Disaster recovery confidence crisis is wholly avoidable

A lack of rigorous disaster recovery testing by UK organisations is leaving a large chunk of plans unfit for purpose says Peter Groucutt.

Peter Groucutt, managing director, Databarracks
Peter Groucutt, managing director, Databarracks

The latest research from the Cloud Industry Forum (CIF) reveals a distinct lack of confidence in disaster recovery (DR) and backup capabilities. The survey, which questioned 250 senior IT and business decision makers, asked participants to identify which applications represented the biggest risk to their business in the event of failure. DR and data backup services were ranked the highest priority amongst those surveyed.

This concern is largely caused by a lack of rigorous DR testing by organisations in the UK, which is leaving a significant proportion of plans unfit for purpose, rather than any failings with the DR services themselves. 

This research from CIF provides an insight into the variety of attitudes towards disaster recovery. While it is encouraging to see organisations embracing the business value that DR brings, it does also suggest that concerns over the reliability of a plan could be fuelled by a simple lack of confidence in their ability to execute it.  

The findings from the most recent Data Health Check revealed that from over 400 IT professionals in the UK, 88 percent of those with a business continuity plan (BCP) in place had a specific IT DR plan outlined within it, with a further seven percent planning to implement this within the next 12 months. It's great to see increasing numbers of organisations factoring disaster recovery into their continuity plans, but simply having a plan in place is not enough.

Unfortunately, when it comes to disaster recovery, too many organisations treat it as a documentation exercise. Our research revealed that a significant proportion of organisations, notably SMEs, were not carrying out regular testing on their DR plans. Predictably, the impact of not testing had a huge knock-on effect, whereby only 28 percent of non-testers were “very confident” in their plans compared to almost 60 percent of those who regularly test.

Without testing your DR plan, you have no idea if it's actually going to be fit-for-purpose in a disaster, no matter how impressive or sophisticated the technology is. Testing highlights weaknesses in a DR plan, enabling businesses to address them before they have the chance to do any damage in a real scenario. Businesses need to test their DR plans at least once a year; however regularly updating critical information like roles, responsibilities and contact details is essential. That way, anyone who happened to pick up your plan during a disaster would know exactly what the necessary steps to take are, and how to implement them properly.

We often hear that SMEs don't have the same budget or time for DR planning and testing that large enterprises do. It's crucial that SMEs have the same access to the planning tools needed to build a robust BC/DR plan, regardless of these restraints. Simulators can be used to enable IT teams to test template DR plans against different disaster scenarios to see how they would cope, encouraging them to adopt DR best practice and incorporate the tips they pick up into their own disaster recovery plans. It's not exhaustive, but it provides a great foundation for further testing, and will ultimately serve to improve confidence in DR capabilities.

Any perceived lack of confidence in DR systems can ultimately be traced back to a lack of testing and planning, but this lack of confidence in the capabilities of BC and DR solutions can be easily remedied. By thoroughly and regularly testing disaster recovery plans, businesses' confidence in such strategies will significantly increase. 

Contributed by Peter Groucutt, managing director, Databarracks