16 Expert Strategies For Creating An Effective IT Disaster Recovery Plan
Forbes Technology CouncilCOUNCIL POST| Paid Program
POST WRITTEN BY
Expert Panel, Forbes Technology Council
Successful CIOs, CTOs & executives from Forbes Technology Council offer firsthand insights on tech & business.
As the old adage goes, it’s wise to “hope for the best, but prepare for the worst.” For tech leaders, this means creating and implementing a good disaster recovery plan.
Even the best information tech and security measures in the world can fail, so establishing an effective recovery plan can make all the difference in getting your company back up and running. To help you build your IT disaster recovery plan, the members of Forbes Technology Council share 16 critical steps you’ll need to take.
1. First, identify your assets and capabilities.
The best plans are those in which you have identified assets that are critical to your business, built redundancy and practiced your recovery plan. Successful football teams win the Super Bowl by understanding their limitations, communicating expectations to all stakeholders and practicing plays to reduce the likelihood of mistakes. Building a successful disaster recovery plan takes that same commitment and approach. - Rod Holmes, Leo Cyber Security
2. Get everyone involved and ensure communication.
Involve end-users and other department heads in the design of the plan. I have found that planning for effective communication in the event of a crisis is absolutely critical. An SMS-based system is ideal. - William McSorley, WM3 Group LLC
3. Create redundancy via distributed backups.
Across IT, experiencing a sitewide failure is highly likely. To avoid disruption, organizations should distribute applications and business-essential data across multiple storage volumes rather than storing them within a single data center. This ensures IT teams can quickly recover applications in their most recent pre-failure state and maintain high data availability. - Murli Thirumale,Portworx
4. Test your disaster plan before you need it.
One crucial step is doing an honest inventory of your business’ current state. If you don’t have a thoughtful, operational plan in place, get to it. If you do have a disaster recovery plan, test it before disaster strikes! The best-documented processes and inventories won’t be worth much unless you’ve put them through the paces and know that they will work when the time comes. -Douglas Albert, Arceo.ai
5. Try the ‘Chaos Engineering’ approach.
The first and the main thing is to realize that failures happen, whatever measures we take. Then everything becomes simple, regular training aimed at reducing the risks. In recent years, an approach called “Chaos Engineering” has gained popularity. But it’s important to make sure that all the precautions have already been taken to ensure sustainability at all levels of the organization. - Dennis Turpitka, Apriorit
6. Prioritize risk management.
There is one thing that you can do on a constant basis to be prepared for any disaster: risk management. Define your risks well and once a month, review their status and mitigation plans. Having this done, you will exclude the word “disaster” from your vocabulary. - Boris Kontsevoi, Intetics Inc.
7. Map your critical business processes.
Disaster recovery and business continuity planning are an extension of any mature risk-management program. Mapping critical business processes is a fundamental part of ensuring the availability and security of essential business services. Security is a subset of reliability, and ensuring reliable delivery of services should be the core focus of any IT leader’s plan to support the business. - Jason Crabtree, QOMPLX, Inc.
8. Leverage public cloud services.
The key to an effective recovery plan is to rely on the public cloud, not your own datacenter or hardware. Leverage services built on the public cloud and give your teams the support of the software as a service vendor to do the heavy lifting. This is the best recovery strategy. Teams can then focus on urgent priorities during an emergency rather than worrying about backup or access to physical sites for upgrades. - Poojan Kumar, Clumio
9. Train your team and practice.
A plan is only as good as those executing it. If your team members don’t know what they are supposed to be doing, the plan is ineffective. Train your team and practice the plan. Not only does practice allow the team to get more comfortable, but it will also point out failures in the plan, allowing you to improve with every practice. - Michael Hoyt, Life Cycle Engineering, Inc.
10. Outline dependencies and action items from day one.
Implementing a disaster plan when the water is over your head is not a good strategy. A company can be in a ready state from the start. Being a plug-and-play organization helps mitigate the risk when situations like the COVID-19 pandemic hit us. Each team and division in the company must have dependencies and action items outlined from day one. Testing the implemented strategy in place will allow continuity. - Bhavna Juneja, Infinity, a Stamford Technology Company
11. Include people management in your recovery plan.
In tech, we often get lost in the 1s and 0s. We often forget that our core systems run on our peopleware, not our software. Make sure you have a robust plan for how to manage the long hours, lack of sleep and time away from family that it may take to recover. Have appropriate flexibility with PTO and contingencies. Good software is easily replaced; good people are not. -José Morey, Liberty BioSecurity
12. Coordinate with third parties and partners.
Organizations fail to realize that third-party partners and vendors can play a critical role in your disaster recovery plan. Lawyers, forensic teams and compliance personnel are all instrumental in restoring critical systems in the event of a breach or failure. Effective third-party coordination means conducting regular fire drills and testing recovery processes to validate effectiveness. - John Shin, RSI Security
13. Have a strong resilience posture.
The operational foundation for recovery is having a strong resilience posture to start with. The “toolkit” for that is a segmented architecture that allows recovery of multiple pieces in parallel, an offsite/offline backup of security and network configurations, and the ability to execute automatable detection and mitigation across the edge, core or cloud to correct persistent problems. -Philip Quade, Fortinet
14. Communicate with stakeholders outside the ‘war room.’
Don’t underestimate the importance of communication with more far-flung stakeholders. Often, the “war rooms” during disasters exchange rich communications with those who take action to mitigate the disaster. However, ensure that some team members are also assigned to communicating more broadly with outside stakeholders. - Steve Pao,Hillwork, LLC
15. Perform frequent threat analyses.
Performing a threat analysis is the first step towards building a robust business-continuity plan. Identify risks to the business and prioritize them; it then becomes easier to recognize where to invest risk-mitigation resources. Documenting the plan, training personnel, and testing and updating the plan annually are also necessary elements of successfully overcoming disasters. -Arshad Noor, StrongKey
16. Automate your data backup.
A resilient disaster-recovery plan accounts for the worst-case scenarios. In tech, almost nothing is worse than losing your data. To combat this, use an automatic data-backup system. You never know when something could go wrong. But even if you get knocked down, being able to easily recover your data allows you to quickly get back up. - Marc Fischer, Dogtown Media LLC