If you run a website or maintain servers, you’re under constant pressure to be productive. Every second of your working day is taken up with servicing your users, adding new features, or simply maintaining the status quo. There isn’t much time left over to plan for the future. There is even less time to think think about what might go wrong. Most of us would rather not think about potential disasters at all, choosing instead to focus on the positive aspects of our work.
That’s understandable, but it’s also a recipe for catastrophe. It may be unlikely that your servers will go down, that you’ll suffer a critical data loss or security breach, but on a long enough timeline, it’s going to happen. Incredibly unlikely events happen to people every day, and one day it’ll be your turn. You’ll be grateful that you took the time out of your busy schedule to create a disaster recovery plan.
Your recovery plan needn’t be complex. It’s simply an appraisal of likely failure scenarios for your infrastructure and a set of plans for maintaining your service if those scenarios occur. The most obvious example is backups — do you have adequate backups to recover if you suffer a data loss? Can they be easily restored? Are there backups in more than one location? You should have recovery plans that cover all aspects of your infrastructure, security, and personnel.
A major benefit of building a disaster recovery plan is that it forces you to think about what could go wrong and what the limitations of your current system are. Without the exercise, it’s possible that that there are hidden flaws within your infrastructure and security planning that you are entirely unaware of. The process of developing a disaster recovery plan can make it less likely that a disaster happens in the first place, because you’re able to spot and mitigate potential risks.
Disaster recovery plans are not a one-and-done process. As your business, its infrastructure, and its vendors change over time, so must your business continuity, risk mitigation, and disaster recovery planning. Disaster recovery planning should be a day-to-day part of your business activities. Risk scenarios and recovery plans should be re-evaluated regularly, both to maintain their viability and to ensure that they evolve with changing circumstances.
In previous articles, we’ve written about the necessity of maintaining a patch management strategy, but patch management is just one part of the broad and deep efforts a company must make to build disaster mitigation and recovery plans and ensure that it stands strong in the face of potential disaster.
Image: Flickr/M Hillier