IT- Disaster Recovery for a Business Continuity

IT disaster recovery consists of developing step-by-step procedures for a full recovery, disaster avoidance and business continuity.

When many think about DR, they usually think about Backup, while it is only one piece in BC-DR puzzle and inefficient for a continuity of business operations in an event of a disaster.

Backup is not disaster recovery (DR) based on following points:

Failure of backup software
Service Levels: backups typically happen twice per day which means that a RTO will be significantly higher and RPO could be ~12 hours data loss which is not acceptable for critical applications in DR concept.
Reverse Replication: in an event of an outage, once an application has been made available on a target site, you must extend that application’s protection to include new data being created. A backup solution can not start taking backups and ship them back to a production site, yet a DR solution will ensure that an application is still protected by replicating back to a source site.
Application Impact: backups occur at night because, making a copy of an application and its data load a CPU on a server and impacts significantly end-user productivity.

Every institution large or small should have both a backup mechanism and disaster recovery solution in place; they are complementary pieces to a same puzzle.

Mitigation Measures for Some IT- Hazards

~~POSSIBLE RISK~~

~~MITIGATION MEASURE~~

~~DOW~~N~~TIME~~

• ~~Hard~~w~~are~~

• S~~oftwa~~re

• ~~Redunda~~ncy

• Maintenanc~~e a~~n~~d up~~grade ~~of s~~oftw~~are~~

NETW~~ORK~~

• Un~~rel~~i~~able~~ n~~etwork~~

• Loss of connectivity

• T~~raf~~fic

• Misconfig~~ura~~tion

• Design ~~and~~ moni~~tor a~~ net~~work~~ ~~for a~~ maximum reliability

• Physic~~al p~~rotecti~~on, R~~edundanc~~y or dive~~rse paths

• N~~etwork~~ segmentation

• ~~Installa~~tion of firewalls to ens~~ure~~ security

• L~~oad~~ b~~ala~~ncing ~~(Intell~~igent direction to bac~~kup~~ site)

• Use automation to ~~dep~~loy changes, test ~~all~~ c~~onf~~ig~~urat~~i~~ons~~ in a ~~lab en~~vironm~~ent~~ before making changes on your production d~~evi~~ces.

DAT~~A A~~ND APP~~LIC~~ATION

• File co~~rrup~~tion

• Applicati~~on dow~~ntime

• ~~Mal~~icious so~~ftware~~

• ~~Data~~ backup

• Mi~~rro~~ring ~~of app~~licati~~on,~~ l~~oad~~ b~~ala~~ncing ~~and~~ ~~repl~~ication

• Security m~~ana~~gem~~ent~~ and ins~~talla~~tion o~~f a~~ntivirus

EQUIPMEN~~T FA~~I~~LURES~~

• Serv~~er f~~ailure

• Server Overl~~oad~~

• ~~Other~~ ~~Hard~~ware

• ~~Old~~ ~~equ~~ipm~~ent~~

• ~~Redunda~~nt disks, Backups~~, S~~AN / ~~NAS~~

• L~~oad~~ b~~ala~~nce~~r/Mo~~ni~~tor~~ing/vi~~rtual~~i~~zat~~ion

• Reg~~ular~~ maintenance

• ~~Pla~~nning ~~for up~~g~~rad~~es an~~d repla~~cing out-of-~~date e~~quipment.

POWER

• Power O~~utage~~

• ~~Equ~~ipm~~ent~~ failure

• ~~Redunda~~ncy and bac~~kup~~ ~~power~~ s~~upply~~ ~~(UPS~~ and G~~enerato~~rs)

• ~~Monito~~ring an~~d perfo~~r~~min~~g preventativ~~e m~~aintenanc~~e re~~g~~ularl~~y.

ATTA~~CKS~~

• DDoS

• Viruses

• Hackers

• ~~Other att~~acks

• ~~Mana~~g~~ed s~~ecurity services/anti-D~~DoS~~

• Ins~~talla~~tion of antivirus

• Fi~~rewall a~~n~~d o~~ther security ~~featur~~es

• Access control system

H~~UMAN~~ E~~RROR~~

• Fi~~le dele~~tion

• Unski~~lled~~ ~~peo~~ple

• Fire

• Reg~~ular~~ backup

• Access managem~~ent~~

• Training / S~~taff~~ certification ~~requ~~irements

• Fire detection system, fire extinguishe~~r and~~ fi~~re h~~ydrant