Disasters will happen.  With a Southern California locale, Compass Consulting is no stranger to earthquakes, wildfires and other natural disasters.  Other regions of the country contend with hurricanes, tornadoes, and similar catastrophic events that can cripple a business’ fragile infrastructure in seconds.  Sadly, this does not even begin to address manmade disasters – acts of war/violence, terrorism or malware malfeasance – all too real in today’s world.  The common factor between them all?  For the unprepared firm, a disaster is an unplanned, cataclysmic event with the ability to disrupt or devastate a company and its valuable resources.

Disaster Recovery…Or,

Traditionally, Disaster Recovery strategies have been the IT world’s solution-of-choice for combatting calamities.  Well-prepared organizations armed with a solid Disaster Recovery Plan rest easy in the confidence that system outages are temporary and restorable.  According to a 2014 Tech Target article, the concept of disaster recovery is, “all about the strategy used to minimize the effect of disruptions and restore mission-critical business functions after a disaster.” (“What’s the Difference Between Disaster Avoidance and Disaster Recovery?” 11/24/2014).  For example, a conventional disaster recovery plan might require key business applications to be restored to their former functionality within X minutes after a disaster occurs while sacrificing Y minutes of data backup.  In this equation, X is commonly known as the Recovery Time Objective (RTO), or specified amount of time in which a business process must be restored in order to avoid unacceptable consequences associated with the break in continuity, while Y is the Recovery Point Objective (RPO) a specific moment that must be recovered from backup for normal operations to resume in the case of such a system failure.

Actual RTO and RPO objectives vary by company depending on each firm’s specific business needs.  More specifically, an organization’s precise RTO/RPO goals should be tailored to their unique hardware framework and financial means.  Again from Tech Target, “[O]rganizations with many critical applications under short RPO and RTO requirements must typically invest substantially more in hardware and software infrastructure to achieve those objectives compared to a business with few important applications and liberal recovery objectives.”  Whether protecting a small office of five employees or a multi-national firm spread across three continents, a DRP must adequately address how a business will continue operating in the event of a disruption, plus address the best way to protect the technology so it can quickly recover.   A visit to the Compass Consulting website offers supplemental DR information including complete Disaster Recovery subpage and blog post, “Disaster Recovery: Does yours Pass or Fail?”

…Disaster Avoidance

More recently, IT pundits have been touting a different side to the same coin.  Namely, Disaster Avoidance – what if a disaster can be avoided altogether?  In the event of an automobile collision, comprehensive insurance exists to repair the damage and get one back up and driving (Disaster Recovery).  But what if the accident could have been prevented through the implementation of safety courses, upgraded vehicle technologies such as lane departure warnings, traffic laws, and other risk mitigation strategies (Disaster Avoidance)?  Logically, companies can integrate similar risk avoidance strategies for their IT networks.  “By comparison, the idea of disaster avoidance is all about the efforts involved in preventing disaster-based disruptions in the first place. The discussion is about “resilience” rather than recovery — maintaining application availability in the wake of foreseeable disruption” (Tech Target, 11/24/2014).  Virtual machines and cloud-based servers present a good example of Disaster Avoidance options.  When faced with potential disaster, the workloads on a virtual server can be migrated to others, maintaining the integrity of the original system and preventing hardware failures.  Similarly, scheduled automation in the form of backups, security updates and patches represent another reliable form of DA when strict guidelines are followed:  1) If they aren’t done automatically, they aren’t done at all; 2) Untested procedures fail when they are most needed; 3) Every company needs multiple back up processes rather than a single procedure (Compass Consulting website, Disaster Recovery).

Which Option Is Better?

The answer may seem simple and obvious: why not incorporate a two-pronged approach utilizing the best in Disaster Avoidance and Disaster Recover technologies?  After all, if DA can prevent myriad disasters from occurring, it seems reasonable to couple it with a solid DR plan that can mop up the rogue disruption event finding its way through.  Unfortunately, the answer is much more complex than that.  A key consideration in both cases is “foreseeable” disasters. It is often not realistically or economically feasible to plan for every conceivable disaster, so disaster planning strives to protect businesses against the most probable situations.

As a general rule, Disaster Recovery typically offers the widest variety of implementation and price options and used by organizations that can tolerate a level of productivity disruption or data loss. However, it cannot be overly emphasized that DR must be routinely tested and practiced to ensure that the plan works as expected.  Disaster avoidance, on the other hand, is often the more aggressive and expensive form of disaster preparedness, because multiple servers and clouds must work collectively and cooperatively to supply and share resources and tasks. Moreover, IT administrators are generally able to stay current on all systems and configurations since all resources are continuously running.  Even large enterprises with sophisticated disaster recovery strategies and architectures may find it more advantageous from a resource and cost perspective to rely on cloud-based DA.

So an organization’s decision in choosing Disaster Recovery vs. Disaster Avoidance must be guided by workflow needs (such as RTO and RPO) as much as regulatory requirements and financial considerations. A company that simply cannot afford to be down can consider a Disaster Avoidance route, while less demanding businesses can potentially save money and simplify their infrastructure with more traditional Disaster Recovery deployments.  Contact Compass Consulting for guidance through the decision as we tailor a risk management strategy that is the ultimate in disaster preparedness.

Additional Notes

Consider these steps in implementing an effective DR plan:

(rephrased from Ingram Micro’s “The three-step data center disaster recovery cheat sheet” 6/11/17).

1. Data replication: Ensure that the latest copies of data can be accessed following the 3-2-1 data replication standard: Three copies of the data, two different storage types and one copy located remotely from the source.
2. Recovery time: Determine how much downtime your business can accept. One business may find that only 2-3 minutes are acceptable, while others can tolerate a day.
3. Documentation: To keep business operational, your documented processes and procedures should plan for the worst. Documentation is the most overlooked part of any DR plan and should include a central contact person/number. That individual should retain a copy of the DR plan so resources can be deployed as needed.

Consider these suggestions in implementing an effective DA plan:

(rephrased from Ingram Micro’s “Disaster Avoidance Strategies for the Data Center” 1/28/19).

• Physical facility inspection and maintenance—Lack of electrical maintenance is the primary reason for catastrophic failure.   Therefore, electrical connections should be checked annually and physically upgraded at least every three years.

• Disaster avoidance infrastructure implementation—No hardware and software is totally resistant to the effects of a disaster.  But companies can strive for “fortress-grade”—starting with enterprise-class, fault-tolerant, and highly resilient equipment and supporting it with uninterruptible power supplies, emergency generators and backup cooling systems.

• Cloud-based solutions—Reliance on the cloud for business continuity assurance is a smart strategy. The cloud offers easy data backup, fail-over of servers and the ability to maintain a “secondary” data center for disaster recovery.