Harvey a stark reminder of need for strong disaster recovery plan
The devastating impact of Hurricane Harvey on many communities in Texas serves as a stark reminder that organizations of all sizes need to be prepared for disasters and have a plan in place to help with recovery from such events.
While the Texas coast just north of Corpus Cristi was ground zero for the hurricane landing Friday night, Houston to the north is experiencing "unprededented" flooding from upwards of 50 inches of rain in the hurricane's wake. Federal and state officials have already state it could take the region years to recover from the damage from wind and rain.
All of this is putting renewed focus on disaster recovery plans and what organizations should do to ensure their systems and data remain safe and accessible once order is restored.
For IT executives, disaster recovery and business continuity strategies should be among the top priorities—because so much of the day-to-day operations of the company relies on systems availability and data.
An IT recovery plan should have three layers, all of which must be addressed in order to recover successfully, according to Joseph George, vice president of product management at Sungard Availability Services.
One is data protection. “If you don’t have your data at an off-site, secure location, then you really have nothing at all,” George said. “How you choose to get your data off-site—via tape, disk backup, storage replication, or server replication—will depend upon the [criticality] of your particular applications and the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for each.”
Another layer is system recovery. This constitutes the platforms, servers, operating systems, backup software, backup hardware, hypervisors, networks, and storage that companies will use to actually recover their applications.
“Your recovery environment should align with your production environment,” George said. “If your recovery environment has changed over time, then ideally you have performed adequate change management between your production and recovery environments so that when you attempt to recover your data, the two are in sync.”
The third layer is people, processes, and programs. It will be people on staff who perform the recoveries. Therefore, it’s imperative that they have an operational place to work, with the right equipment, space, and communications to enable them to do their jobs. It’s also important that they have the right expertise and focus to successfully recover data and applications, George said.
Processes are the procedures that document the steps of the recovery. They need to be updated and correctly maintained to avoid the risk of failing at recovering applications and data. Programs are the ongoing lifecycle and management of the disaster recovery program, and govern crucial activities such as test planning and execution, post-test analyses, execution of change management, and active integration of best practices and lessons learned on an ongoing basis.