By Jon Thordarson, European Technical Support Manager at KeepItSafe
August 06, 2015

KeepItSafe Cloud Backup Expert Tips: Business Continuity and Disaster Recovery Action Plans

Business continuity planning is a process that is considered imperative in a world that is information dependent; globalized, vulnerable to acts of terrorism and anxious about the impact of climate change on the earth in general, and the business in particular. The events of 9/11 made urgent the need for disaster recovery plans or business continuity plans for every type of business and brought into sharp focus issues of safety of people and materials. Most businesses were forced to realize that the survival of the organization depended on its business continuity plans. Therefore, the focus of Business continuity planning is–preparation against contingencies, natural and man made. It often begins with a growing awareness that the core of the business lies in the digital information and is driven by an overwhelming fear of losing this precious repository of information.

A digital disaster recovery and business continuity action plan begins with a listing of all possible disasters that can befall the data deposits of the business. The list could read as under:

Data backup disasters can be natural or man made:

a. Natural Disasters include earthquakes, tornadoes, floods, typhoons, hurricanes and other kinds of natural calamities that can destroy the data center and the machinery within.

b. Man-made Disasters include arson, accidental fire, flooding or deletion of data. Terrorism, Virus attacks and efforts at hacking into the systems by unauthorized persons with intent to destroy/ tamper are also to be treated as man made disasters.

A high level action plan to guard against the disasters stated above will perhaps be presented as under:

1. There is a need for creating hot sites or cloud backup sites that replicate transaction data on a continuous or near continuous basis. Guarding against natural disasters demands that data is replicated online to our own servers or cloud backup company servers, continuously and stored offshore, in geographically and seismically divergent zones.

2. The hot site should be configured to kick into operation the moment the main site goes into disaster mode. In the event of disaster to the main site, such hot sites (defined in 1) should be fully equipped to restart the access to data and continue the operations of the business, using the data replicated on to remote cloud backup servers.

3. The hot site should cease to operate the moment the main site comes to life. If the damage to the servers of the main site is temporary, the hot site should kick into operation only for the limited period till the damage to the main server is rectified and seamlessly brought back into operation.

4. All employees of the data center (operating the main site and hot sites) must be trained to service the demands of the employees across the enterprise. For this purpose the staff in the hot site must be aware of and must work in tandem with the staff at the main site all round the year, so that they are able to service data operations seamlessly from the hot site or offshore data repository in the event of disaster.

5. Disaster recovery roles must be clearly defined. The roles and responsibilities of the different employees (manning the data center) during disaster should also be clearly spelt out, so that each of them proactively perform their role. If cloud backup services are used, the Service Level Agreement (SLA) must clearly spell out the roles and responsibilities.

6. Disaster recovery drills must be made as frequent as fire drills are. For this purpose, the staff must be trained in disaster recovery procedures at regular intervals, so that they participate effectively and appropriately in the disaster recovery operations. In case third party backup services are used, the SLA must clearly detail the role of the service provider in the event of the disaster.

7. Security of data must be made a top priority. Unauthorized access to data in the main site and in the hot sites must be safeguarded with physical and digital security. Cloud backup service providers, too, must inform the client about the kinds of security protocols they propose to implement and such details must be set out in the SLA that is signed with the client.

a. Anti virus software as appropriate should be installed to prevent virus attacks on the systems and the data repositories both at the main site and in the remote cloud backup server being used.

b. Unauthorized access to the systems must be prevented by putting in place elaborate authentication and authorization protocols in both on-site and off-site servers.

c. Physical access to the data centers must be limited physically and only authorized personnel must be permitted entry into the data centers–remote and on-site.

Interestingly, the high level action plan will only be the first step in the direction of creating a complete disaster recovery plan. Each of the items mentioned in the list above, will be further broken down into actionable components and roles and responsibilities as the implementation of the plan will be assigned to individual employees. Testing schedules will be designed to check whether the plan performs well under mock disaster conditions and simulated disaster conditions. The plan and the sub-plans will be iteratively fine-tuned till perfection or near perfection is reached and everyone assigned the responsibility of assisting in disaster recovery knows just what they need to do.

It is also important to understand that business continuity and disaster recovery management lists are never complete. The above list too, cannot be considered complete for a variety of reasons. The main reason being: newer dangers to the data demand new disaster recovery protocols and modifications to existing protocols. In short, the more number of disasters a business is prepared for, the greater the detail of its recovery planning, the more resilient the business will be.

About the Author:
Jon Thordarson, KeepItSafe’s European Technical Support Manager, has over 15 years as an industry executive. He is an expert in the world of online backup and data protection. Prior to leading the development of technical infrastructure at KeepItSafe®, Jon co-founded and served as CTO for SecurStore – a leading provider of cloud backup services for enterprise networks. Thousands of businesses trust Jon’s guidance with fluctuating data-compliance requirements through the online publication, “EU Data Protection Regulation”. As a principal contributor, Jon identifies the challenges and opportunities of the EU Data Protection Regulation, while providing expert advice for readers to meet new compliance standards. Visit KeepItSafe’s website here:



Tags: , , ,