Debunking the Top 5 Disaster Recovery Plan Myths

Jaime McMahon

The disaster recovery statistics from 2017 were quite staggering. With global ransomware attacks like WannaCry and NotPetya infecting thousands of machines around the world, we all saw just how vulnerable companies can be. And, unfortunately, those types of attacks are predicted to get worse, not better, over the coming months and years.

It’s times like this when executives begin to understand the importance of being prepared for potential disaster. But, mention a disaster recovery plan to them, and they aren’t always as receptive as the situation warrants. Why is that?

It could be because the myths surrounding disaster recovery plans are still quite engrained in today’s technology-enabled society. If that’s the case, read on, because we’re debunking the top five disaster recovery plan myths and setting the record straight.

Myth #1: A disaster recovery plan is only useful when it addresses major events, such as natural disasters, or fires and floods.  

Reality: Believe it or not, natural disasters, fires and floods aren’t the most common threats to continuity. Instead, the threats come from smaller, more common things, such as hardware and software failure, network outages, or power outages.

According to InfoTech, 45 percent of service interruptions in 2017 were caused by software and hardware issues. Conversely, only 12 percent of incidents were caused by major events. And bear in mind that 70 percent of data center outages are directly related to human error, too.

Disaster recovery planning, therefore, needs to take into consideration your organization’s overall service continuity. Of course, as an executive, you need to plan for major disasters, too, but don’t overlook those less dramatic, more common causes of service interruptions.

Myth #2: Disaster recovery plans are a separate entity from your organization’s normal day-to-day operations.

Reality: You need to make sure that you can maintain service continuity at all times, and that starts with day-to-day service management. Disaster recovery plans encompass both the large things (recovering your data center after a fire), and the smaller, but no less significant, ones (getting your team back up and running when your on-premises hardware fails).

Does your team know when to move from the normal, day-to-day service management procedures, and start disaster recovery procedures based on your disaster recovery plan? Create a clear DRP so employees will be able to react in a more timely and appropriate manner when an actual disaster strikes. Putting guidelines in place, such as severity definitions, or escalation rules, will help you to meet your necessary Recovery Time Objectives (the maximum time from which you declare a disaster to when your systems are back up and running) and Recovery Point Objectives (the maximum time in which data may be lost due to a system outage).

Myth #3: A disaster recovery plan isn’t required because your organization already backs up its data.

Reality: How frequently are you actually backing up your data? The important thing to note here is that a lot of businesses aren’t doing a frequent enough back-up of their data for that option to be any sort of disaster recovery solution.

The truth is, backing up your data is only part of your disaster recovery solution. To ensure that you’re fully covered in the event of an incident, you also need to have a detailed plan for how you’re going to access your back-ups – how you’re going to failover to your backup, then failback when the crisis is averted.

The good news is, there are solutions available for organizations of any size to help formulate or modify their DRPs. Check out this short video on Azure Site Recovery and how it compares to other disaster recovery solutions out there, or watch the full on-demand webinar at your convenience.

Myth #4: An effective disaster recovery plan starts with first identifying and evaluating your potential risks.

Reality: Believe it or not, a disaster recovery plan isn’t supposed to mitigate risks. In fact, a DRP is put in place to ensure service continuity.

Many executives design a disaster recovery plan by the following approach: first, they identify the risks; then they assess the probability of those risks actually happening; and finally, they build a plan that will address and mitigate those risks in the event that they actually occur.

Unfortunately, this risk approach is quite ineffective. You can’t exactly foresee the future, so how could you think of every incident that might occur? And to plan for unforeseen risks can lead to unrealistic scenarios that will result in more costly solutions. Plus, you need to consider how much time it would actually take you to plot out all of those risk scenarios and how you’re going to mitigate them.

To put a DRP in place to ensure service continuity, however, will help you to maintain overall resiliency that will assist in recovering from a potential incident, regardless of the specific risk or incident that actually happens.

Myth #5: Disaster recovery should fall under the responsibility of your cloud services provider or managed service provider.

Reality: This myth takes into consideration that you have a managed services provider, or a cloud service provider, of course. But, if you do, disaster recovery planning may not be a part of your services agreement with them.

Many managed services providers and cloud services providers would be happy to provide disaster recovery services as well, but until you can verify that, it’s important to make sure that you have adequate disaster recovery planning.

Jaime McMahon is vice president of sales and marketing at ProServeIT Corp., where he handles the strategic planning of ProServeIT‘s sales and marketing activities. With an interest in disaster recovery as a solution (DRaaS), he strives to help customers adopt cutting-edge technology that helps them manage their advanced cybersecurity risks and also secures their identities, data, and devices. ProServeIT can provide customized solutions that help customers expect the best as they prepare for the worst. Follow Jaime on LinkedIn or @ProServeIT on Twitter.