Disaster recovery

From Wikipedia, the free encyclopedia

Disaster recovery is the process of regaining access to the data, hardware and software necessary to resume critical business operations after a natural or human-caused disaster. A disaster recovery plan (DRP) should also include plans for coping with the unexpected or sudden loss of key personnel, although this is not covered in this article, the focus of which is data protection. DRP is part of a larger process known as Business Continuity Planning (BCP).

Contents 1 Business Data Protection 2 Events That Necessitate Disaster Recovery 3 Preventions Against Data Loss 4 Disaster Recovery Planning 5 Related Information 6 Technology 7 Terminology 8 External links and Citations

[edit] Business Data Protection

With the rise in information technology and the reliance on business-critical data, the landscape has changed in recent years in favor of protecting irreplaceable data. This is especially evident in information technology, with most large computer systems backing up digital information to limit data loss and to aid data recovery.

It is believed that some companies spend up to 25% of their budgets on disaster recovery planning; this is to avoid larger losses. Of companies that had a major loss of computerized records, 43% never reopen, 51% close within two years, and only 6% will survive long-term (Cummings, Haag & McCubbrey 2005).

The current data protection market is characterized by:

• Rapidly changing customer needs that are driven by data growth, regulatory issues and the growing importance to access data quickly by retaining it online.
• An ever-shrinking time frame for backing up data, which is burdening conventional tape backup technologies.

As the disaster recovery market continues to undergo significant structural changes, the shift presents opportunities for next-generation startup companies that specialize in business continuity planning and offsite data protection such as Recall, Switch Communications, Symagio, NetMass, SunGard Availability Services, and CyGem.

[edit] Events That Necessitate Disaster Recovery

There are many different risks that can negatively impact the normal operations of an organization. A risk assessment should be performed to determine what constitutes a disaster and which risks a specific company is susceptible to, including:

• Natural disasters
• Fire
• Power failure
• Terrorist attacks
• Organized or deliberate disruptions
• Theft
• System and/or equipment failures
• Human error
• Computer viruses
• Legal issues
• Worker strikes

[edit] Preventions Against Data Loss

• Backups sent off-site in regular intervals
  • Includes software as well as all data information, to facilitate recovery
  • Use a Remote backup facility if possible to minimize data loss
• Storage Area Networks (SANs) over multiple sites are a recent development (since 2003) which make data immediately available without the need to recover or synchronise it
• Surge Protectors - to minimize the effect of power surges on delicate electronic equipment
• Uninterruptible Power Supply (UPS) and/or Backup Generator
• Fire Preventions - more alarms, accessible extinguishers
• Anti-virus software and other security measures

[edit] Disaster Recovery Planning

Disaster recovery planning falls into the realm of Business Continuity Planning, as well as Risk management. The planning process consists of the following steps:

• Assess business impact and risk. This should include an assessment of the business unit's function and, preferably, a business impact analysis (BIA). The purpose of the assessment is to determine the business unit's relative contribution to the larger organization (monetary and functional).
• Develop a Disaster Recovery framework. Data should be categorized by importance. Two measures of importance are used, RTO and RPO. Recovery Time Objective (RTO) is the acceptable amount of time between the disaster and the post-disaster resumption of function (how long can we wait to restore data?). Recovery Point Objective (RPO) is the acceptable data roll-back (how current does the data have to be?).
• Adjust information systems to make Disaster Recovery easier. This includes consolidating servers and data, perhaps with a Storage Area Network or other archival storage method.
• Address other technical issues. Maintaining logical integrity between data and applications that may be interdependent is not a trivial matter. The business may consider the use of applications that have recovery built in to their capabilities.

A good plan takes into account many different factors. The most important are:

• Communication
  • Personnel - notify all key personnel of the problem and assign them tasks focused toward the recovery plan.
  • Customers - notifying clients about the problem minimizes panic.
• Recall backups - If backup tapes are taken offsite, these need to be recalled. If using remote backup services, a network connection to the remote backup location (or the Internet) will be required.
• Facilities - having backup hot sites or cold sites for larger companies. Mobile recovery facilities are also available from many suppliers.
• Knowledge Workers - during a disaster, employees are required to work longer, more stressful hours, and a support system should be in place to alleviate some of the stress.
• Business Information - backups should be stored in a completely separate location from the company (Cummings, Haag & McCubbrey 2005). Security and reliability of that data is key.

[edit] Related Information

• The Seven Tiers of Disaster Recovery
• Backup Sites

[edit] Technology

• Virtual Tape Library
• Synchronous & asynchronous replication over distance
• Replication storage technology
• Virtual PBX/hosted phone service
• Remote backup services
• Continuous data protection

[edit] Terminology

• Recovery Point Objective (RPO) is the rollback that will occur as a result of the recovery. To reduce a RPO it is necessary to increase the synchronicity of data replication.
• Recovery Time Objective (RTO) is the time that will pass before an infrastructure is available. In order to reduce the RTO, it is required for data to be online and available at another site.
• When a critical data loss occurs, without a preventive disaster recovery plan, the only option is to salvage the data.

[edit] External links and Citations

• Cummings, E., Haag, S., & McCubbrey D. (2005). Management Information Systems for the Information Age. McGraw-Hill Ryerson Higher Education
• Disaster Recovery World
• Disaster (Business Week) (registered only)
• The Disaster Recovery Guide
• Benton, Dick (2007). Disaster Recovery: A Pragmatist's Viewpoint. Disaster Recovery Journal