Why Disaster Recovery planning isn't optional

Having worked in IT for over 30 years, I've experienced my share of disasters. IT disasters can come in different "shapes" and "sizes" like simple human errors, unprotected database updates, storage devices that failed in just the right way, road maintenance that cut an underground network cable, an exploding power transformer, and a bridge collapse next to our primary data center. These are all situations where IT experienced a "disaster" of some definition. Remember, the "smoking hole" disaster scenario rarely happens; most often, it starts small and just gets out of control.

We survived our disasters by having good disaster recovery practices. A key component of that is the Disaster Recovery Plan.

Disaster Recover and Business Continuity

Some IT leaders think a Disaster Recovery Plan is the same as a Business Continuity Plan, but they are different. Disaster Recovery is undertaken by the technology teams, and deals with bringing things back to normal. Business Continuity is about how to continue doing business in the face of an IT failure.

A friend once shared with me a story with me that demonstrates this difference:

On his way to work, my friend stopped for coffee at a local coffee shop. Most franchise coffee shops have a PC server in the back room that actually records sales like every espresso or cappuccino or mocha (or whatever). That morning, my friend learned the cafe's PC server had died, so the cash register wouldn't ring up any sales. 

An IT support tech was already in the back room, working to fix the server. Maybe restoring data, or replacing a failed hard drive, or any number of things. This was Disaster Recovery, bringing the technology back to normal. 

But the coffee shop still sold coffee. The barista had a reference sheet that said how much to charge for different beverages and bakery items, and she used a calculator to work out tax and change. Transactions were recorded on paper, to be entered into the system later. This was their Business Continuity, how the coffee shop was able to remain open and stay in business, despite the PC server and cash register not working.

Planning for disasters

Our responsibility in IT is Disaster Recovery. Are you planning for your next disaster? Disaster Recovery isn't optional: Industry analysts from Gartner and IDC say that 30 to 40 percent of all IT shops either have no disaster recovery system in place or do not know how to use it correctly. Second, even if a shop does have a Disaster Recovery apparatus in place and tests it occasionally, there are plenty of examples of such systems not performing according to plan.

Disaster Recovery planning shouldn't be ignored. And neither should the testing. Testing should ideally include restoring pieces of the system to a separate "test" system, so you can exercise the physical activities required for recovery. But a tabletop exercise may be sufficient to work through a recovery scenario and identify gaps, depending on your process. For example, you might use a tabletop exercise to run through a constructed scenario to test your recovery plan for an everyday process like user authentication or file access.