Time to move disaster recovery to centre stage

Alistair MacKenzie says enterprises need to automate their data protection and disaster recovery

Disaster recovery is a board-level concern that has to be watertight enough for auditors to approve. Yet it is seldom given the importance it deserves. Tests are conducted infrequently, usually produce average results and sometimes fail altogether.

While thousands of employees up and down the land check on data backup, they spend only a fraction of their time testing to see if the recovery works.

This needs to change. Despite the risks – including financial and reputation consequences – only a few businesses put disaster recovery as the driving force behind information security expenditure.

Since most organisations are not prepared to duplicate all their servers in another datacentre of their own, they typically outsource their disaster recovery. Even then, businesses can still be vulnerable, because the outsourced processes are rarely tested, due to the substantial cost.

Most organisations rarely achieve 100 per cent backup success and have limited ability to monitor what they are paying for with any accuracy. Enterprises are spending six-figure sums on disaster recovery programmes that amount to little more than insurance policies that may never work.

Businesses also put a lot of time and money into organising their own scenarios to gauge the effectiveness of the disaster recovery measures they have in place. Inevitably, much of this is perfunctory, time-consuming and brings little in the way of benefits.

Disaster-recovery-as-a-service (DRaaS) is opening up a market that has hitherto been dominated by a few big providers. Enterprises can now avail themselves of a wealth of services from resellers with more flexible and transparent offerings that meet precise requirements.

To help prevent server downtime and irrecoverable data loss, firms should regularly back up all their server systems, in case servers or databases are damaged due to a disaster such as a fire or flood, malicious act or human error.

Unfortunately, due to the very large data storage requirements, the backup of the data in an organisation's databases is still often on reels of magnetic tape, kept securely off-site.

Recovery from a total loss of data means manually finding and retrieving the necessary tapes as well as obtaining, configuring and restoring the data to a replacement server system. And should disaster strike, who knows what can be recovered?

Automated, cloud-based data protection and disaster recovery operations give transparency and immediate cost savings. So, if successful, testing will no longer be an annual lottery but part of a continual process that gives confidence.

DRaaS need not commit the user to a classic disaster-recovery contract with a service provider, resulting in further cost savings and flexibility.

Automation also reduces the administration time for testing and planning. Organisations can test and update disaster recovery plans continuously, reducing recovery times.

There is no excuse for disaster recovery to be a neglected item on the CIO agenda.

Alistair Mackenzie is chief executive of Predatar at Silverstring