Ransomware is in the news again, this time attacking Ultimate Kronos Group (UKG) which manages the payroll and time management (HR) systems of many organizations including hospitals who are still dealing with Covid. It may take Kronos weeks to recover; however, whether responding to a global pandemic with vaccines or to a ransomware attack with a disaster recovery (DR) plan, the best defense is still a good offense. That’s what this post is about.
With natural disasters and ransomware threatening the security and availability of business critical data–there is no one-size-fits-all DR plan. Every organization is different and each DR plan is unique to the individual organization; however, they do have a few things in common that function as a great place to start.
Aligning IT more closely with the mission of the core business, helps IT identify complementary technology to help business managers achieve their goals. “While this may not sound like a typical IT conversation on the front-end, the back-end conversation is 100% IT as you look to deploy solutions to support the front end,” says David A Chapa, head of competitive intelligence at Qumulo. “For example, disaster recovery touches every aspect of the business that IT supports.”
Data Tsunami Podcast – Business Continuity and Disaster Recovery
Listen to this podcast with Mike Oakes, Senior Pre-Sales Engineer for Atempo and David A. Chapa, Head of Competitive Intelligence for Qumulo.
5 Data Recovery Best Practices for a Disaster Recovery Plan
To add to the discussion in the podcast, here are five data recovery best practices that Chapa offers as a good starting point for a disaster recovery plan.
1. Identify the mission of the organization
Start with the mission of the business to help identify the data, systems, applications, and platforms that support this “mission.” For larger companies with many lines of business, there may be more than one business unit and also functional groups to consider.
2. Prioritize the risks to business as usual
It’s essential to know how the “business units” support the core mission of the company to prioritize data recovery steps of the various groups when it comes to resuming data to day operations. Define what’s at risk. For example, an airline’s primary mission is to keep planes in the air and deliver people and cargo safely while minimizing costs. Define your risk categories and their implications when you declare a disaster. These definitions will help executive management set expectations going forward that IT can support with a disaster recovery plan.
3. Define what declares a disaster for your business
Defining what a declaration means to your organization is one of the top priorities so you can document how long the business or one of it’s functional groups can be down before it causes damage to the company, customers, partners, brand reputation, etc. A business impact analysis can be used to provide a financial metric or KPI for declaring a disaster. Just as important, is to identify how much time the business can be down before declaring a disaster and document it in your execution plan. The IT team has that predetermined time to find a remedy before declaring a disaster. This key metric will help prevent the “running around with your hair on fire” scenario; it allows you to address the current situation and decide if you can recover within that period.
4. Schedule disaster recovery tests
Testing used to be a whole day effort, whereas today, the elastic use of the cloud allows you to spin up compute and storage to test and validate and then spin it down when you complete testing. You want to make sure you are checking at least every quarter, and more if you have changes to your environment in between quarterly tests. And don’t let the word “test” give you any anxiety, it is about validating your plan. If you fail, you want to fail during your test so you can expose the gaps you need to address in your overall DR strategy and execution plan.
5. Review with Executive Management
When you have an executive sponsoring your work, it makes it that much easier to get the other business leaders to respond and work collectively with IT during the initial discovery phases of the DR planning portion. When we look at DR by itself, it is really about bringing technology back to business as usual operationally. It makes sense that you would engage executive management in this process to ensure you and your IT teams are moving things forward in alignment with the primary mission of the business.
Listen to the Data Tsunami podcast to gain a better understanding of data recovery best practices and solutions to help protect your data for business continuity.