Am I backing up everything I should be? If the majority of your disaster recovery budget is allocated to protect only your most critical applications, a large portion of your business-critical servers are left under-protected. Since the risk of downtime is so high, the need to deploy your disaster recovery solution is not a matter of if, but when. Any business-critical server essential to maintaining operations will require costly fault tolerance and clustering solutions, while any business-supporting servers that are not essential to running the operations will employ ineffective restore and recovery solutions.
We encourage businesses to adapt an identity-driven approach that ensures workloads can be moved between the physical, virtual or cloud environments. Within this context, users can quickly restore critical workloads in just a few hours to any available resource, regardless of hypervisor platform or server vendor, meaning that normal business can be resumed as quickly as possible. Should downtime occur, business operations can be restored by redirecting users to the replicated workload in the virtual recovery environment, or the workload can be restored to the same or new hardware. Ideally, disaster recovery software should provide businesses with the ability to quickly move restored workloads to wherever they are needed.
Tier your recovery. Long gone are the days when everything got backed up to tape overnight. While tape can still be suitable in some situations, some infrastructure needs zero or near-zero downtime, while others have recovery point objectives (RPO) and recovery time objectives (RTO) measured in minutes, not days. By using RPO and RTO objectives organisations are able to prioritise the parts of their system that are business critical and tier recovery processes according to how valuable different areas are to maintaining the business.
Align your backup strategy with your business requirements. Businesses should already have multiple backup technologies in place including tape, disk-to-disk and optical drives, but they also need to ensure they have matched the recovery solutions according to the value of the application. It is important to consider whether all your resources need the same high availability or if you can afford to have your email server down for an hour or more. Ultimately, you need to make sure that you’ve matched the cost and recovery characteristics of each workload to the business value that they provide.
Recovery. Recovery is the short term process of getting things back up and running. It's like replacing a burst tyre with your spare; not a permanent solution, and you can't drive as far or as fast, but it gets you moving again quickly. What's your recovery strategy? How quickly can you get back to business? And is that quick enough? All of these factors are important considerations that need to be addressed in any thorough business continuity back-up plan.
Restore. The restore phase is about putting things back the way they were. As with the car example, you don't want to keep driving on a spare tyre, and you don't want your server workloads running in a recovery environment indefinitely. Businesses must ask themselves, does your current solution let you do that? Some popular virtualised backup solutions let you back up to a virtual machine, but don't let you restore out of them. As a result you have to ensure that processes are in place to restore a proper working environment, allowing your business to return to full functionality.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.