How to build a successful disaster recovery strategy

Security News

Typography

Smaller Small Medium Big Bigger
Default Helvetica Segoe Georgia Times
Reading Mode

Whether your industry faces challenges from geopolitical strife, fallout from a global pandemic or rising aggression in the cybersecurity space, the threat vector for modern enterprises is undeniably powerful. Disaster recovery strategies provide the framework for team members to get a business back up and running after an unplanned event.

By IBM Corporation

Worldwide, the popularity of disaster recovery strategies is understandably increasing. Last year, companies spent USD 219 billion on cybersecurity and solutions alone, a 12% increase from 2022, according to a recent report by the International Data Corporation (IDC) (link resides outside ibm.com).

A disaster recovery strategy lays out how your businesses will respond to a number of unplanned incidents. Strong disaster recovery strategies consist of disaster recovery plans (DR plans), business continuity plans (BCPs) and incident response plans (IRPs). Together, these documents help ensure businesses are prepared to face a variety of threats including power outages, ransomware and malware attacks, natural disasters and many more.

What is a disaster recovery plan (DRP)?

Disaster recovery plans (DRPs) are detailed documents describing how companies will respond to different types of disasters. Typically, companies either build DRPs themselves or outsource their disaster recovery process to a third-party DRP vendor. Along with business continuity plans (BCPs) and incident response plans (IRPs), DRPs play a critical role in the effectiveness of disaster recovery strategy.

What are business continuity plans and incident response plans?

Like DRPs, BCPs and IRPs are both parts of a larger disaster recovery strategy that a business can rely on to help restore normal operations in the event of a disaster. BCPs typically take a broader look at threats and resolution options than DRPs, focusing on what a company needs to restore connectivity. IRPs are a type of DRP that focuses exclusively on cyberattacks and threats to IT systems. IRPs clearly outline an organization’s real-time emergency response from the moment a threat is detected through its mitigation and resolution.

Why having a disaster recovery strategy is important

Disasters can impact businesses in different ways, causing all kinds of complex problems. From an earthquake that affects physical infrastructure and worker safety to a cloud services outage that closes off access to sensitive data storage and customer services, having a sound disaster recovery strategy helps ensure businesses will recover quickly. Here are some of the greatest benefits of building a strong disaster recovery strategy:

Maintaining business continuity: Business continuity and business continuity disaster recovery (BCDR) help ensure organizations return to normal operations after an unplanned event, providing data protection, data backup and other critical services.
Reducing costs: According to IBM’s recent Cost of Data Breach Report, the average cost of a data breach in 2023 was USD 4.45 million—a 15% increase over the last 3 years. Enterprises without disaster recovery strategies in place are risking costs and penalties that could far outweigh the money saved by not investing in the solution.
Incurring less downtime: Modern enterprises rely on complex technologies like cloud-based infrastructure solutions and cellular networks. When an unplanned incident disrupts business operations, it can cost millions. Additionally, the high-profile nature of cyberattacks, lengthy downtime, or human-error-related interruptions can cause customers and investors to flee.
Maintaining compliance: Businesses that operate in heavily regulated sectors like healthcare and personal finance face heavy fines and penalties for data breaches because of the critical nature of the data they manage. Having a strong disaster recovery strategy helps shorten response and recovery processes after an unplanned incident, which is critical in sectors where the amount of financial penalty is often tied to the duration of the breach.

How disaster recovery strategies work

The strongest disaster recovery strategies prepare businesses to face a wide variety of threats. A strong template for restoring normal operations can help build investor and customer confidence and increase the likelihood you will recover from whatever threats your business faces. Before we get into the actual components of disaster recovery strategies, let’s look at a few key terms.

Failover/failback: Failover is a widely used process in IT disaster recovery where operations are moved to a secondary system when a primary one fails due to a power outage, cyberattack or other threat. Failback is the process of switching back to the original system once normal processes have been restored. For example, a business could failover from its data center onto a secondary site where a redundant system will kick in instantly. If executed properly, failover/failback can create a seamless experience where a user/customer isn’t even aware they are being moved to a secondary system.
Recovery time objective (RTO): RTO refers to the amount of time it takes to restore business operations after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need do when they’re creating their disaster recovery strategy.
Recovery point objective (RPO): Your business’ RPO is the amount of data it can afford to lose and still recover. Some enterprises constantly copy data to a remote data center to ensure continuity. Others set a tolerable RPO of a few minutes (or even hours) and know they will be able to recover from whatever was lost during that time.
Disaster Recovery-as-a-Service (DRaaS): DRaaS is an approach to disaster recovery that’s been gaining popularity due to a growing awareness around the importance of data security. Companies that take a DRaaS approach to disaster recovery are essentially outsourcing their disaster recovery plans (DRPs) to a third party. This third party hosts and manages the necessary infrastructure for recovery, then creates and manages response plans and ensures a swift resumption of business-critical operations. According to a recent report by Global Market Insights (GMI) (link resides outside ibm.com), the market size for DRaaS was USD 11.5 billion in 2022 and was poised to grow by 22% in the years ahead.

Five steps to creating a strong disaster recovery strategy

Disaster recovery planning starts with a deep analysis of your most critical business processes—known as business impact analysis (BIA) and risk assessment (RA). While every business is different and will have unique requirements, there are several steps you can take regardless of your size or industry that will help ensure effective disaster recovery planning.

Step 1: Conduct a business impact analysis

Business impact analysis (BIA) is a careful assessment of every threat your company faces, along with the possible outcomes. Strong BIA looks at how threats might impact daily operations, communication channels, worker safety and other critical parts of your business. Examples of a few factors to consider when conducting BIA include loss of revenue, length and cost of downtime, cost of reputational repair (public relations), loss of customer or investor confidence (short and long term), and any penalties you might face because of compliance violations caused by an interruption.

Step 2: Perform a risk analysis

Threats vary greatly depending on your industry and the type of business you run. Conducting sound risk analysis (RA) is a critical step in crafting your strategy. You can assess each potential threat separately by considering two things——the likelihood it will occur and its potential impact on business operations. There are two widely used methods for this: qualitative and quantitative risk analysis. Qualitative risk analysis is based on perceived risk and quantitative analysis is performed using verifiable data.

Step 3: Create your asset inventory

Disaster recovery relies on having a complete picture of every asset your enterprise owns. This includes hardware, software, IT infrastructure, data and anything else that’s critical to your business operations. Here are three widely used labels for categorizing your assets:

Critical: Only label assets critical if they are required for normal business operations.
Important: Assign this label to assets your business uses at least once a day and, if disrupted, would have an impact on business operations (but not shut them down entirely).
Unimportant: These are assets your business uses infrequently that are not essential for normal business operations.

Step 4: Establish roles and responsibilities

Clearly assigning roles and responsibilities is arguably the most important part of a disaster recovery strategy. Without it, no one will know what to do in the event of a disaster. While actual roles and responsibilities vary greatly according to company size, industry and type of business, there are a few roles and responsibilities that every recovery strategy should contain:

Incident reporter: An individual who is responsible for communicating with stakeholders and relevant authorities when disruptive events occur and maintaining up-to-date contact information for all relevant parties.
Disaster recovery plan manager: Your DRP manager ensures disaster recovery team members perform the tasks they’ve been assigned and that the strategy you put in place runs smoothly.
Asset manager: You should assign someone the role of securing and protecting critical assets when a disaster strikes and reporting back on their status throughout the incident.

Step 5: Test and refine

To ensure your disaster recovery strategy is sound, you’ll need to practice it constantly and regularly update it according to any meaningful changes. For example, if your company acquires new assets after the formation of your DRP strategy, they will need to be folded into your plan to ensure they are protected going forward. Testing and refinement of your disaster recovery strategy can be broken down into three simple steps:

Create an accurate simulation: When rehearsing your DRP, try to create an environment as close to the actual scenario your company will face without putting anyone at physical risk.
Identify problems: Use the DRP testing process to identify faults and inconsistencies with your plan, simplify processes and address any issues with your backup procedures.
Test your disaster recovery procedures: Seeing how you’ll respond to an incident is vital, but it’s just as important to test the procedures you’ve put in place for restoring critical systems once the incident is over. Test how you’ll turn networks back on, recover any lost data and resume normal business operations.

Disaster recovery solutions

Modern enterprises rely more than ever on technology to serve their customers. Even minor outages can cause critical downtime and impact customer and investor confidence. The IBM FlashSystem Cyber Recovery Guarantee is designed for anyone who purchases a new FlashSystem Array with IBM Storage expert care and IBM Storage Insights Pro.

IBM is a leading global hybrid cloud and AI, and business services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM's legendary commitment to trust, transparency, responsibility, inclusivity, and service.

For more information, visit: www.ibm.com.

Also Read

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Do your business apps access different data sources? This book shows you how to make that task easier
Book Review: 21st Century RPG: /Free, ILE, and MVC

David Shirey’s first book is an educational and entertaining read for “modern” and “old” RPG programmers alike
Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

If you are ready to get into Web application development, take this book along as your guide
Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

DBAs who use the book will find it very helpful first in their test study and later as a reference book.
Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

This is a well-written DB2 11 book that could easily stand on its own as a reference manual, not just a certification guide.
Book Review: Free-Format RPG IV, Third Edition

Jim Martin comes through for us again.
Book Review: IBM i Security Administration and Compliance, Second Edition
Book Review: Programming in ILE RPG, Fifth Edition

This book really hits the mark and is a must-read for all RPG developers.
Book Review: DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Guide
Book Review: Subfiles in Free-Format RPG

Whether you're a newbie or a seasoned pro, this book has something for you.
Book Review: Evolve Your RPG Coding: Move from OPM to ILE ... and Beyond

This book provides an amazingly comprehensive introduction to the concepts while at the same time delivering enough technical detail to make you productive very quickly.
Book Review: Database Design and SQL for DB2
Book Review: The Chief Data Officer Handbook for Data Governance

When implemented appropriately, data governance is a powerful framework.
Book Review: DB2 10 for z/OS: The Smarter, Faster Way to Upgrade

Trying to figure out whether to upgrade? Read on.
Book Review: 5 Keys to Business Analytics Program Success
Book Review: DB2 11: The Ultimate Database for Cloud, Analytics, and Mobile
Book Review: Flexible Input, Dazzling Output with IBM i

Today, it's all about input and output. Getting data into the IBM i from non-traditional sources and then displaying it back out again in varied formats. But where can you go to learn all that you need to know about this critical skill?
Book Review: Advanced Guide to PHP on IBM i

Enterprise-level PHP skills and techniques have been adapted for IBM i developers in Kevin Schroeder's new book.
Book Review: Java for RPG Programmers

If you've been putting off learning Java, you have no excuse anymore!
Book Review: DB2 10.1 Fundamentals: Certification Study Guide

Too valuable to be classified as merely excellent certification material, this book should also rightly take its place on DB2 DBA bookshelves as a solid day-to-day DB2 reference.
Book Review: DB2 10 for Z/OS Database Administration: Certification Study Guide

Whether you're trying to get certified or you just need a great reference book, this is the book for you.
Book Review: Developing Web 2.0 Applications with EGL for IBM i

It's everything you need to know, from the bottom up.
Book Review: Advanced Integrated RPG

Isn't it about time somebody told us how to integrate RPG and Java?
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: The Remote System Explorer

This book speaks directly to the thousands of IBM i programmers who develop in RPG, COBOL, CL, and DDS every day.
Book Review: IBM System i APIs at Work, Second Edition

API expert Bruce Vining delivers the only comprehensive guide to APIs.
Book Review: Functions in Free-Format RPG IV

This one short volume manages to essentially be both a general introduction and a detailed reference.
Book Review: DB2 11: The Database for Big Data and Analytics
Book Review: IBM Mainframe Security: Beyond the Basics

Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.
Book Review: IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance

Find out how IBM is addressing the challenges of big data.
Book Review: Fundamentals of Technology Project Management

Projects can be overwhelming, but taken in small, deliberate steps, all projects are achievable.
Book Review: Customer Experience Analytics

Use CEA as a strategic weapon to stay ahead of your competitors.
Book Review: Big Data Analytics: Disruptive Technologies for Changing the Game

The disciplines of data analytics are evolving to meet the new challenges of big data.
Book Review: IBM i Security: Administration and Compliance

If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.
Book Review: DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541)

This book, written by the creator of the certification exam, reveals exactly what you'll need to know to prep for the test.
Book Review: Selling Information Governance to the Business

Who governs the information that runs your company?
Book Review: You Want to Do WHAT with PHP?

If you're serious about programming in PHP, get a book that treats you that way.
Book Review: The IBM i Programmer's Guide to PHP

Both a primer and a reference, this book is a must-have for anyone who wants to program in PHP.
Book Review: JavaScript for the Business Developer

There's no faster, easier way to become proficient in JavaScript.
Book Review: SOA for the Business Developer

If you want to know how SOA works in the real world, this is your book.
Book Review: DB2 9 Fundamentals

Whether you want to obtain an IBM certified DB2 professional certification or simply become well-rounded in the fundamental concepts of DB2 and general database theory, this is your book.
Book Review: The Modern RPG IV Language, Fourth Edition

This book isn't a training manual; it's a reference book.

Resource Center

Node.js on IBM i Webinar Series Pt. 2: Setting Up Your Development Tools

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:
Profound Logic Solution Guide

More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
Power10 Power Hour

IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:
Comply in 5! Well, actually UNDER 5 minutes!!

TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Combating Ransomware: Building a Strategy to Prevent and Detect Attacks

Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Top IBM I Security Vulnerabilities and How to Address Them

IT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.
What Most IBM i Shops Get Wrong About the IFS

Can you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:
Backup and Recovery on IBM i: Your Strategy for the Unexpected

Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Manage IBM i Messages by Exception with Robot

Managing messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:
Easiest Way to Save Money? Stop Printing IBM i Reports

The thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:
Hassle-Free IBM i Operations around the Clock

For over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:
Why Migrate When You Can Modernize?

Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
The Power of Coding in a Low-Code Solution

When it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:
Low Code: A Digital Transformation of Supply Chain and Logistics

Supply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:
Resource Center

The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit
Node Webinar Series Pt. 1: The World of Node.js on IBM i

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.
IBM i Transformation Risks Every Business Leader Should Know

Join us for this hour-long webcast that will explore:
What to Do When Your AS/400 Talent Retires

IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:

Analytics & Cognitive Categories

Latest Analytics & Cognitive News

Career Catgories

Latest Career News

Cloud Categories

Latest Cloud News

IT Infrastructure Categories

Latest IT Infrastructure News

News Categories

Latest News

Programming Categories

Latest Programming News

Security Categories

Latest Security News

Typography

Share This

Also Read

LATEST COMMENTS

MC Press Online

Support MC Press Online

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Book Review: 21st Century RPG: /Free, ILE, and MVC

Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

Book Review: Free-Format RPG IV, Third Edition

Book Review: IBM i Security Administration and Compliance, Second Edition

Book Review: Programming in ILE RPG, Fifth Edition

Book Review: DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Guide