(By Archana Mehta, CMO at Recovery Point) Does your organization suffer from mirages of overconfidence when it comes to your disaster recovery strategy?

Gartner characterizes disaster recovery unknown/knowns as “mirages of overconfidence” often caused by lack of transparency, communication breakdowns and just checking the boxes rather than striving for continuous improvement.

The classic example is disaster recovery theater. Teams go through the motions of the same DR exercises but aren’t truly prepared for even basic scenarios.

DR Planning 101

Your DR plan doesn’t have to be complicated. The basics include determining what order various platforms must be recovered and also making sure that all applications are featured, especially the interdependencies.

According to a recent Gartner survey, 86% of I&O leaders self-assessed their recovery capabilities as meeting or exceeding CIO expectations. Yet only 27% of that group consistently undertook three of the most basic elements expected of a DR program: formalizing scope, performing a BIA to acquire business requirements and creating detailed recovery procedures. This means that over 54% are likely suffering from mirages of overconfidence.

Often mission critical applications are missing data or connections to less critical applications in DR plans. Consequently, the entire environment can’t be recovered quickly. Another pitfall is not testing your DR plan often enough since it can be expensive and disruptive. (Think about how much money your organization will lose if you don’t regularly test?)

BIA and DR plans are living documents so they must be continually fine tuned to mirror your IT environment evolution. Consider growth, acquisitions, business process changes and technology updates.

Disseminating information is critical during a DR event. Part of your plan is determining who is in charge and defining clear lines of communication. A robust DR test will expose any failures in command and control.

How to Improve Resilience

According to the same Gartner survey, organizations with a solid disaster recovery program are 40% more likely to demonstrate a stronger overall resilience posture in other areas of reliability and tolerability.

Gartner recently published their findings on IT Resilience — 7 Tips for Improving Reliability, Tolerability and Disaster Recovery. Below is a synopsis of the article.

Key Takeaways

Organizations want to be more resilient with many initiating IT resilience improvement efforts. However, perspectives differ on what the term actually means.

Teams struggle with where to start from a programmatic perspective for improving IT resilience.

Resilience is seen as an IT-only problem; teams are unclear on how much resilience is enough.

Reliable, Tolerable and Recoverable

Gartner describes IT resilience as being reliable, tolerable and recoverable. Their research helps I&O leaders launching IT resilience initiatives with these seven pragmatic tips:

  • 1. Get Support: Avoid leading with risk. Focus on quick wins, iterative improvement and co-created risk narratives to build credibility and buy in.
  • 2. Adaptable Production Readiness: Developing a solid adaptable production readiness process is key to averting potential reliability-impacting mistakes. It’s central to creating incident response and reducing mean time to detect (MTTD) and mean time to repair (MTTR) as well as combating potential configuration drift that often suppresses DR efforts.
  • 3. Evolve Beyond Disaster Recovery Theater (discussed above)
  • 4. Cybersecurity Resilience: Cybersecurity requires additional levels of thoughtfulness as it relates to recovery. All data centers, systems and data may be up but not accessible, so there’s nothing to failover to. Backup systems also could be compromised during an attack.
  • 5. Topology Mapping and Performance Monitoring: Topology mapping’s ripple effect is seen across nearly every area of IT resilience from facilitating business value and technical debt decisions to identifying potential single points of failure (SPOFs), and underpinning application-level disaster recovery plans.
  • 6. Address SaaS Gaps: Take a deep dive into your SaaS providers and see how they comply with your resilience plans. Make the necessary adjustments since SaaS vendors rarely provide reassurances for recovery.
  • 7. IT Resilience Risk Management and Metrics: A solid program includes accountability and transparency in active IT hazard discovery, management and resilience prioritization.

Want input on your organization’s DR plan? Contact Recovery Point at 877-445-4333 to talk to an expert.

You Might Also Like

Leave a Comment