Tag Archives: Disaster Recovery Plan

Need To Know A Lowdown on AWS Cloud Security

Recovery Time Objective (RTO) vs. Recovery Point Objective (RPO)

Both RPO or Recovery Point Objective and RTO or Recovery Time Objective are key metrics which businesses have to consider when they are making a disaster recovery plan. For any business, a proper disaster recovery strategy is absolutely imperative. It will ensure business continuity when there has been an unexpected disaster or incident. These two terms sound almost similar but they imply different things and it is easy to get confused between them.

Both the RPO and RTO help businesses to determine the number of tolerable hours for data restoration, the frequency of backups and what the recovery process must be. These two parameters together with an analysis of business impact will be essential for identifying and reviewing the viable strategies which one can include for any business continuity plan.

What is the RPO or Recovery Point Objective?

This refers to interval of time in the course of a disruption before the amount of data loss in that period goes past the maximum allowable limits of tolerance which the business continuity plan makes room for. For instance, when the RPO of a company is 20 hours and the last available proper copy of data is from 19 hours after an outage, the business is still inside parameters of the RPO. The RPO is a calculation of maximum tolerable volume of data which may be lost. It will also help businesses understand how much time is allowed between the last data backups and a disaster which will not cause any major damage to your business. So, you will need the RPO in order to perform data backups.

What is the RTO or Recovery Time Objective?

The RTO refers to time duration within which business processes have to be restored post a disaster so as to prevent unacceptable effects resulting from disruption in continuity. So, this metric basically allows you to measure how fast you must recover the infrastructure or services after any disaster so as to maintain business continuity. The RTO can be calculated in terms of the time-period the business can survive after a disaster before normal operations can be restored. When the RTO is 24 hours, it means that your business can maintain its operations for that period of time even without the normal infrastructure. But, in case the data or infrastructure is still not available after 24 hours, it could mean insufferable harm to the business.

What are differences between RPO and RTO?

  • The RPO will show the amount of data which will be gone or which must be re-entered when there is a network downtime. But RTO shows the “real time” which can be allowed to pass before disruption starts to impede business operations seriously. The RPO is very important in most cases because you will invariably lose some amount of data whenever there is a disaster. Incidentally, data which has been backed up can also be lost. Most of the businesses will be backing up their data at fixed scheduled intervals, maybe once an hour or once a day or once a week too. The RPO will measure the amount of data which you stand to lose because of some disaster. For instance, if you conduct backups every midnight and disaster strikes at 8am, you are likely to lose 8 hours data. In case your RPO is 24 hours, there is no problem, but if it less than 8 hours, it is going to affect your business.
  • The RTO will stand for all your business needs because it measures how long the business is capable of surviving when IT services have been disrupted. In comparison the RPO focuses on data alone. It will only tell you how often you should back up the data and it does not reflect other business IT needs.
  • The costs which you must bear to maintain a demanding RTO is likely to be much more than those of granular RPO. The reason for this is that RPO will focus on data but RTO focuses on the whole business infrastructure.
  • To meet the RPO goals you will only need to conduct data backups at regular intervals. Such data backup can also be conveniently automated and therefore automatic RPO is easier to deploy. The RTO, in comparison, is much more complex because it deals with restoration of all IT operations. You can never achieve all RTOP goals through an automated process.
  • The RPO is also found to be much easier to implement as data usage tends to be consistent and involves fewer variables. Since RTO involves restoring all IT operations, it will be more complex. Incidentally, RTO goals should be in sync with what is achievable by a business. When minimum restore time is set at two hours, you cannot achieve an RTO of one hour. So, administrators should have a proper understanding of speeds of different restorations. It is only then that you can negotiate RTO.

To sum up, both these metrics have to be considered to make a Disaster Recovery plan which is both effective and economical.


Valuable Tips to Arrive at the Bespoke Disaster Recovery Strategy

As the incidences of cyber crimes and data theft continue to escalate in terms of scale and frequency, there is an unprecedented need to revisit disaster recovery plans. Enterprise data must be protected from natural or manmade disasters that seriously impact business continuity.

Considering the sheer variety of threats and their potential to cripple business activities, one should not be content only with the existing Disaster Recovery plan. The disaster recovery plans must be thoroughly assessed, reviewed, and updated on continuous basis.

You need to tune your Disaster Recovery plan to the ever evolving cyber attacks by adopting the most recent technologies and tools to make sure that the mission critical data assets are seamlessly secured with ability to rapidly and easily recover following any untoward event.

Scrutiny of threats and probable responses

A comprehensive study of all possible business risks is essential to design bespoke Disaster Recovery plans to handle every type of threat. You will also have to categorize the probable disruptors by understanding probability and frequency of occurrence. This will help prioritize your Disaster Recovery plans.

The easiest way to analyze the Disaster Recovery scenarios is to understand the gravity and probability of occurrence. Most often it is found that cyber threats rank among the most likely interruptions to the ongoing business activities. Obviously, cyber attacks should be assigned higher priority in comparison with acts of God such as earthquakes, tornadoes, fire, and so forth.

disaster recovery

Analysis of impact on business

This is also an important determinant of priorities in designing and planning of Disaster Recovery strategies. It is known as Business Impact Analysis or BIA in short. By performing BIA for every available system, one can easily draft an appropriate Disaster Recovery plan. Identification as well as evaluation of effects must be carried out by studying contractual, legal, financial, and regulatory implications of a possible disruption. You can also include other important factors such as organization’s reputation that may be impacted by unplanned events.

The major focus of Business Impact Analysis as far as the security is concerned will cover business continuity, privacy, and integrity.

The entire exercise of Business Impact Analysis is designed to outline dependencies and priorities of IT systems, so that you are in a better position to chalk out strategies that are aimed at mitigation of business loss at the end of the day.

One cannot jump to perform a Business Impact Analysis unless the right policy for a proposed Disaster Recovery plan is drafted. You will have a robust contingency plan ready that takes into account priorities with reference to your business. In addition to NIST, there are a great number of templates waiting to be downloaded from other reliable sources.

Shifting focus

It observed that most of the Disaster Recovery strategies are excessively focused on these technology aspects and thereby missing out a couple of very vital components including process and people. An ideal plan for Disaster Recovery must be an all-inclusive exercise that gives equal significance to every factor which is critical to the business continuity.

It is wrong to limit Disaster Recovery plan to only the technology related factors because one must be capable of recovering every business-critical factor. Availability of staff members who are assigned with critical duties of responding to the call in the event of a disaster is extremely essential. You should have all necessary contact details to access these core team members even at the odd hours.

Building a rapport with concerned authorities much before the disaster can help in the crisis period. You must assign individuals with good communication skills to deal with outside agencies, clients, and staff.

Significance of Disaster Recovery updates

Every time there is an alteration or modification in terms of the internal systems, one must carry out Disaster Recovery update exercise. These updates can also cover major applications that can be vital to the business processes. Since there is a constant change on the horizon of technology, one should make sure that the Disaster Recovery plan is modified every time a new technology initiative is performed.

Modern technologies are developing at break neck speed, thanks to the affordability and availability of compute power. This puts a great strain on internal systems that must fall in line with the latest technological developments by exhibiting remarkable resilience.

Cloud consideration

Cloud is increasingly becoming an ideal resource for availing Disaster Recovery as a Service or DRaaS. Cloud based Disaster Recovery service offers outstanding economy and convenience to help companies become disaster-ready without spending fortunes.

Appreciating the urgency

Procrastination can be a disaster by itself because of the endemic nature of cyber crimes that are hitting organization where it hurts. Preparing a disaster recovery plan after going through the event can prove to be fatal for any organization. You need to empower systems, technologies, and people in your organizations with ability to respond to a disaster without losing precious moments.

For more info:

Why do I need a Disaster Recovery Solution?

File Backup

How Important are File Backups Today?

Given the growing incidents of cyber thefts, data leaks, site breaches and hacks, the need to back up critical data is something that no business can afford to disregard. Any such cyber attack can inflict unspeakable damage to businesses, both big and small. For instance, the NotPetya malware managed to target big businesses in Ukraine by using tax software which had been infected. In another such incident, cyber thieves managed to get their hands on data belonging to as many as 148 million people when they successfully hacked into a credit reporting agency Equifax. These are only a couple of serious incidents which highlight the need for file backups but there have been many more in the last year which shows that businesses were not taking backups seriously enough.

Data loss or damage can cause downtimes, hamper productivity and inflict long-term harm to your business reputation and credibility in the market. Reports suggest that as many as 80% of the businesses which are victims of data theft tend to shut down their operations within the next few years. As many as 40% go out of operation within a year itself. Whether it is man-made disasters or natural calamities or breaches carried out by cybercriminals, you need to back up your data so that it can be retrieved seamlessly. In other words, it is the task of IT managers to ensure that there is a proper Disaster Recovery plan in place should the need arise.

Backups and disaster recovery plans are not the same thing; while backups are copies of the data which can help your business renew its operations, disaster recovery refers to tools and methods for recovering lose data or systems when disasters happen. Below are some important reasons which make file backups imperative for your business in today’s age:

Threats are not going to fade away; rather, they will be become more and more challenging to deal with. With every year, the incidents of data thefts are increasing and this year is not going to be an exception. Ransomware attacks, breaches and attacks using cutting-edge technologies like hacking using artificial intelligence have become the order of the day. Reports suggest that businesses handling very sensitive information are likely to be the new targets. Cyber attacks have been declared as the third biggest threat for the globe after extreme weather occurrences and natural calamities. So, every business needs to pay extra attention when it comes to including disaster recovery plans in their business plans.

For modern businesses, data loss is perhaps the gravest threat because data is integral to their functioning and in the event of data loss, downtime gets triggered. This will translate into huge economic losses for the businesses. Due to sudden power outages, downtimes can occur and these have been seen to inflict losses to the tune of millions of dollars for big businesses. Unless backups are made, such instances of downtime will go unresolved because the numbers are expected to increase in 2018.

From only 17% in 2015 Big Data adoption rate has increased to almost 53% in the previous year. This shows how fast Big Data and Internet of Things are going to become part of our daily lives. Big Data has become the rule for businesses rather than the exception. There are analytical tools which gives a business prescriptive and predictive insight into how it is running and how to take better-informed decisions for the future. At the same time, if there is any breach by accident, it will amount to loss of both critical data and personal data. So, with the continuous evolution of Big Data, it is becoming more critical and complex by nature. This means that businesses will have to adopt robust backup and disaster recovery solutions to tackle cyber threats.

When there are breaches, businesses are not only affected by revenue losses, but also by loss of reputation and credibility. So, when popular brands are hit by breaches, consumers slowly start to move away from them. Apart from the loss of reputation, precious time is lost because data recovery is time-consuming and no new work gets done during this period.

Risk management is absolutely imperative in digital transformation of enterprises. Businesses must be capable enough to address shortfalls and downtimes. So, there must be a robust and secure ecosystem in place to withstand such unprecedented calamities caused by infrastructure collapse or outage or cyber attacks.

Enterprise data is being increasingly managed by a wide range of devices like smartphones and laptops. This helps to improve remote work culture but this means that there are now more end points for data storage. Such end points are not restricted to the workplace anymore; they can be anywhere in the world. So, it is important to have backups for these endpoint devices to ensure that even if the devices get affected there is a central data repository which remains secure. Here, cloud data solutions are perhaps the safest and most resilient for data security purposes.

Finally, data which is backed up can always help you to analyze and formulate business strategies better. You may use this backed up data for data mining and data analysis, patch testing and application testing.

For Interesting Topics :

How To Restore A Backup?

Choosing The Right Solution For Disaster Recovery

Choosing The Right Solution For Disaster Recovery

Nowadays we often hear the term DRaaS, short for Disaster recovery as a service. What does this term mean? It is the simulation or creation of mimic of physical or virtual servers by a third party to provide failover in case of a disaster, either man made or natural.

Typically DRaaS requirements are stipulated in the Service Level Agreements (SLAs), so that the hosting vendor provides failover to the client.

But before we discuss DRaaS, let us understand the importance of disaster in an IT setting.

All IT companies put in place a disaster recovery plan (DRP).

After all, a business must continue to work without interruption. In particular the mission critical functions must have stability.

Disaster can come in various avatars. It can be a storm tearing apart your power lines, or some telecommunication staff digging and damaging your underground communication lines.

In whichever mode a calamity strikes, the result can be disastrous to your company’s business.

Companies experience a disaster due to any one or a combination of the following causes.

  • Mission critical application failure
  • Network failure
  • Natural disasters
  • Network intrusion
  • Hacking
  • System failure

“Disaster recovery is an important part of our business process management”, says a CIO.

No wonder companies go to great lengths to firm up recovery strategies. They perform a business impact analysis as well as risk analysis to establish the recovery time objective.

Cloud computing offers extremely fast recovery times at a fraction of the cost of traditional disaster recovery.

With virtualization, the entire infrastructure including the server, OS, applications and data is condensed in a single software package or virtual server. This entire virtual server can be replicated or backed up to an offsite data center.

A compelling benefit of such a strategy is that the virtual server is not dependent on hardware and hence the entire bundle can be migrated from one data center to another easily.

This process radically reduces recovery time compared to traditional non-virtualized methods where servers must be loaded with the operating system and patched to the last pattern before the data is restored.

IT companies typically have two options to choose from as a disaster recovery solution – Cloud DR and DRaaS.

Which one is better?
This is not an easy answer by any standard. A company must choose either of the one after a thorough evaluation of both the solutions.

Cloud DR
Cloud DR is within reach of any company.

“Whatever drawbacks a cloud may have, one thing is clear. It is extremely effective when used as a tool for a disaster recovery plan”, says an IT manager.

“We are now able to create a cloud based recovery site as a backup to the primary data center”

Before creating a suitable DR strategy, you must keep in mind the following.

Assess your data protection requirements
An evaluation is essential to come to a conclusion as to what kind of infrastructure and configuration is needed to facilitate cloud DR.

Companies keep the primary backups on-premise but they mimic them to cloud storage so that they can disable the data center in case of any natural disaster.

Select the appropriate cloud provider
You must remember that not all cloud providers are alike. Some of them offer only storage. That is why it is essential to select the vendor who has the capability to build the right disaster recovery site for your needs.

Moreover, costs must never be ignored. The manner in which the vendor bill’s you can have a decided impact on your finances. A good strategy is to use a reliable cost calculator tool.

Control bandwidth
Cloud backup can consume copious amount of bandwidth. A judicious approach will ensure that the bandwidth consumption will not exceed to the extent that other workloads suffer.

Several small and medium businesses are not too keen to put in place a disaster recovery plan. They feel such exercises are for those with deep pockets.

Many of them perform frequent backups and store data offsite. These measures are no doubt satisfactory, but sluggish by today’s standards.

Taking help of DRaaS vendors seem to be a sensible policy.

Yet, it is important that clients must weigh-in each vendor carefully. Some vendors may offer an apparently straightforward solution while others may offer a comprehensive solution tailored to your specific needs.

Whichever solution you seek, the following points must be kept in mind.

  • The vendor’s capability to backup critical data
  • Fast recovery with minimal user interface – the vendor must specify the time limit for hosting the recovery environment.
  • Transparent and easily understandable billing modes
  • Solution has numerous backup options

Moreover, the DR solution offered must make it easy to move from the backup to the live state.

Business continuity is not just about backing up data; it is also about fast recovery from a disaster.

For more information on various types of hosting and plans, call 1800-212-2022 (Toll Free).

For Interesting Topic :

Disaster Recovery