A DRP is fundamental but not sufficient to help an organization resolve data loss and recover a business IT infrastructure in the event of a disaster.
No company would survive for long without its IT infrastructure. Each organization's digital dependency is so significant that any major IT incident could prove fatal. It is estimated that 40% of companies experiencing total downtime exceeding 72 hours will go out of business within a year. In this context, the implementation of a DRP (Disaster Recovery Plan) procedures to minimize the impact of the disaster and maintain the continuity of your activities is essential.
There are a number of best practices to adopt when it comes to recovering your activity when responsibility is delegated to a cloud provider. Here’s Atempo’s take on the 5 most important:
1. ASSESS THE SCOPE OF DELEGATION ENTRUSTED TO YOUR CLOUD PROVIDER
While cloud services offer many benefits and meet the needs of businesses for the simplicity and accessibility they provide, they are not infallible. Like any technology, the cloud is not safe from disasters: human errors, hardware failures, malware, cyberattacks, etc. The massive adoption of the cloud by businesses is frequently accompanied by a blind faith in how the service provider manages the data they are entrusted with.
Even if the provider offers data protection guarantees against threats, data always remains under your responsibility, regardless of the infrastructure chosen: on-premise, cloud or hybrid. You should always assess the scope of delegation entrusted to your cloud provider to avoid data loss that could be fatal to your organization.
2. ASSESS THE RISKS OF A DATA BREACH
27% of companies have reported that their most recent data loss disrupted a business process which prevented them from providing a product or a service to a customer. This is why implementing a DRP in the cloud requires you to identify the risks associated with data loss.
When implementing a DRP, your company must be able to identify which machines, applications and critical data need to be restored after the disaster, and in which order. If any or all of these procedures are not respected, or impossible to execute, your business activity may be compromised.
3. TEST YOUR DRP IN A REAL-LIFE SITUATION
Faced with constant IT changes, CIOs should ideally test their DRPs two to three times a year. Often time and budgetary constraints prevent teams from running the tests. According to Forrester, 50% of companies run only one test a year. However, an untested DRP invalidates the entire DRP. Regular tests in real-life situations, including with your cloud service provider, allow you to assess the reliability of your DRP and adjust it as necessary.
4. identify acceptable rpo/RTO
When developing your DRP, you will need to assess the acceptable RPO (Recovery Point Objective) and RTO (Recovery Time Objective) for each department and application. Downtime depends on the businesses and the criticality of its applications. Bear in mind that RPO and RTO are closely linked to the cost of a solution. In addition, it is rarely possible to get an RPO/RTO ratio close to zero, without data loss and with an almost immediate restart of the activity.
5. READ THE SMALL PRINT CAREFULLY
We highly recommend you examine your contracts carefully and review the SLA (Service Level Agreement), the contract or the part of the contract which a service provider commits to. If necessary, do not hesitate to renegotiate and adapt the contract to fit your needs.
Fortunately, solutions exist that allow you to restart your IT infrastructure very quickly after the disaster and reduce its impact. Find how to make your DRP a success by clicking here!
Learn more in this blog post: