Business continuity and disaster recovery

27/05/2021

Disasters can affect businesses in unpredictable ways. Although the word conjures images of floods, fires and other calamities, the incidents that impact the continuity of a certain business, its income and operations can be of a very different nature. 

Since such situations are often unavoidable, the best way to avoid, or at least to minimize the worst, is to have a business continuity plan and a disaster recovery plan.

Many times these two terms are used interchangeably as synonyms, although in reality they refer to two different processes. Business continuity aims to ensure that the company can continue to operate, albeit in a reduced manner, with minimal service disruption. Disaster recovery, on the other hand, determines how to restore pre-incident service levels.

Business continuity

A business continuity plan determines precisely the manner in which a company will react and operate during and after an incident that affects its operations. Depending on the level of the impact and the functions affected, the contingency plan defines what actions should be taken, such as activating a teleworking protocol.

A business continuity plan begins with a risk assessment and business-impact analysis. With these two elements as a basis, the plan defines the contingency actions to be taken to maintain service to customers.

Disaster recovery

Disaster recovery seeks to mitigate the damage and resolve the service disruption, first by identifying the source of the disruption and then by applying the necessary measures to correct the damage, whether temporarily or permanently. Disaster recovery plans include time limits called Recovery Time Objectives (RTOs), which define the amount of time to restore a service following an incident. If these deadlines are not met, then the incident is escalated to the next level.

Similarities and differences between business continuity and disaster recovery

Although the two concepts are distinct, a certain overlap exists between them:

1. Both are proactive strategies that seek to anticipate disastrous events to minimize their impact on the company. Rather than reacting to an incident, both approaches are preventive.
2. By focusing on affected business areas and the level of impact, both are useful strategies to prepare for a wide range of incidents, from natural disasters to pandemics and cyber attacks.
3. Both need to be reviewed on a regular basis to suit the objectives and needs of the company at all times.

However, a company needs both strategies to secure an adequate level of preparation. In fact, many companies include disaster recovery as part of their business continuity plans.

The objectives of the plans are different but complementary. While a business continuity plan aims to keep the company operational during a period of crisis, disaster recovery seeks to restore the level of operability prior to the crisis.

Best practices in disaster recovery

1. Focus on assets and vulnerabilities, not the specific disaster. It is impossible to foresee all possible incidents that may affect your business. Rather than planning for specific events, it is better to focus on your business assets and their vulnerabilities. For example, what if you are an e-commerce company and your logistics partner suffers a cyberattack?
2. Define periodic times and milestones that define when the disaster recovery plan will need to be updated. For example, in addition to reviewing it 2-4 times a year, reviews will also have to be done whenever a new asset or service, such as a new office or cloud server, is added.
3. Ensure a disaster recovery guide is made available to all employees who need it. The guide should be written in clear and accessible language and facilitate the execution of contingency plans.
4. Test your plan to avoid a false sense of security. This is the only way to ensure the plan actually works and you can recover the operational levels of your business. Each test must be accompanied by a report that documents step by step why failures and successes occurred. This will help the plan to evolve.
5. Involve your employees in disaster recovery with training and coaching to make sure they are ready to react.

Disaster recovery and backups: cloud and on-premises

A fundamental part of a disaster recovery plan is to have up-to-date, accessible and protected backup copies of critical data and applications, which can be used as a contingency when your main location, for whatever reason, stops operating or loses connectivity.

The traditional approach to disaster recovery is to have a secondary physical space with a second data centre. This option implies a series of operational costs and an additional investment in equipment and infrastructure to replicate the main infrastructure.

A second option is to have an infrastructure service provider with a backup in the cloud. This option allows you to size your secondary support infrastructure according to your needs and pay only for what you use. In addition, it is easy to add additional space without having to purchase and configure new equipment.

It is essential that backups, whether they are on-premises in a data centre or in the cloud, must be in a different geographical location from your main infrastructure. The fire that ravished several data centres of a cloud service provider in Strasbourg in 2021 resulted in the complete loss of data even for customers who had contracted a backup service, since the backups were held in the same data centres. Having a geo-replicated backup in separate geographic locations is key to ensuring proper disaster recovery and maintaining business continuity.

Adam inaugurated a new data centre in Madrid in May 2021. This data centre has a new version of our infrastructure as a service (IaaS) platform, based on OpenStack. This version includes Pure Storage NVMe SSD storage systems, which provides a higher execution speed for applications installed on the platform.

Moreover, the implementation of Pure Storage systems allows us to synchronize our data centres in Alcalá, Madrid, and Cerdanyola del Vallès, Barcelona, ​​as well as simplify the management of snapshots and replicas of cloud instances. This solution enables companies of any size to have geographically distributed backups and replicas to ensure robust, fast and efficient disaster recovery.