This post is part of BCM Basics, a series of occasional, entry-level blogs on some of the key concepts in business continuity management.
Organizations today have more options than ever when crafting IT disaster recovery solutions to protect their critical data and applications. However, the basics of choosing an IT/DR strategy are the same as they were 30 years ago: focus on your needs first and the technology second.
Related on MHA Consulting: Hit or Myth: 5 Common Misconceptions About IT/Disaster Recovery
Before we get into the details, it might be worth reminding everyone that IT/DR is not about day-to-day availability. In fact, your IT/DR strategies and solutions should only rarely be used (unless they include your day-to-day resiliency and availability needs). If you are using your IT/DR solution even once a year, then you have an availability problem you need to solve. Most IT professionals will legitimately need to use their IT/DR solution perhaps once in their career.
In today’s world, there are three main IT/DR strategies. They are:
(Note: There’s an exception to the statement above that the warm standby solution is faster than backup and restore. In some cases a warm standby solution at a physical data center can take roughly the same amount of time as a restore from backup in a cloud solution.)
Modern IT/DR can also be broken down into three main options in terms of where the recovery or HA solution exists:
If you use a private cloud managed in your data center, this is still considered an on-premises solution, and the DR can either be via an alternate physical location or public cloud.
Each of the three IT/DR strategies (high availability, warm standby, and backup and restore) can be implemented at any of the three location options (alternate DC, public cloud, hybrid).
Today’s abundance of choices is a big change from 30 years ago, when there were only two of options (using an alternate data center or recovery center in which the system was always on and replication continuous, and the use of tape backups, in which everything had to be rebuilt from scratch).
One thing that hasn’t changed is the type of analysis an organization should make in choosing its strategy.
Organizations should choose their DR strategy based on their unique needs and capabilities. Specifically, they should look at certain key information about their business processes that has (ideally) already been identified through their business impact analysis. This includes the Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) of their most critically time sensitive business processes. It also includes the organization’s internal skillsets and resource capabilities. The organization should choose a DR strategy that is appropriate to its needs.
A strategy that exceeds its needs consumes resources that could be better used elsewhere. A solution that falls short means that, if there’s an outage, the organization could lose data in excess of the amount previously deemed acceptable by management.
The richness and variety of the IT/DR options available gives companies unprecedented flexibility in crafting solutions that fit their circumstances. However, it also brings pitfalls.
One of the biggest of these is that sometimes companies get excited about a particular technological solution (whether its from Cohesity, VMWareTools, Veeam, SRM, Zerto, or whoever) and decide they want to use it even if it’s not the best choice for their organization. A better way is to first look at the needs of the organization and what is currently in use, and let that guide the choice of strategy and solutions.
The other big pitfall companies make in choosing an IT/DR strategy and solutions is they become a victim of analysis paralysis. The best way to avoid this is, again, look at the organization’s needs. Once these are clear in your mind, you can sift through possible options more confidently. Those that do not meet your key criteria should be crossed off the list. Finally, you can do worse than heed the saying, Don’t let the perfect be the enemy of the good.
There are a couple of secondary DR strategies that are worth knowing about.
One is what might be called a replacement service strategy. This is pertinent where the organization relies on a Software as a Service (SaaS) solution such as Salesforce or Microsoft 365. For such tools, the organization might find it worthwhile to have an alternate provider of the same service lined up, in the event the primary service experiences an outage.
Another noteworthy secondary strategy is Disaster Recovery as a Service (DRaaS), where a vendor manages DR for you. They might do this in a colo space or in the cloud. To learn more about DRaaS, check out this post.
Today, organizations have more choices than ever when choosing and implementing strategies and solutions to protect their critical data and applications. They can choose high availability, warm standby, or backup and restore, and they can site their recovery in an alternate physical data center, the public cloud, or a hybrid solution.
This abundance of IT/DR choices can be confusing and distracting. It also gives organizations more flexibility than ever to craft a strategy and solutions that meet their needs while also accommodating any constraints they might have in terms of resources, people, and time. The key to success in choosing and implementing an IT/DR strategy is focusing on the organization’s needs first and the technology second.
For more information on modern IT/DR strategies, and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: