According to the Federal Emergency Management Agency (FEMA), more than 150 severe natural disasters occurred across the United States in 2014 and 2015. These events not only disrupted the lives of those in the affected areas, but they also halted business operations, resulting in loss of revenue across organizations of all sizes.
And natural disasters are only part of the story. Operational disruptions can also be triggered by more mundane events, such as power outages, hardware failure and simple human error. This situation leads to two questions: If you lost your data center today, how confident are you that you could restore your IT infrastructure in time to stay in business? And does your business-continuity planning extend beyond disaster recovery?
Through numerous conversations with customers, I have been surprised to learn how many companies across segments and vertical markets are operating today with only the most basic level of data protection and no formal disaster-recovery plan in place. Small to midsize businesses typically cannot afford to support a secondary data center site and often hold the mistaken belief that they cannot afford a disaster-recovery solution. Larger enterprises, on the other hand, feel trapped between having to support additional data centers—with all the resources it takes to maintain these secondary and tertiary sites—and having to pay someone else an even higher amount to fully manage their disaster-recovery plans.
Fortunately, new cloud technologies and cloud economics are changing how forward-thinking companies approach disaster recovery. At VMworld US 2015, I had the opportunity to speak with organizations of all sizes regarding the lessons they learned after a service disruption. I noticed clearly defined patterns of experience across these discussions, which I have grouped into a framework of seven guiding principles for disaster recovery and business continuity.
1. Plan for the Long Term
First, don’t cut corners. Short-term cost savings are often misguided. For example, don’t confuse low-cost backup to the cloud with a comprehensive disaster-recovery plan. To be truly prepared, organizations must also define recovery-time objectives, devise a run book that includes automation and invest in trusted solutions with proven performance.
This process includes assessing and assigning levels of criticality in both the durability and the recoverability of the applications and their supporting data. It’s essential to determine the impact if an application is lost or unrecoverable as well as to determine how quickly it must be restored and how long to retain the data.
2. Make the Most of Existing IT Resources
Ripping and replacing existing tools and infrastructure is always difficult and costly. Fortunately, it’s also seldom necessary. By taking advantage of hybrid-cloud techniques, enterprises often can extend their data center infrastructure to the cloud using the same technologies they use in their on-premises environment. Employing resources and common technologies already in place can help minimize the cost and complexity of the initial setup, negate the need for additional operational training, minimize risk and keep management simple.
3. Take Advantage of New IT resources, Including the Cloud
The cloud dramatically reduces the cost and complexity of disaster-recovery planning while increasing its benefits and coverage. With the cloud, an organization can protect its IT investments while also realizing greater agility and gaining access to new technology.
By using a secure, multi-tenant cloud architecture, organizations can develop cost-effective disaster-recovery plans that address variable capacity requirements while also enabling replication, failover and failback processes at a reduced cost versus traditional, in-house disaster-recovery solutions and managed-service alternatives.
4. It’s All About the Architecture and the Applications
When planning for disaster recovery, it’s critical to understand the architecture of enterprise applications. Simply replicating a virtual machine running an application may be insufficient to keep the service running in the event of a failure. Understand what the requirements are for the application, what the product roadmap entails and who the critical stakeholders are. Remember that every application has context in terms of security and access management, performance, network access, and supportability.
5. Consider What Should Actually Be Protected and Why
Organizations should assess what applications and data are critical and what is most often used. Some customers have relied on a limited disaster-recovery plan only to realize during an outage that they have missed critical applications that drive employee productivity and revenue. Others have erred on the side of protecting everything as if it were a business-critical application, and they have been forced to defend inflated budgets that do not reflect the right balance of risk and reward.
6. Understand the Difference Between Disaster Recovery and Business Continuity
There is a significant difference between disaster recovery and business continuity, and it is important to understand that difference. Organizations often make the mistake of assuming that since they have an IT disaster-recovery solution in place, they are fully prepared. On the contrary, they must also evaluate business-continuity considerations, including how to support critical staff, address important business procedures, balance costs across application tiers and maintain access to major systems. The combination of disaster recovery as a subset of a broader business-continuity strategy is what represents that balancing act between risk reduction and revenue growth.
7. Employ the Right Mix of Backup and Replication
To deliver the right mix of price and performance, organizations must assess the appropriate mix of backup and replication. The best tradeoff means designing business-continuity and disaster-recovery plans on the basis of the application’s criticality, the impact on day-to-day business operations in an outage, the resulting loss of employee productivity, and the right balance between availability and cost. For some applications where recovery time is less of a concern, on-site backup combined with off-site archiving may be the best solution to maintain durability. For other applications and data, real-time synchronous replication may be necessary to deliver the levels of protection and application consistency that are needed to maintain business operations.
Bringing It All Together
Too often, disasters result in loss of uptime, revenue and data that businesses are unprepared to handle. The cloud is now enabling IT to take control of its own destiny while still controlling costs.
Yet although the cloud changes everything in some ways, in other ways it changes nothing. Organizations must still have a disaster-recovery solution in place and decision makers must still understand the differences between disaster recovery and business continuity. But the cloud can transform how you implement business continuity and disaster recovery, allowing you to do so in a cost-effective, reliable and comprehensive fashion. The best practice is to prepare for the worst, expect the best and, most importantly, make the necessary investments so that when your CEO asks you what keeps you up at night, your answer is “Nothing.”
About the Author
Laura Ortman is the Co-General Manager and VP of Customer Success for VMware vCloud Air. Before joining VMware, Laura led a global technical-support-services team as well as a mergers & acquisition team that supported over 30,000 customers for Jeppesen, a Boeing Company. Before joining Jeppesen, she spent eight years at Lockheed Martin, holding a variety of technical and executive management leadership positions.