Among many things, 2020 brought a new approach to how and where businesses operate. Yet these drastic changes were a reaction to the pandemic, rather than being a methodical and tested approach.
Now in 2021, businesses can create a business-as-usual plan whilst working from home. Companies may still be using the same strategies for data protection, but does this suit today’s business practices?
With the increase of cyber-attacks and the fragmentation of data, ComputerWorld is challenging businesses to scrutinise the security and protection of their data. To do this, our team has created a list of five top tips which you should use to review your current plan and appraise whether it is fully prepared for today’s ‘new norm’.
Why are disaster recovery and backup important?
Disaster recovery (DR) and backup are often assumed to be an IT project alone. In fact though, they are a business and IT project. One critical thing to think about is: ‘At what point does your business go out of business, or face serious financial harm, due to data loss?’.
Many also fall into the trap of thinking their data is completely secure as it is in the cloud. Unfortunately, recent cloud failures with clients losing years’ worth of data can show this to be incorrect.
Also, a drastic increase of services like Microsoft Teams means more people are uploading their data to the public cloud rather than to the corporate network. This creates a fragmentation of data.
With the current flexible work environment being sprung upon most of us overnight, technicians are labelling this change as the three R’s:
- React – First, we reacted to lockdown restrictions, getting us working from home quickly over the best and most secure way.
- Reflect – Then we began to reflect, questioning if these practices were suited to the long-term and whether these methods are most secure.
- Rethink – Finally, the stage we want to help you with, the rethink phase. We aim to see if your current DR and backup strategies still work, and ensure that your data is safe and fully protected.
Our top five tips
1. Ensure you know what you are trying to protect and what you are protecting against
Begin by ensuring you have a service catalogue and make certain it’s up to date. Your service catalogue not only provides an invaluable list of all your business’s technology, but is important for efficiency, encouraging people to follow due process. It is also an important step during disaster recovery.
If you haven’t got a service catalogue, our team can help you create one. A good service catalogue is essential for your data protection strategy. It helps create an in-depth plan of what to do in case something happens and what you are trying to protect.
ComputerWorld will balance your recovery time objective (RTO) with your recovery point objective (RPO) and ensure that your plan is best suited for your business’s needs and budget.
From there, understanding what you are trying to protect can be done through two simple steps:
- Creating or revisiting your service catalogue to create a central document to start building an initial plan.
- Understanding this data – where it is held, whether it’s personal data (GDPR compliance) so you can classify it, then plan a service level agreement (SLA) and realistic RTAs.
Protecting your business isn’t a one-size-fits-all solution; different sectors have different priorities for protection. Typically, protection has been correlated with the concept of natural disasters. But with today’s data shift, it is more likely that fragmentation, cyber or ransomware attacks will be what your business is protecting against. If you need a hand in planning service priorities with a realistic budget, our team can go through whether each of your services needs gold, silver, or bronze service protection.
2. Leverage inherent security and protection features
One area often missed by organisations is ensuring they are maximising all the features available in products and services they are already using. We would recommend reviewing your service catalogue as above, and then comparing this to the technologies that are providing these services.
At this point, you can review if you are making the most out of the inherent features. Examples might include features like SAN snapshots, security features in Microsoft 365 as well as applying for the appropriate permissions. A chat with one of our specialists can assist you in getting the best out of your subscriptions and checking the vulnerabilities in your systems.
3. Consider (or reconsider) your data protection options and practices
Over time, what you need to protect, and what you are protecting against, changes. You need to rethink and reconsider your data protection practices, to counter today’s risks.
Defining the difference between a backup plan and a DR strategy may be the best way to re-evaluate your data protection approach. Backups often only run nightly and are used for long-term data recovery and archiving of your data and VMs. But as these are stored in an offline state, they may take hours to bring online if a disaster strikes.
DR frequently replicates your data to another online source, allowing the recovery process to be done quickly, reducing that RTO. Speaking to one of our specialists can help direct you to the most current up-to-date design of your data protection strategy, taking into consideration both backup and DR.
4. Test, test, and test again
Testing is one of the most important factors in data protection. No matter how good a solution is, it’s only as good as the last time it was tested. Testing does not only ensure that the product works, but helps the technicians to identify problems and gaps in that service.
We recommend that businesses undergo a quarterly test for their DR strategy. This may seem a substantial undertaking. But with the right processes and technology in place, like automotive DR solutions, it allows non-disruptive testing. Alternatively, our team could take the burden off you and conduct regular testing with solutions like disaster recovery as a service. By testing different scenarios and documenting the test results it can help reassure you that your data is safe.
5. Plan for your recovery
The question of DR is no longer ‘if’ you need it, but ‘when’. It’s vital to pick a suitable location where you can access your DR playbook easily without it also being affected by the disaster. Keep a second copy in a different location (i.e. the cloud).
These DR steps include the people involved, who make the decision to deploy your DR strategy and and how long that decision should take. Clear and precise planning can help during a time of crisis. Ensure that not only your IT manager knows the procedure but others too in case the IT manager has been affected by the disaster.
By reviewing the DR plan regularly with all relevant stakeholders, and keeping it up to date on new applications, you can keep your business more safe and prepared for the event of a data breach.