I often hear the terms disaster recovery, business continuity and backups used interchangeably when talking with clients. But they’re not the same, and if you want to properly protect your data and mission-critical business systems, it’s essential to understand the difference.
I examine these concepts in greater detail below. But in a nutshell,
- A business-continuity plan describes how your organization will respond to a disaster and how to recover from it.
- Disaster recovery is one element of a larger business-continuity plan. It’s typically an IT-based solution for keeping an organization’s data and critical systems safe so they can be restored after a disaster.
- Backups may be a part of your disaster-recovery solution but they aren’t traditionally automated for application recovery—a fundamental difference between backups and replication technologies.
To elaborate, here are some of the main distinctions and considerations for each to help you craft your strategy.
Business-Continuity Planning: The First Step
Business-continuity discussions should begin in the executive suite. It’s essential that your executive team understands the business impact of core systems going offline. Typical questions—which you must formally premeditate—include the following:
- What systems do we absolutely need to continue delivering products or services at an acceptable level? Which systems are nonessential?
- Will we continue to generate revenue if an application becomes unavailable? Or are we a business where losing the app is an annoyance but won’t hinder operations?
- How will we respond to a disruptive event such as a natural disaster, cyber threat or employee who has gone rogue?
- If our office becomes inaccessible, how will our employees continue to work? Do we need to consider business-continuity suites?
Answering these questions helps define which systems and data are mission critical, how frequently they need to be backed up and how quickly they need to be restored when they fail.
When I help companies through business-continuity planning, about 50 percent already have a formal plan that prioritizes which systems need to recover first and describes what impact a disaster will have on revenue. The other half lack a plan and would greatly benefit from working with a third party to conduct a formal impact analysis.
Ultimately, business-continuity planning is the first step in formulating a comprehensive disaster-recovery strategy. Yet it often gets put on the back burner, its importance fully recognized only after catastrophe hits.
Disaster Recovery: The Next Step
Assuming you’re in the 50 percent of businesses that already have a business-continuity plan, it’s time to move forward with disaster-recovery planning. This process should always start at the business level and doesn’t fall exclusively under the purview of IT.
Disaster recovery involves figuring out what’s needed to support your organization’s applications and essential data. Disaster-recovery experts can use various software tools to help answer the following questions:
- What operating system is your server or virtual machine running?
- How many compute resources are tied to it?
- How much storage is it using?
- Are hardware versions relevant, and if so, what are they?
- What technology can replicate required workloads?
At this stage, it’s imperative to note dependencies between servers and virtual machines. An application may reside fully on one system, but an application often resides across multiple VMs or servers, affecting the recovery process considerably.
Backups, Replication or Both?
You likely back up your data on a regular schedule or rely on a cloud provider to do it for you. Offsite backups help ensure data survivability.
Many people mistakenly choose either replication or traditional backup based only on an application’s recovery-time objective (RTO) and recovery-point objective (RPO). Backups should never be your standalone disaster-recovery solution. Replication—a system in which near real-time data is replicated to a new location and can be restored in as little as 15 minutes—can augment your strategy.
When your business suffers a disaster, retrieving data from the last recovery point is a main priority. Backups commonly take place daily, so you may have lost hours of data including sales, service, billing, inventory and everything else—assuming your previous backup finished successfully and replicated offsite.
You’ll also need to restore the applications that can access your data. Offsite-backup plans may only back up the application data, omitting the applications themselves. And if it excludes the OS and application, you’ll have to coordinate replacing them before beginning the restoration.
Other Considerations: Recovery Economics and the Rise of DRaaS
In the past, planning for a disaster required a substantial investment in IT infrastructure. Given the progress in cloud technologies and virtualization—as well as replication—advanced disaster-recovery technology is now within easy reach of most companies. Cloud computing has dramatically reduced (or eliminated) capital expenditures, and software-defined processes decrease errors and reduce recovery time. Consequently, businesses have better access to disaster-recovery strategies that keep resources up to date at a secondary site or in the cloud and can bring them online in minutes.
Notably, disaster recovery as a service (DRaaS) is a relatively new offering that reduces complexity by providing the target environment, infrastructure, technology and professional staff to help you quickly recover. We’ve seen client demand for DRaaS rise steadily over the last few years—likely driven by cost reduction or cost avoidance, according to Gartner’s 2017 Magic Quadrant for Disaster Recovery as a Service report. Certainly, greater adoption of cloud technology and the associated business benefits make DRaaS an avenue worth exploring.
Given the many uncertainties that stem from a disaster—potentially including power loss, water damage, user error, malware or a natural disaster such as a hurricane—the people you need to restore backups and get your business up and functioning may themselves be affected. Since no one knows what the situation will be, it’s best to keep your disaster-recovery solution as simple and automated as possible. Simpler, orchestrated disaster recovery is always more successful in disaster tests and during actual emergencies
The year 2018 is the time to make sure your business-continuity and disaster-recovery plans are current and that your team is strategically positioned. With the advent of cloud-based services, the economics of disaster recovery have shifted, and organizations of all shapes and sizes can more easily afford the disaster-recovery plans their businesses require.
About the Author
David Metzger is a senior solutions engineer at TierPoint, where he serves as a trusted advisor solving business challenges for clients. An IT professional with experience in cloud-based solutions, application development, database administration and IT strategy, David has worked in multiple industries in both technical and strategic roles.