Disaster recovery is the ability of a system to continue working after a natural or man-induced disaster. This includes the capacity to recover from a wide range of problems ranging from natural disruptions, like an earthquake, to a computer intruder or virus attack. Such continuity is critical for a business organization.
The ability to recover from a disaster requires planning and specifically involves computer systems. The recovery plan helps businesses to recover quickly in the event of a disaster. It usually takes less effort to make such a strategy and the benefits it promises outshines the incurred cost.
Most of the business organizations these days rely heavily on computers for their functioning. Computers are extremely vulnerable to disasters which can result in important data loss which sometimes takes years to collect. According to an estimate, big companies invest 2-4% of their IT budget on disaster recovery planning with an intention to prevent the losses associated with the occurrence of a disaster. A recovery plan takes into account the working of a business and identifies the key essentials which are necessary for a business to continue. Selecting a generic disaster recovery plan is an acceptable option but it may leave out critical aspects of a specific business.
Defining a disaster is also an important criterion for the selection of a disaster recovery strategy, as planning a response for a natural disaster is different from the response for a human-induced disaster (the response strategy for a virus attack is different from the complete annihilation of data resulting from an earthquake). The selection of a disaster recovery plan also depends on the time frame required to recover from a disaster. Hasty recovery requires the implementation of complex procedures. If an organization works in a real time online environment, then an instant recovery is inevitable. Multiple standby systems are required for this.
An IT infrastructure failure in an organization can corrupt important data making it inaccessible. The failure may result from a natural calamity, malicious attacks, user faults, hardware errors etc. The options available for disaster recovery include:
- Regular backups made to external hard drives or other media like DVDs. Use of external hard drives requires extreme care as these devices can crash as easily as internal hard drives corrupting the contained information. DVDs are a better alternative as they are not as sensitive as hard drives.
- Rescue disks (which are generally made when the computer systems have no adjustments made to meet the requirements of a specific user. During a recovery procedure, a software restores all the contained file on the rescue disk on to the computer’s hard drive)
- Internet data recovery services. Such online services range from a simple file storage to complex complete hard drive imaging services. An important concern in using online services is data security and privacy. Data encryption is a possible solution for this setback. But one should keep in mind the rightly emphasized quote in Will Smith’s “Enemy of the State”, “the more you use technology, the easier it is for them to access it”.
- Creating an offsite backup. This is the best option to deal with natural disasters which may cause total destruction of the IT infrastructure of an organization. Replicating the file information to another server is another option.
- Devising alternative options to carry on the most crucial activities of a business. For example having two internet services providers in case the service on one provider goes down.
- Share data between the branches of the company.
- Recover deleted files.
An organization may also select an external disaster recovery provider. The provider is responsible to provide standby services to curtail the damages caused by a disaster. The services include:
- Using surge protectors to shield against the effects of electrical surges.
- Using UPS or standby/backup generator services in case of power failures.
- Using two providers for the same service.
- Utilizing available firewall and antivirus options.
- Using disaster recovery software like Veritas Disaster Recovery Advisor by Symantec, Disaster Recovery System for IBM operated servers, Double-Take software by Vision Solution, etc.
A backup site can also be used as a measure to deal with a disaster. A backup site is a place where an organization can relocate following a catastrophe. The site can be a location operated by the organization or acquired by a disaster recovery service provider. Backup sites are of three types:
1. Cold sites (neither includes a hardware setup nor backed up copies of the data from the original location of an organization. This feature renders it the cheapest backup relocation option for an organization to work.)
2. Hot sites (are complete copies of the original site, i.e. complete data backups, full computer systems. Synchronization is used to completely mirror the original data. Allows an organization to relocate by enduring minimal losses following a disaster. Hot sites are most expensive to operate and are operational within hours of disruption of the original site. Mostly adopted by governmental agencies and financial institutions.)
3. Warm sites (is an intermediate option between hot and cold sites. Incomplete or several days older backups are available. Hardware options are provided on a smaller scale as compared to the original site.)
Selecting from the above explained three options solely depends on the requirements of an organization. The decision is based on the benefit offered by the site vs. the cost. Hot sites are costly but are viable options for big organizations like a bank, which has information they have taken years to gather. The cost associated with data loss is far more than the resources spent to acquire such a site. Cold sites on the other hand are cheap and require time and investment to become properly functional.
As mentioned above, the time and resources an efficient and effective disaster recovery system saves is much more than the cost of implementing such a system. If an organization does not have a recovery system, then the only option it is left with is to attempt to recover data from the storage devices. It is worth noting that this is a costly procedure and there is no guarantee of data recovery.