Disaster Recovery Planning Advice: An interview with a COO

Ransomware, malware, and unexpected weather events are in the news often; take this helpful and free data protection advice to lead your company successfully through any DR situation.

As a leader in your organization, you’re reminded about the importance of data protection planning when you read about compromises and cybersecurity attacks on businesses in various industries. We wanted to interview our COO, Brent Beverly who works with hundreds of businesses to share his advice to leaders who want to make sure they’ve covered all bases with a comprehensive data protection plan. Read on to learn about the answers to these questions…

• What’s the first step to achieving a disaster recovery plan?
• What needs to be determined to identify your maximum risk scenario?
• What is an example of a successful DR implementation and how did it work?
• What is a real situation of RTO and RPO working together?
• Do you know what category your operating systems are in?
• What questions should you be answering daily?

Background of Brent Beverly, Chief Operating Officer at ScaleMatrix
We interviewed Brent Beverly to talk about his experience and data protection advice for small, medium, and enterprise-sized businesses. Brent has over 16 years of experience, multiple certifications, compliance knowledge, and oversees strategy for ScaleMatrix’ technology, operations, production and implementation for technology platforms, partnerships, and external relationships, as well as building and managing the technology team. He is also responsible for making sure all technology meets and sustains IT best practices for our data centers and our clients.

Here’s what Brent shared with us:

What does disaster recovery mean to you?
Disaster recovery is a servicing solution portfolio created by the client with expert staff or supporting partners to cover availability needs and commitments made for their service delivery. This solution supports uptime requirements for compliance and service availability based on the companies' commitment to their product.

What type of businesses should have disaster recovery implemented in their organization?
Every organization should have some disaster recovery plan implemented in case of a full failure. There are many extremely budget-friendly ways to implement a minor DR [Disaster Recovery] plan for companies that need just the most minimal protection. Regardless of how available the business's services need to be, everyone should have a disaster recovery plan.

What requirements need to be considered or planned before getting a disaster recovery plan implemented?
Starting from the perspective of an organization new to DR, first, the organization would need to sit down with stakeholders and key individuals in their organization and plan what the maximum amount of downtime can be before severe revenue impact happens. Some organizations can operate in subroutines/local with primary systems down, and some organizations cannot conduct business or produce services with any core system down. Once that is completed, the business then moves toward defining if that maximum risk scenario can be moved up or should be moved up, minimizing impact further. Through the process of the first two planning sessions, the business at this point would probably have identified which of these four categories their operating systems are in: Critical, Supportive, Redundant, and Informational. At this point, experienced IT professionals or partners can help the organization move into the next step of planning the DR service right for their business.

What are other considerations do companies need to make when creating a disaster recovery plan?
The only other item we work on in great detail in addition to planning and coordinating, is best practices around multiple servers and redundant system infrastructures. This helps us and our clients be as aggressive as possible with their DR strategy, not replicating or covering unnecessary, redundant systems. The end result is the DR plan producing full functionality at a reduced capacity meeting business uptime objective.

What are a few types of disaster recovery scenarios you see in companies that have successfully implemented a strategy?
DR plans are unique to the business and almost always custom-built. While a full-blown site-to-site ‘everything replicates’ scenario can be just blanketed on any environment, that approach is not budget-friendly or necessary to cover most cases. The largest of DR scenarios, as mentioned, is a full Site A to Site B replication of the environment providing all systems available with a low RTO. Another type of mid-level strategy consists of replicating a portion of the environment with business-selected RPO and RTO that allow the organization to recover in a reasonable timeframe. Businesses with lower uptime requirements can use several other systems that are not heavily reliant on producing low RPO goals, such as a backup system. If the backup system can be set up to replicate between multiple sites in an acceptable fashion, most Site B locations can be pre-configured with all of Site A configurations allowing the restoration of the replicated backups in Site B as the DR recovery plan. ScaleMatrix supports many clients that use this as their strategy to not only cover their backup needs but conveniently and budget-friendly cover their minimal DR requirements. When utilizing this DR strategy, ScaleMatrix best practice utilizes the 3-2-1 backup rule.

Explain the differences between disaster recovery and backups?
Disaster recovery is a sync of the necessary infrastructure to a secondary location to support continued business operations. DR maintains constant syncs to produce low RTO and RPO availability. Backups are built for retention, supporting the recovery of single-site issues in the case of a system failure, corruption, user data mistakes, or coding errors. 3-2-1 backup rules can be used for high RTO and RPO DR coverage for many businesses. Keep in mind; a solo disaster recovery solution should not be used for backups.

Can you explain RTO and RPO planning?
RTO – Restore Time Objective covers the amount of downtime your business can have in a DR scenario. For example, if you need functionality returned to your business in 6 hours, it would be best to select a 4-hour RTO.
RPO – Restore Point Objective is used to identify the age of the data once restored. If you have an RPO of 5 minutes, it means while the RTO could take 4 hours to restore, once the restore has been completed, data loss will be a maximum of 5 minutes. When utilizing the backup 3-2-1 scenario, traditional RPOs are set at 24 hours to replicate with a nightly backup.

What is the 3-2-1 backup rule about?
The 3-2-1 backup rule means you're maintaining three copies of your data on two different media types with one copy offsite. Maintaining this type of practice gives businesses protection from system failures as well as geographical issues. Even when maintaining a low RTO and RPO with a DR solution like Zerto, it is still best practice for businesses to maintain 3-2-1 with their backup service to prevent any loss of backup files, especially in high compliance scenarios.

What are the common mistakes made by businesses when setting up a disaster recovery plan?
Not having one, of course, is the first, but moving past the obvious, it’s around businesses trying to tie in the DR with staff members that have minimal familiarity with DR or try to cover DR with systems that are not built to maintain proper replication. It is crucial to work with a partner with the experience to ensure coverage or utilize a system that is built to protect your business. When corners are cut during the planning phase, it will have drastic results, often unrecoverable, when a DR event happens.

When disaster strikes, what normally happens?
Depending on the plan and procedural documentation that the organization has set up, there could be a multitude of different steps. To cover this answer from the ScaleMatrix side, when selecting us as a partner for your DR, you get full 24/7 recovery support. When the DR plan is activated, ScaleMatrix will pull documents planned during the implementation phase and start the DR action steps. The recovery system is then flipped to the failover location, activating those systems. ScaleMatrix will then test all functionality with the client to ensure the restoration of services has been completed. Post-impact and when Site A has returned to normal operation post-issue mitigation, ScaleMatrix will work with the client to restore services to the original site via a planned maintenance window. Having a partner that handles your DR event and data recovery will help your staff with the systems so they can focus on managing communication efforts with other staff members or clients.

What is your final piece of advice for organizations?
Disaster recovery is essential, and every business should have something in place, even if that business can have an extended amount of downtime. There are budget-friendly solutions with minimal implementation effort that allow you to cover these emergency situations. Ensure you’re selecting the right partner, or your staff has the right experience when designing these plans. Some see this as an insurance plan. What is your business worth to you? How much data can you afford to lose and still operate at a high level? How much data can you afford to lose without having to come out of pocket to regain the trust of your clients? These are all questions that, on a daily basis, companies need to make sure they have outlined and defined. Remember, the most expensive insurance policy is the one you don’t have.