How can you keep critical data safe when disaster strikes? There is no one magic answer, but there are steps your business can and should take to disaster-proof your important files and applications.
Now there is no silver bullet to disaster recovery. When outage horror stories like that which happened to the Marriott Hotel Chain in 2018 when over 500 million accounts were compromised, more recently the US Customs and Border Agency has been breached and along with personal information images of travelers were also taken. These breaches aren’t solely the problem of large corporations however SMEs are just as likely to be targeted and there is now a 1:2 chance your business will suffer some form of cyber-attack.
The kneejerk response to an attack is generally to adopt a disaster recovery solution that can be implemented immediately. Many MD’s or Financial Controllers have got into trouble this way, a lack of a thorough assessment can lead you to adopt a solution that is expensive overkill or cheap and inadequate. While most IT executives and data management experts acknowledge that there isn’t one failsafe solution to protecting and recovering data, they agree that there are certain steps organisations should take.
What are the necessary precautions companies should take to protect critical files and applications in the event of a disaster?
1. Conduct a data assessment.
Know your high-value data assets — where your customer information and other sensitive data live, which files are heavily used, who is using them and which departments they align with. With usage insight and data classification, you can prioritise what data you need to have on hand after a disaster event and who will need to have access to it.
2. Work with a trusted IT partner to disaster proof data & systems.
Using an experienced IT partner to ensure your storage and disaster recovery (DR)] solution meets the needs of your business and the capabilities of your IT manager or designated contact. Peter Elliman, senior manager of Backup and Recovery at Symantec, a provider of online and mobile security solutions. “Consider integrated appliance solutions to reduce complexity, remotely managed backup services to minimize operational impact and risks and consider both internal DR sites as well as DR providers with both on-premise and cloud recovery options.”
3. Define what an acceptable recovery time is and choose the right storage medium.
Think about how quickly you need to restore your data. The least expensive method is offsite, on tape and de-duplicated, however, you will pay later when you have to wait for days to restore your data. Also factoring in human error makes this method extremely dangerous. Understanding the threshold for how long you can wait to restore your data will provide clear direction on which storage medium — Disk or tape? Cloud or on-premise? — is right for your company.”
Don’t accept mediocrity when it comes to the speed of recovering your data. Many companies think a reasonable recovery point objective (RPO, the highest amount of data a company is willing to use) is 24 hours. If the business did actually end up losing this amount of work/data the impact to the business could be many times the cost of actually implementing any disaster recovery solution. Find a solution that provides continuous data protection and replication with an RPO of just seconds and a recovery time objective (RTO) of minutes.
4. Create a disaster recovery plan — and test it.
Having a written disaster recovery plan sounds obvious, but with the complexity of the old way of doing replication and disaster recovery, it is very easy to forget the most important aspect of disaster recovery, actually writing down a plan.
In an ideal world, everything from the replication, management, protection groups, failover and failover testing is managed from one single interface. Specify SLAs for replication, create virtual protection groups, select the virtual machines to protect and then allow your solution to take care of all the replication in the background.
If you think through the most likely threats to your business, keep in mind everything from human error to equipment failure to natural disaster. Creatively examining your options for cost-effectively protecting your data in a place geographically distant from those threats. This is now easier than ever to implement with a cloud-based strategy as data centres are highly secure and often remote. A good IT company will outline everything you need to know in this scenario so picking someone you trust is key.
5. Regularly backup and snapshot data.
Again, a competent IT company will do this for you, if they don’t start looking for other providers. No strategy will work if you haven’t set up automatic backups. Whether it is to one of your data centres, your DR site or the cloud, be sure that all critical data is backed up on a schedule that protects your business from downtime in the event of a disaster.
6. Make sure critical applications are also accessible.
Protecting your data is not enough if you want to keep the business running during an event that causes downtime Ensure critical applications can be virtualized in the cloud so that your employees keep productive. This service also applies if your staff ever work from home or travelling on business.
7. Don’t neglect laptops and mobile devices.
Most disaster recovery plans are focused on protecting the data centre. While that is certainly critical, around two-thirds of corporate data lives outside the data centre. Laptops and mobile devices, for example, are far less resilient than data centre servers and disk arrays, and laptops and mobile devices are also subject to loss and theft so it’s vital to include laptops and similar devices in your DR plan.
8. Store data in a secure cloud.
In today’s environment, one of the most secure ways to secure your organisation’s data is to put it into a hosted cloud environment like the AWS centres (Amazon Web Services) Essentially, you are putting your network into a hosted cloud environment and then it is being delivered to you on-demand. The onus of responsibility for security, updates, redundancy, failover and business continuity rest with your provider. Again a good IT Service provider should walk you through the steps and develop a plan and solution that fits your business perfectly.
Cloud storage providers like AWS now provide secure, highly available services, combined with the maturity of cloud gateways to interface these clouds. Cloud storage improves backup costs, boosts performance and dramatically reduces recovery point objectives (RPO) by avoiding outdated tape and offsite storage methods. The flexibility of Cloud storage is perfect for the smaller business as you have a sliding scale for data usage you can increase or decrease as you wish. AWS now charges by the second so you only pay to access your data when your business is running, cutting costs further.
If you would like to know more about how to protect your business data or would like to arrange an IT System Health/Security Review, feel free to call the WestSpring team on 0117 403 455 and we will be happy to talk you through getting your business protected and secured.