Because protecting networks and their vulnerable components is essential to business survival, it could be catastrophic for IT professionals to sit back and assume their existing disaster recovery (DR) plan is adequate, particularly if it has been in place for some years.
A disaster prevention and recovery plan needs to be kept fresh in the face of ever-evolving security threats, natural disasters and human error. The following tips outline the top threats to a safe network, and explain the best ways of countering these threats.
First, a comprehensive DR plan is paramount, and the three essential elements of any plan are prevention, detection and correction. Best practice should encompass every component in the network, ensuring that all data and systems are backed up as often as possible and replicated to off-site storage.
Sophisticated virtual replication solutions can have all their data and systems 'mirrored' to a backup site periodically, although this can be prohibitively expensive. Disk-based backups are usually more affordable, but generally compromise on speed and ease-of-use. Although traditional tape-based backups remain the cheapest option, backups need to be performed at the end of a day's business, so this method can expose an organisation's data to a whole day of risk.
A recovery point objective (RPO) should be established before the DR solution is chosen, so that the chosen solution can achieve this target within budget. The RPO sets a limit on how much data stands to be lost in the event of a disaster. For example, if a system is set to back up every 15 minutes and there are 100 users on the network, the company could lose up to 25 hours' worth of work.
Key points to consider
Several key important points must be considered when setting an RPO, which will save problems down the line.
First, make sure that top-level management are on board. A comprehensive DR plan should be agreed upon across all departments, with express instructions coming from the Board to ensure that everyone adheres to the policy.
Make sure there is a comprehensive inventory of all devices on the network, including those introduced under a BYOD model. Identify the most business-critical systems and applications, and prioritise these if budget constraints are an issue.
Create detailed reports that cover all network components rather than specific devices, set scheduled discovery to automatically detect new devices and consolidate as much as possible into the one report.
A recovery time objective (RTO) determines the time-span an organisation will be without its critical infrastructure in the event of a disaster. How long will it take to get servers running again, data transferred to new hardware, and essential services such as email and Internet back online.
Sign up for CIO Asia eNewsletters.