At this time of year, hot trends and shiny new toys tend to attract a lot of attention. But when it comes to disaster recovery, the way to get the best results is to keep your focus on the fundamentals.
Related on MHA Consulting: BCM Basics: Modern IT/DR Strategies
Many people find trends exciting. It’s natural to get enthusiastic about the latest app, the trending hashtag, or the hot new sports prospect. This is especially true at the end of the year when holiday gift-giving and the approach of a new year lead to an obsession with new toys, fashions, and concepts.
This is all fine, except that in some cases new doesn’t necessarily mean better.
One area where the tried and true approaches are still the best is disaster recovery. The best way to strengthen your DR capabilities and protect your organization is to know the core concepts and work diligently to implement and get better at them.
Here are four classic DR concepts every organization should know and follow.
One tried and true aspect of disaster recovery that is as valid as ever is the best approach to deciding which type of DR is best for your organization.
The answer today is the same as it has been for a long time: look to your Business Impact Analysis (BIA) and risk profile. Let those guide you in coming up with a proper strategy to protect your technology and business processes.
Your BIA tells you which of your business processes are the most critically time sensitive. Those are the processes that would cause the most damage if they were down for an extended period. They are the ones you should invest the most time and effort in protecting.
Specifically, you should look at the Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for your mission-critical processes (and therefore the application RTOs). For each process, those measures indicate how much data the organization can afford to lose in the event of a disruption (RPO) and how long the organization can afford for it to be down (RTO).
This is the tried and true method of understanding the requirements for a sound DR strategy and approach. It was the best method yesterday, it’s the best today, and it will probably be the best tomorrow. The reason is, it’s the most rational and disciplined. It’s a systematic way of looking at what matters the most for your organization. It helps you make sure that you are investing the greatest effort and resources in protecting your most important processes and preparing for the most likely and serious risks.
It’s not new and it’s not shiny. It just works.
Here’s another tried and true DR concept: don’t try to force your organization to fit a given solution; choose a solution that makes sense for your organization.
We often see people get excited about a new technology and become invested in acquiring it even where it doesn’t make sense for their company.
For example, we’ve seen people become intent on adopting a full cloud-based DR solution even when a non-cloud solution or a hybrid solution would be the best choice for their organization.
(For smaller organizations or those with no DR environment, the cloud is often a great solution; for organizations already heavily invested in infrastructure in hardened data centers, a hybrid solution is often the most appropriate option.)
Don’t start by falling in love with a particular technology and trying to force your organization to fit it. (This never works.) Start by looking at your organization’s needs and current technologies and let that guide you to a solution that is appropriate given your industry, size, and mission.
Another tried and true disaster recovery concept is, it’s important to become cognizant of your organization’s culture.
People tend to take their culture for granted whether at the level of a society or a company. However, becoming aware of your company’s culture is essential for developing a sound DR program. Culture exerts a hidden but powerful influence on organizations’ DR outcomes.
Culture can blind organizations to solutions that might actually work well for them. For example, a team of people who have only worked in traditional DR environments might never consider incorporating a cloud solution, even in a situation where that would be the most efficient. (It can go the other way as well. People who have only worked with cloud solutions might believe anything on-prem should be moved.)
A final tried and true DR concept is the importance of vetting your solutions to make sure they work.
Many organizations get the basics in place—then a problem comes along and they are brought down by a small gap they previously overlooked.
This is like the person who goes on a road trip, gets a flat in a place without cell service, and is unable to put on their spare because of a missing lug wrench.
Whether it’s in recoverability or resiliency, you need to make sure that not only are your basic positions in place but also that they are fully vetted, assessed, and reviewed.
Too many DR programs are like well-built houses resting on the sand of unexamined assumptions.
High-level readiness is necessary but not sufficient. Outages often happen at the level of the small details. The importance of vetting and testing is another DR concept whose validity is evergreen.
Fads and trends have a way of grabbing people’s attention, especially at this time of year. However, when it comes to crafting a good disaster recovery program, your best bet is to stick to the tried and true DR concepts. These include looking to your BIA, choosing solutions that are appropriate for your organization, becoming cognizant of your organization’s culture, and vetting your solutions to make sure they work.
By avoiding getting caught up in fads, and sticking to the fundamentals, you can ensure you have a DR solution that will be cost effective, provide the most protection to your highest priority processes, and work when you need it.
For more information on disaster recovery fundamentals, and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: