Enhancing Disaster Recovery Solutions for Business Continuity

Cyber Threats Keep Raising the Stakes for Disaster Preparedness. Meet a Manufacturing Company that Took Action.

When disaster strikes and mission-critical server hardware and applications go dark, cost adds up fast.

Four out of 10 companies that replied to a large, independent survey on the hourly cost of downtime reported amounts exceeding $1 million, exclusive of any legal fees, fines, and penalties. The survey by Information Technology Intelligence Consulting (ITIC) also found only 1% of organizations, primarily very small businesses, estimated the downtime cost per hour to less than $100,000.

Those figures demonstrate the crucial importance of an effective disaster recovery plan. The past few years of global calamities, from increasingly sophisticated cyberattacks to natural disasters, have underscored organizations need to not only strategize but actively prepare for worst-case scenarios. But what does it take to fortify an organization against potentially business-ending disasters, quickly recover from operational disruptions, and ensure business continuity?

How to Create a Disaster Recovery Strategy

For a real-world example, take the disaster recovery plan that we implemented for a client, an American specialty chemical manufacturer based in North Carolina. In this case, it was the customer’s transition from ECC solutions on Oracle to SAP S/4HANA that prompted the need for multiple disaster recovery strategies.

To safeguard the client, we devised a dynamic plan that included the strategic deployment of data backup, cloud-based solutions, DR-as-a-Service (DRaaS), and effective time recovery management. In this post, we’ll take a closer look at the significance of each piece.

Defining Disaster Recovery and the Role of Key Metrics

Disaster recovery in the context of information technology refers to the strategic set of policies, procedures, and tools designed to restore vital data and systems following a catastrophic event. The effectiveness of such a plan rests on balancing two key metrics: Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

While RTO is the target time set for the recovery of IT and business activities after a disaster has occurred, RPO refers to the maximum acceptable age of files that must be recovered from backup storage for normal operations to resume.

Those metrics, in turn, inform what happens next since they essentially define a business’s tolerance for downtime and data loss.

Weighing the Options: Hot DR vs. Cold DR

The choice between hot and cold disaster recovery depends on several factors, including the criticality of specific systems, RTOs, RPOs, and budgetary constraints. Many businesses, like our client, often use a combination of both strategies, reserving hot disaster recovery for their most critical systems and applications while relying on cold disaster recovery for less critical components. This blended approach allows for a more cost-effective yet resilient disaster recovery plan.

Hot Disaster Recovery: A Rapid Rescue for Critical Business Operations

If a business has a very short RTO, meaning it requires rapid recovery to maintain operations, it is more likely to choose a hot disaster recovery solution. Hot sites provide almost immediate recovery because they operate parallel to the primary site, significantly reducing downtime. The secondary site is essentially a mirror image of the primary site, with duplicate hardware, software, and data.

Hot DR also tends to be a good fit for businesses with a low RPO, which indicates a need to minimize data loss. Continuous or near-continuous data replication to a hot site guarantees the availability of the most recent data for recovery.

As a general practice for all our clients, we copy virtual machines (VMs) and maintain a real-time replication of databases from the primary site to the secondary site, ensuring instant availability and accessibility.

Cold Disaster Recovery: A Practical Choice for Balancing Cost

Businesses with a more flexible RTO, where some downtime is acceptable, might opt for cold disaster recovery. In these cases, it takes longer to bring systems online and restore data from backups. In fact, it may require a significant amount of time to complete the data recovery process since the secondary infrastructure or data center typically only springs into action in response to a failover event.

Similarly, a cold disaster recovery may also suffice if the RPO is more lenient. Although not continuously replicated, daily backups of databases and VMs, as well as duplicate copies stored both on- and off-site, provide a level of security that some businesses are satisfied with.

Considering the Benefits of Cloud-Based Disaster Recovery

Cloud-based disaster recovery offers the flexibility to choose between hot and cold setups. Again, the decision hinges on how critical the systems and data are (determining acceptable downtime and data loss), as well as budgetary considerations. Cloud environments, with their scalable and on-demand nature, provide an efficient and versatile platform for implementing either type of disaster recovery plan.

By using cloud providers like Google Cloud Platform, Microsoft Azure, or AWS, this solution offers easily accessible resources at a lower cost, eliminating the need for on-site hardware investments. However, restoring data back to in-house infrastructure may be more expensive. In a hybrid environment, using cloud-based DR requires additional effort and configuration for failovers.

DR-as-a-Service: A Turnkey Solution for Disaster Preparedness

A popular model within cloud-based DR is DR-as-a-Service, where third-party service providers offer complete DR services through the cloud. This includes not just data backup, but also full replication and hosting of physical or virtual servers, ready to be activated in case of a disaster.

For companies that would rather not manage their own disaster recovery and complexity of backups, DRaaS offers a viable alternative. This is, after all, why our client entrusted us with the task. Although the frequency of backups may vary, it relieves companies of managing hardware and infrastructure.

Key features include:

• Replication: The replication of critical data and IT infrastructure from the organization’s on-premises environment to a secure off-site data center ensures data and systems are available even if the primary site experiences an outage.
• Automation: In the event of a disaster, the automated failover and failback of systems and data means the DRaaS solution can automatically switch over to the replicated environment, minimizing downtime.
• Monitoring and Management: The DR environment is always up to date as a result of DRaaS monitoring and management tools that keep track of the replication status, system health, and readiness for failover
• Testing: Non-disruptive, regular testing validates the recovery process and integrity of the DR plan.

Building Resilience Amid Escalating Cyberattacks

Considering the alarming rise in cyberattacks, any disaster recovery plan must take such scenarios into account. According to the latest IBM’s Cost of a Data Breach Report, 83% of organizations reported experiencing more than one data breach in 2022. The average cost of a breach for American organizations also reached a record high of $9.48 million this year, far above the global average of $4.45 million, Statista reports.

Point-in-Time Recovery (PITR)

With so much at stake, we created a DR plan for our client that prioritizes the restoration of systems and data to precise moments; in this instance to a state just prior to a cyberattack. Point-in-time recovery (PITR) is a critical feature in disaster recovery and backup solutions, ensuring business continuity and reducing potential data loss. To deliver PITR as part of our DR-as-a-Service, we leverage Zerto, a popular disaster recovery and data replication platform, known for its continuous data protection capabilities. As a result, we can perform:

• Continuous Replication
• Journal-Based Recovery
• Selecting a Recovery Point
• Recovery to Chosen Time
• Testing and Validation
• Automation

Backup Externalization

To reinforce the resilience of the plan, our team implemented a practice known as “backup externalization.” The storing of backup data in an off-site location, often in a remote or cloud-based environment, not only ensures the data is safe and accessible but also reduces the risk of contamination across primary and secondary sites. This approach aligned with our client’s decision to integrate secondary backup hardware within their dedicated disaster recovery site.

Backup Retention

In collaboration with our client, we also determined the ideal backup retention period. Balancing storage costs with recovery requirements, our client wisely chose a two-week schedule of daily backups, complemented by monthly backups for a year. For long-term retention, five-year archives for annual backups were established — a prudent strategy to boost defenses against potential cyber threats.

Final Word

A robust disaster recovery strategy is the antidote to unforeseen events. With businesses under siege from threat actors and the cost of data breaches on the rise, the importance of fast, effective action cannot be overstated.

We built cyber resilience into the plan that now safeguards our client. With the deployment of data backups, cloud-based solutions, DRaaS, and time recovery management, the client can quickly recover should disaster force operations offline. To stay ahead of evolving threats, we continue to refine and adapt our disaster recovery strategies. The work to secure business operations never stops.

Contact oXya

Do you want to learn more about oXya’s approach to disaster recovery and how it can benefit your operation? We would love to hear from you. If you are in the US, reach out to our US-based team at marketing-usa@oxya.com. If you are in the EMEA region, reach out to our headquarters team at contact@oxya.com.