to the question we posed at the beginning of this section: why choose TMB managed IT services for disaster recovery?
As a company we have over 30 years’ experience working in IT managed services. IT hardware and the challenges faced by SMEs have changed in this time, requiring greater flexibility and responsiveness on the part of suppliers. We give customers a choice of cloud or local backup options, including their own backup devices. We also have a clear understanding of the threats faced by modern digital businesses, including cyber-security and the requirements of data protection legislation.
Our goal is to help you find the right managed IT solutions for your business. We are always happy to offer free advice and to tailor our IT solutions to meet your needs and budget.
Through our website and blog, you can stay up to date with the latest technology trends and industry news, and get hints and tips for improved IT security, increased efficiency and reduced costs.
Find Out More
Thank you for downloading this guide. If you’d like to find out more about our services or discuss your requirements, please call 0333 900 9050, or email firstname.lastname@example.org.
- Read our latest blog posts: https://blog.tmb.co.uk
- Like us on Facebook: www.facebook.com/TMBGroupIT
- Follow us on Twitter: www.twitter.com/TmbGroup
- Connect with us on LinkedIn: www.linkedin.com/company/technology-means-business-ltd