If you could go back in time, what would you do? Would you prevent the accident that happened last week? Would you do things differently? Would you buy the winning lottery ticket? All of us at some point in our lives have asked ourselves these questions, and most likely we would answer “yes to everything”, however there will always be something unexpected, something that not in a million years did we think would happen.
Today more than ever we realize how vulnerable we are and that from one day to the next, everything can change radically. An earthquake can surprise us right now, a flood, a virtual attack and why not, a pandemic…
The health emergency we are going through at the moment has wreaked havoc in all sectors, not only in the country but throughout the world, affecting the vast majority of the business sector, making it impossible to continue their normal functions.
Given the gravity of the situation, there is a light at the end of the tunnel: the Disaster Recovery Plan (DRP). This is a set of strategies, planned procedures, and actions taken so that the effects of a disaster are minimized and the business is able to quickly maintain or resume mission-critical functions.
Taking into account that each company is different, the characteristics of a DRP can and should vary depending on the needs of each one, to design it factors must be taken into account such as: type of business, the processes involved and the level of security required.
Although it is true that companies invest up to 25% of their budget in the Disaster Recovery Plan, most are not prepared for one, taking into account what happened on 9/11, only 50% of companies report having a Disaster Recovery Plan. Of those who do, nearly half have never tested their plan, which is equivalent to having none.”
Now how does a DRP work? As mentioned above, a DRP is based on the needs of the business, which is initially reflected in the recovery time (RTO) and recovery point (RPO). Let’s see the following diagram:
What is RTO and RPO?
When we talk about Recovery Point Objective (RPO) we refer to the time interval that can pass during an outage, before the amount of data lost during that period exceeds the maximum allowed threshold, in other words, it is the maximum acceptable time during the which we can lose data.
On the other hand, Recovery Time Objective (RTO) is the time that a company needs to recover its processes after an inactivity caused by an incident or disaster, that is, the amount of data that is lost and has to be re-entered during the period of network inactivity.
In short, RTO indicates how quickly you need to recover from downtime, while RPO defines how often backups need to be done.
For a DRP plan to be effective it must:
Focus on recovering the operation, not just the technical and technological elements that support the operation. Imagine an accounting server, recovered in a contingency in record time, which users cannot access to do their work. Something like that is as useless as not having the server.
The disaster recovery plan (DRP) is part of the continuity plan (Business Continuity Plan), the latter describes how an organization can maintain operations during an emergency, it seeks to mitigate this risk as much as possible through a global plan that It allows the prompt recovery of the operation and the information, for this it is necessary that the companies develop a Business Impact Analysis (BIA), which is used to identify the risks and the critical points to develop.
The BCP must keep up to date, take into account emerging and growing technologies (such as cloud and virtualization) as well as consider what are the possible new threats or cyber attacks, trying to be as precise as possible, what can be achieved through testing and regular maintenance; Of course there is help available to guide businesses through comprehensive tools and software.
If you want more information about it or specialized advice, please contact us for a chat and to share experiences and success stories.