
As organizations face the imminent threat of an IT service outage or cyberattack, they often fail to step back and understand how well they have planned to deal with the crisis. According to recent research, we learn that:
- SMB organizations are the primary targets of over 85% of data breach incidents.
- 60% of compromised small organizations shuts down within six months of the attack, primarily because the cost averages $120,000 per incident.
Perhaps the most regrettable part of it all? Almost half (45%) of these organizations already acknowledge the inadequacy of their disaster recovery capabilities. So, in this article, let’s discuss a framework and steps for creating a disaster recovery plan that sets you up for actual recovery, so you can stay resilient over the long-term.
What is disaster recovery planning?
Disaster recovery planning is less about investing in cybersecurity solutions and multiple layers of cloud and on-site data center resources (though that supports your overall business resilience plan). Instead, planning for disaster recovery is more about communications, governance, organizational structure and culture of dealing with the crisis.
How do you ensure business continuity amid persistent threat of disasters — which may come from an external cyberattack, an IT service outage, natural disaster or a disgruntled internal employee with access to sensitive business information?
A Disaster Recovery Planning strategy builds against these risks as a subset to the Business Continuity Plan (BCP) in these focused stages of a disaster:
- Prevention. Taking steps to avoid the disaster situation.
- Mitigation. Reducing the impact of disaster.
- Preparedness. Identifying and building the capabilities necessary to respond proactively.
- Response. Taking the steps that would immediately contain the damage, isolate impacted zones and focus on keeping the remaining operational networks stable.
- Recovery. Returning to the optimal state of operations at sites that were impacted.
Building your disaster recovery plan
How do you plan for disaster recovery? Disaster recovery planning is about three key activities:
- Engaging a team of experts responsible for identifying the weak links in your business continuity chain.
- Quantifying those risks.
- Developing an actionable workflow guideline for your employees.
The goal of disaster recovery planning is to reduce business disruption when the underlying resources — computing, applications and data — are rendered unavailable. (It could be due to an unforeseen threat, or an inevitability that you can only prepare for so much.) A robust disaster recovery planning process ensures that cost-effective and practical measures are developed in anticipation of these threats, allowing the organization to recover from disasters that may take them by surprise.
(Understanding incident severity levels can help risk prioritization.)
Best practices for successful disaster recovery plans
Here are a few important steps that you can follow for your disaster recovery planning:
1. Obtain stakeholder support & commitment to resources
The first step of an effective disaster recovery plan is to obtain strong support from all stakeholders, especially for resource investments and allocation.
Disaster recovery requires investments in technology resources and activities that do not offer an immediate ROI but are critical to reducing the opportunity cost of a downtime incident. While the management is responsible for implementing and executing a disaster recovery plan, its effectiveness depends on the resource allocation — which requires approval from business decision makers and top management.
Watch how real-time insights into disaster recovery operations enables you to deliver better services to citizens impacted by a natural disaster:
2. Create a dedicated planning committee
Establish a dedicated team that will oversee the planning, development and execution of a disaster recovery plan. This team can comprise cross-functional team members, across multiple levels of the organizational hierarchy. The goal of a planning committee is to:
- Develop a disaster recovery plan that takes onboard all business functions and key decision makers.
- Identifies the risk and opportunity cost of a disaster incident facing all parties.
- Comes up with a practical and viable disaster recovery plan.
3. Assess & prioritize risk and impact
Quantify the business impact of the downtime incident that impacts different workloads and operational activities. Create a risk profile that depends on the cost of downtime as well as the probability of the threat impact, threat resilience, alternatives, opportunity cost of downtime and its role in disrupted other dependent operational activities and services.
Evaluate the cost of disaster recovery for each item; prioritize disaster recovery objectives for the most impactful operational activities and services. Some of the important metrics to consider are:
- Recovery Point Objective. The maximum acceptable data loss, in terms of age, before recovering from a disaster incident.
- Recovery Time Objective. The maximum amount of time before restoring the active state of operations following a disaster incident.
(Learn about cyber threat intelligence.)
4. Build a recovery strategy
Your disaster recovery plan can focus on a variety of recovery strategies based on the risk profile and business value. These strategies can include backup in a few areas:
- A Hot Site mirrors your existing IT environment and the state of application and data workloads.
- A Warm Site has infrastructure resources ready for installation to replicate the production environment.
- A Cold Site has standard networking devices, cooling and power supply available, but it requires additional server and computing resources to be installed and set up before running a production-like environment.
If the applicable data and application backups are stored in the cloud, you may choose from a variety of storage tiers that give different levels of recovery performance and service level agreement (SLA) guarantees at different price points.
5. Train your workforce and develop the right organizational culture
In order to develop a practical disaster recovery plan, incentivize the disaster recovery activities across all business functions and hierarchical levels. Understand their needs; identify their limitations especially those pertaining to risk mitigation and recovery; develop a governance and reporting mechanism that makes it easy to communicate and collaborate on threat risks, threat incidents and disaster recovery activities where and when needed.
Some of the key starting points in this regard, could be a strong focus on eliminating silos between teams, hierarchical levels and business functions; and automating the reporting and collaboration process.
Related reading
- What Is Incident Management?
- Top Incident Response Metrics & How to Use Them
- Threat Modeling: The Ultimate Guide
- The Top 50 Cybersecurity Threats
- Resilience in the Face of Uncertainty
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.