When major disasters strike, institutions find out that disaster recovery is not just about how they back up data — but how quickly their planning returns them to normal.
As educational institutions become more dependent on their computer data, the cost of losing access to that information is measured in hundreds of thousands of dollars.
The key to solving the problem is not completely technology based; an IT department needs a good disaster recovery plan for when the worst happens.
A disaster recovery plan needs to cover cyber-attacks, hardware failures, user failure, sabotage and natural disasters. Yet, most plans rely simply on saving the data and hoping for the best.
Many just back-up the data daily on drives and disks and send it off-site believing that it is secure. As networking bandwidth improved this basic back-up plan included wiring the data to a specialist software vendor who has data center sites in other regions. More recently cloud-based offerings from the likes of EMC, HP, Oracle, Amazon and Microsoft have also helped make such back-ups more reliable and affordable.
While a basic disaster recovery plan looks good on paper, it lacks a business process that covers what an IT department should do if something goes wrong and how that data can be restored to the business.
It is not as if this plan is never going to be used; figures from Storage Sweden suggest that data needs to be restored about five to 10 percent of their backed up data on an annual basis. While that might not sound like much, it is the equivalent of 18- 36 days of a business year recovering from some disaster or another. That means that up to 304 man-hours can be allocated every year to disaster recovery and the added workload could push back other IT projects and deployments.
It becomes clear then that an organization needs a serious disaster recovery plan.
First, it will need to carry out a risk assessment and a business analysis to find out which part of the institution’s structure is critical and has the highest priority for the most resources.
Then there needs to be a working schedule for different disaster scenarios drawn up.
Such a schedule is contained in the global standard for developing a workable disaster recovery program dubbed ISO/IEC 27031. The standard says that any plan should define a response to an incident and lay out an action plan. This plan should be so detailed and everyone is trained to know what to do at the right time.
This forward planning will reveal previously unidentified technology problems, and allow for effective counter measure. For example, one of the biggest issues is that backup software is unreliable or misconfigured. Most experts believe that a good disaster recovery back-up plan should include some form of automation and testing to eliminate such errors.
This prevents the sort of problems, which blighted the recovery of the New Orleans Civil District Court’s computer system. According to The Times-Picayune newspaper, in 2010 the software responsible for the court’s backups started garbling back-up data.
The DRP plan called for older data to be purged to save space, which meant that back-ups were not actually being completed. This was not noticed until the servers containing all of the conveyance and mortgage records crashed and the court needed to carry out an urgent restore.
Finally, it is recommended that IT departments organize disaster drills similar to those carried out by civil defense organizations in earthquake zones, such as San Francisco. Arranging a drill soon after a disaster recovery plan is developed is vital, particularly if a company has recruited a new data backup provider. This enables an institution to see clearly how data will be returned and what steps are needed to make it usable. It also gives time scales for when the data will be restored.
While this sounds gloomy, when people are ready for the worst, it is more likely that when disaster strikes, the IT department can fix the problem quickly. Not only will they have the backed up data, they will know that it works, and how to use it.
At Senior Systems, we provide disaster recovery solutions for our non-hosted clients. For more information regarding our non-hosted school disaster recovery plan, please contact sales at 1-888-480-0102, Ext 2, or email us at email@example.com