An Updated Perspective on the Definition of Disaster Recovery

I was speaking to a large group of company owners at an Engineering conference on the importance of implementing Business Continuity and Disaster Recovery programs. Afterwards, one of the owners of a mid-sized firm came up to thank me for the learning experience and ask why I didn’t cover backing up IT systems to tape. This is a common misconception and a very outdated one at that. Tape backups gave IT a false sense of security. Backups were very slow and often failed at the wrong time, during a restore. Tape backup has thankfully been replaced by high speed or solid-state hard drive replication.

His question gave me pause though, as the way companies go about disaster recovery is always improving, but the definition remains the same.

Information Technology (IT) disaster recovery is defined as: An evolving set of policies, applications, hardware and processes in place to ensure timely recovery of critical technology infrastructure and systems from a disruptive event (natural or manmade) by having implemented and tested recovery plans and communications required to support business objectives.

Disaster Recovery is crucial, especially when your company is relying on internal or cloud-based software as their main source of revenue. Ensuring the availability of those applications becomes paramount to success.

I have been working with several startups in Silicon Valley on building out their Business Continuity and Disaster Recovery programs to comply with the steps in going public. One acronym I hear in my meetings that is consistent across the companies is TL;DR, or “Too Long, Didn’t Read.” I mention this as coming up with a comprehensive definition for Disaster Recovery borders on TL;DR.

The definition of Disaster Recovery has a lot of weight behind some of the words used in it. Evolving reflects moving from tape to disk, virtualization, and now Cloud Disaster Recovery. Those companies not evolving their DR program stand at high risk. Tapes are obsolete, yet I still see them used when building out DR programs for companies. A 2012 study (yes, that old) reports that 70% of tape backups are not verified and 30% of those tested were corrupt. Constant evaluation of your DR program is vital to long term success.

The next term in the Disaster Recovery vocabulary that needs some clarity is “critical”. I see this term over used and without true regard for the impact. IT cannot have everything be critical because there isn’t enough staff to recover everything at once. This is where a Business Impact Analysis (BIA) comes in. The business executes a BIA to force rank all business applications in timeframes, without asking them for criticality. After all, if you ask a department when they need their application up and running, almost always they say immediately.

Critical should either be based on the outcome of the BIA, contracts with customers, or company revenue.

Bottom line is you need an active Disaster Recovery program for IT that should not only be reviewed and tested at least annually, but also reviewed for new technologies and software that will increase resiliency and lowers costs. This is inclusive of SaaS solutions and hosting in either Amazon or Azure.