Following the number of recent blackouts, hurricanes and other disasters which have taken place in the past few years, many CIOs have already started to re-examine their disaster recovery strategies and practices. This article will discuss four best practices for disaster recovery planning.
Learn from previous disasters
One of the top IT stories in 2016 was the Delta outage. It led to global computer failure which forced cancellation of over 2100 flights thus causing inconveniences to thousands of customers. But disaster recovery would have prevented that.
It was later discovered that most of Delta servers were not connected to a source of backup power. The lack of connectivity to a backup power might have contributed to the incident, but, this also shows us there are other issues. If Delta had conducted DR testing, this issues would have been discovered much sooner.
Following this incident, IT security experts made the following recommendations:
- DR testing shouldn’t be an annual event; rather, it should be a continuous process
- Always purpose to find a single point of failure
- Organizations should have the capability to move critical data to a secondary data center
- Monitor the bandwidth consumed by off-site storage centers
If you don’t want the Delta incident happening to your organization, you should follow the above disaster recovery planning best practices.
Test your test
Security experts always recommend thorough testing, but this is often a missed element in disaster recovery planning best practices. IT consultants always advise organizations to perform a dry run before the actual test. All key departments like systems, network, database, and facilities should be brought together during these tests.
This ensures that all the departments and the people in the departments are in agreement with the process and that the test facilities are fully prepared. This can be as simple as gathering all the participants to go over the test, maybe a day before the test.
Experts also recommend that organizations should be prepared to stop and reschedule the test if it doesn’t go as planned, and also prepare to take notes during the entire test. The team should then complete an after-action report after the test and use the results from the test to update the disaster recovery plans.
Caution with containers for disaster recovery
2016 was one of the best years for container storage, and a good example of this was its use in Windows Server 2016. Windows containers can also provide application virtualization and portability.
The portability of containers makes them an alternative option for disaster recovery as it makes it possible to move an application to a public cloud or alternate data center very easily. However, organizations should take caution when moving a container from one platform to another.
What makes Windows container a good tool for disaster recovery is the possibility to port containerized applications to the cloud or alternative platforms. But, this is very risky as you can lose data volumes. Moving container data volumes can be very challenging, so, it is important to ensure that they are backed up and then restored after the move.
Target the best with ransomware recovery planning
Ransomware attacks hit most of the news headlines in 2016 and trend, unfortunately, continues in 2017. The US government has confessed that ransomware is the fastest growing malware threat in the world. Statistics have revealed that over nearly 4,000 attacks happen on a daily basis, and this trend will continue to increase every day.
Because of this, IT consultants now recommend using the cloud for disaster recovery. Using the cloud disaster recovery process to protect from ransomware attack helps the organization to get back into a working state very quickly. But, the ransomware recovery time depends on how much data needs to be transferred. So, the best place for recovery is in the cloud zone where the data is stored.
A proper disaster recovery can protect an organization against ransomware. Therefore, the IT personnel should always adhere to security protocols, encrypt sensitive data and obey government rules.