Jan 23 2019

How to Create a Disaster Recovery Plan for Your Business

Many businesses don’t survive major disruptions. But disaster recovery as a service is an increasingly popular solution.

Few businesses can survive a lengthy period of downtime, when employees can’t access critical work files, process sales or conduct normal business operations. Small businesses, with their narrow margins for error, are particularly vulnerable to the kinds of natural and human-caused disasters that can send a business into a deep freeze.

Most small business owners are fully aware of this risk. Yet, while many have taken some steps to protect themselves against a disaster, few have any formal plan. According to the insurance company Nationwide, 75 percent of business owners reported having off-site storage for at least some vital business records. However, 68 percent have no written DR plan, even though 49 percent said it would take three months to recover from a natural disaster — too long, in many cases, to survive.

Every organization needs a comprehensive disaster recovery plan. Many business owners think only about natural disasters, but disasters can also be caused by security breaches like ransomware, a hardware or software crash, or by simple human error.

Such a plan includes many facets of an organization — computers, network, phones, employees and customers. What’s important is how quickly the business can gain access to critical systems and data.

MORE FROM BIZTECH: Check out these 5 tips for updating a cybersecurity incident response plan.

What’s Included in a Disaster Recovery Plan?

The major elements of any good DR plan include:

Data replication. It’s vital that all business data be backed up to a separate location or to the cloud. Dell EMCHewlett Packard Enterprise and Veeam, Commvault and others are among the vendors that provide useful data backup solutions.

Definition of priorities. Businesses should define which applications are most important to access, and when. It’s easy to say you need to get everything back immediately, but in the wake of a major disaster, that’s probably not achievable in a cost-effective way. So, define which applications you can’t be without for any but the shortest length of time, which you need access to within a day or so and which can wait a few days before it becomes a serious problem.

Role assignments. In the chaotic aftermath of a natural disaster or a major security breach, businesses will be glad they’ve spelled out in writing who is responsible for which aspects of a recovery. The plan should include your own employees as well as the contact information for important vendors — and this should be updated regularly to account for departing employees and shifting roles.

Inventory of assets. You’ll need a thorough, current list of all hardware and major software applications, plus contact information for technical and customer service support for each item. It’s important to also have a plan for protecting physical assets against elements such as flooding.

Remote work strategy. How will you communicate with employees about what they should do in case of an emergency? Do you have a backup work site identified — or, even better, have you invested in digital workspace technologies that allow employees to work at home or elsewhere should the office become flooded or major highways become impassable? These solutions include virtualization of desktops and business applications, soft phones, collaboration technology such videoconferencing and instant messaging, and mobile device management solutions. VMware, Citrix and Cisco, among others, offer excellent solutions in this space.


Get the Help You Need to Create a Disaster Recovery Plan

As important as the above items are, it’s clear that few can be achieved without an initial assessment of a business’s unique needs.

“It is critical that IT and business units work together for DR planning,” explains Phil Goodwin, a research director in IDC’s Storage Systems and Software research practice. “Don’t look at DR as an event; it is part of total application availability.”

Many businesses need help with that kind of planning — and with the execution of the plan should it become necessary. That’s why Disaster Recovery as a Service solutions have become increasingly popular. Like other kinds of “as a Service” offerings, DRaaS offers fixed costs and external expertise.

In practice, DRaaS includes data replication and hosting of physical or virtual servers by a third party, as well assistance with both the disaster-recovery planning process and the actual execution of the plan. Employing a third party to manage oversight of your disaster recovery frees your IT team to focus more of its energy on business-critical projects. And modern DRaaS solutions are becoming more cost-effective, allowing businesses to pay less for slower recovery of those less-critical applications instead of paying the same price for a single recovery time objective for every application.

Whatever approach your take to DR planning, just be sure you don’t neglect to do it. One in four businesses never reopen after a disaster, according to the Federal Emergency Management Administration, but those that are prepared for the worst inevitably fare best.

This article is part of BizTech's AgilITy blog series. Please join the discussion on Twitter by using the #SmallBizIT hashtag.



Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.