Regardless of whether your business is big or small, there’s always a chance of disaster. The disaster can be natural or man-made, but shrewd preparation is your best bet for warding off sheer calamity. To ensure you have every conceivable situation covered, it’s prudent that you set up a thoroughly vetted network disaster recovery plan. A network disaster recovery plan ensures that IT services can be backed up and put back online as quickly as possible. Every good organization has an IT recovery plan, and a network disaster recovery plan is just one element of this plan, albeit a crucial one. Show
There are various natural reasons for a disaster—such as fire, flooding, and earthquakes—but a major reason for network disasters beyond the scope of our environment is the nature of hardware itself: namely, technology failure. But technology failure can also occur as a result of malicious attacks from malware or hackers, and sometimes it can even be a result of naivety or incompetence on the part of the network administrator. There can be many reasons for network disaster, but every business needs a plan to recover from a worst-case scenario. In this article, we will discuss how to recover when your business is hit by a network disaster as well as make sure that the plan itself is watertight in the first place. Setting up a planA major mistake made by many companies is not having a network disaster recovery plan in the first place. There are many reasons why they opt not to have one. The plan costs money, time, and effort. Company executives who only have their eyes on the bottom line don’t think far enough ahead and decide it is not worth the investment of time and money to protect the company from disaster. Tight-fisted CEOs will happily cut corners by gambling that such a catastrophe won’t happen to them, but this is like driving a car without insurance: risky and ill-advised. No one knows when a disaster may occur; consequently, if there is no recovery plan for such a disaster, the business will suffer immensely once such a disaster does occur. And given enough time, it will. Before we take a look at how the plan should be constructed, we want to make an important note. There are a lot of initialisms, such as Business Continuity Plan (BCP) and Business Impact Analysis [BIA]) throughout this article. Generally speaking, such initialisms are fine—or even welcomed—but it is my opinion that the sheer amount of initialisms that would have to be remembered in this article while reading would be a source of frustration, not convenience. Hence I have opted to write out all terms fully rather than shorten them as initialisms or acronyms. The first step is to have a business continuity plan. But before a business continuity plan is drafted, one should carry out a business impact analysis. This analysis aims to differentiate between critical and non-critical functions. The lost income is estimated by the business impact analysis. After the impact analysis is ready, it’s time for risk and threat analysis. There could be many risks and threats both before and after a failure. Nobody is sure that only a certain type of impact will happen after a disaster. As such, the plan needs to analyze every type of impact that can occur before, after, or during a disaster. Each type of risk and threat needs to be carefully analyzed before going ahead. Every recovery plan should have a budget. The cost of failure gives an approximation for this budget. There are two important goals that need to be set while considering your options: cost and benefits. A recovery point objective is a level of data loss that is expressed in time. For example, “one day of data”. Recovery time objective is the time limit that stakeholders are likely to accept a loss of service. The leaders of a business are responsible for the company’s recovery point objective and recovery time objective. These two goals are necessary for a recovery plan. The recovery point objective will help in estimating how much data could not be recovered. Data is always important for a business, and it is essential to assess and take stock of how much data was recovered and how much was lost. After a disaster occurs, a company needs a certain amount of time to recover from the loss. The recovery point objective gives a time estimation for the recovery. Hopefully, with careful backup and planning, the loss under many scenarios will be minimal. Another important task is to create a list of impact scenarios. Each service in the company has a specific list of impact scenarios. You need to analyze all of the possible aftermaths from impact scenarios that can arise from varying types of disasters. This list deals with such needs. Starting phase: recovery strategyAfter the business continuity plan, you are ready to start the network recovery plan. The very first phase is the recovery strategy. Follow these steps carefully to ensure that you develop a solid recovery strategy.
As instructed before, you should have created a list of impact scenarios. Along with goals set in the business impact scenarios, you can set various strategies, including the following:
There could be many options for the recovery strategy. It solely depends upon the nature of your business. For example, if your office is not available because of a natural or manmade disaster, switch the staff to a home-office or offsite configuration. Use the internet for a network until everything is recovered. This could be a suitable strategy, but obviously it depends on the requirements of your business. If your business has multiple locations and one of them is out because of a disaster, you can switch to another location for the time being, or even spread out the affected employees to minimize impact at the other locations. There could be many viable options, but these options heavily depend upon the nature of the business. Develop the network recovery planWe have already gone over the business continuity plan and recovery strategy, but now it’s time to develop the network recovery plan. To put things concisely: modern businesses usually have a lot of data. In some cases, entire companies can be laid to waste if their recovery plan is obsolete or non-existent. Whenever a network disaster occurs, you need to be ready to handle the data. Data backup is the best you can do to save as much data as possible before everything is lost. However, it is also crucial to stress how important regular backups are. For example, it does little good doing only monthly backups for a daily newspaper. You need to select a backup schedule that makes sense for your business. In some cases, hourly backups might not suffice; instead, real-time cloud backups are needed to completely eliminate the risk of any data whatsoever being lost. There are almost always multiple departments in a business. While you are saving the data, other departments should be saving receipts, paper invoices, and other physical records that might keep some records archived without needing the network. Some disasters (such as a fire) would rule out this possibility, which is why it’s important to be thorough in your plan. You might already have a pre-existing plan containing recovery point objectives and recovery time objectives, but these are always subject to change and should be checked routinely, not just after a disaster when it may be too late. TestingThis is important. A disaster can occur at any time, or it may never occur during the operation of a business. But just setting out the plans is not enough—you need to also test the continuity plan to make sure that, in the time of a disaster, everything goes smoothly. You might need additional resources, or the staff might need some training before they can handle everything properly during a disaster. There is a variety of methods that can be used to test the business continuity plan. Let’s discuss a few of them.
Typically, there is a discussion of one or more disaster scenarios, during which the responsibilities are outlined, response procedures are reviewed, and necessary improvements are uncovered.
Above are the common testing methods. But one more thing that matters is how often a business should perform these tests. Well, obviously, there are no set rules about this. It depends upon the size of the business, time, industry, staff availability, and resources. However, as a general rule of thumb, testing such as tabletop and walkthrough exercises should be performed annually, while testing multiple scenarios. The scenarios with higher risk should be given priority. The full recovery test is a big process and should be done every other year. This is because it can cost a significant amount of money, time, and human resources, but it should not be avoided altogether. Remember, involve the vendor partners in the testing processes as much as you can. This will not only provide better accuracy and usability but also the feedback received from the vendors can help in making better improvements. Finally, make sure documentation of all testing processes is made. The documentation can be useful for the next time. Plan for each scenarioWe’ve now established the methods to test the business continuity plan, but there is more than one scenario for a given disaster. Obviously, there could be an infinite amount of scenarios, but looking at the most likely scenarios is a good start. It could be a fire that completely destroyed the building, or it could be a hacker attack. Of course, the plan for the fire will differ from the plan for the hacker’s attack. Therefore, there should be a plan for each of the most likely scenarios. Hardware could fail in many ways: mechanical failure, EMP (Electromagnetic Pulse) attack, demagnetization, fire, and so on. The important aspect is how you handle the loss of data. There will be variations in each plan, but there will also be some common elements in each plan. Here are some important steps that should be considered in each plan:
Multiple copies of the plan should be stored in digital format and spread over several sites. If you only have one site, then it should be stored at the backup server, which may be self-managed on a cloud service or managed by a third party as part of a storage and maintenance package. There should also be multiple copies of the plan in hard copy, and they should be spread over several sites as well. If there is only one site, the plan should be stored far away from the primary location. Maintaining the planAs alluded to earlier, a common mistake that many businesses make is not maintaining the plan. Once it is created, it does not mean it will work fine forever. It should never be neglected because the organization and its network can change over time. As such, the plan needs to be updated regularly so that it can work properly in accordance with the changes in personnel, services, equipment, sites, and business processes. There is no specific time for reviewing the plan, but it is recommended that the plan should be reviewed every six months. If there is any replacement in the key staff, the new members should be trained as part of the onboarding process. Moreover, other members of the staff should be notified about the replacements when they occur. The testing process should be made without wasting time if there is a change in the plan. Overall, the plan should be maintained properly, and no aspect should be neglected when there is a change in the plan. Plan securityThe plan is made and everything is where it should be. But what if, say, some kind of malware attacked your digital copies of the recovery plan during a network disaster? Or if the plan was written on paper placed somewhere in the building and that part of the building is not accessible because of some kind of natural disaster? To overcome such situations, you should make sure that the plan is suitably secured in multiple mediums. It might seem wise to have the plan shared among the people within an organization, but make sure none of them has a copy of it on their desktops or in any paper format where it can fall into the wrong hands. The plans should always be kept secure, as a malicious individual could compromise the plan or exploit weaknesses in the plan to wreak havoc on a business (aka industrial espionage). A number of testing exercises will be performed periodically, but do not just expose the entire plan to everyone. To prevent a full leak, only hand out plans to personnel on a need-to-know basis. A single copy of the plan should be placed on a secure onsite server, and a carefully secured backup should be kept offsite for redundancy. At most, give access to three key people with a vested interest in the continued success of the company. Data backupBacking up data is one of the most important tasks at the time of a network disaster (as well as before it). Data is frequently generated in large volumes, and its complexity and scope can change drastically throughout the workday. There is always a risk that data becomes lost, corrupted, overwritten, stolen, damaged through hardware failure, human error, malware, or hacking. To avoid such situations, you need to make an effective plan for data backup. Data backup strategyEarlier, we discussed how important it is to perform data backup on a regular basis. The data backup strategy should be included in the business continuity plan. Here are three integral steps for the strategy to be effective:
Developing the data backup planLet’s look at the key steps for crafting the perfect data backup plan. Identify data on network servers, laptop computers, desktop computers, and wireless devices that need to be backed up. Do not forget to make backups of vital hard copy records; this could include property deeds or license certificates (among other records and documents). This so-called digitization can be accomplished by scanning paper records into digital formats. This should also be backed up along with the existing digital data. The plan should consist of regularly scheduled backups from wireless devices, desktop computers, and desktop computers to a network server. Regular backups will be critical when a disaster occurs. Options for data backupAfter the plan and strategy have been formulated, you need to choose where to store the backups. There are many options, of course, but currently, tapes, cartridges, and large capacity USB drives are common choices. These options can be supplemented with data backup software and encrypted cloud backup through a third-party service. The security level of the backup should be the same as the security level of the original data. There should be no compromise. Device replacementSometimes the disaster can be so severe that all the network devices may get destroyed. The business would need a plan for restarting the network and acquiring replacement equipment. Track all the settings of the switches and routers so it would be easy to set them up again from scratch. Try not to change these settings, or at least monitor changes if they occur. You could run an audit of the settings at regular intervals or as part of a recovery test. An efficient option is to use a configuration management tool to standardize the set up of all the devices. It is always good to have a similar configuration for all the devices. Having different configurations will only increase problems during recovery. SolutionsWe discussed how backup and network configuration management is important and necessary. There are various tools available. Our methodology for selecting a network disaster recovery toolWe reviewed the market for network disaster recovery systems and analyzed tools based on the following criteria:
With these selection criteria in mind, we identified candidate system protection packages. We looked for services that could, individually or in combination, guarantee system continuity.
1. N-able Cove Data Protection (FREE TRIAL)N-able Cove Data Protection is a cloud-based subscription solution that operates data centers globally. It provides quick and secure data recovery. Data compression is used for speed transfers, and strong AES encryption is used for communications. As expected, though by no means true for all backup systems, all data stored is encrypted. That means even the data center staff itself cannot read it if they wanted to or were otherwise compelled to by a third party. Key Features:
The Cove Data Protection service will operate on physical disks and operating systems. It can also back up virtualizations and cloud storage solutions. This tool is structured to make it suitable for use by managed service providers (MSPs) but it will also cater to corporate IT Operations departments. Pros:
Cons:
In addition to being an excellent option for data backup, there is a web-based console available; this is where all the backup and recovery tasks can be controlled. You can start a 30-day free trial. EDITOR'S CHOICEN-able Cove Data Protection is our top pick for a network disaster recovery tool because its cloud location means that it will not be damaged by an environmental disaster on your site. You can move to temporary offices or even log in from your home and get your servers back up and running on the new site. In less dramatic circumstances, this service can help you recover from a damaged disk, accidental deletion, employee sabotage, or ransomware and the click of a mouse. Download: Get a 30-day free trial Official Site: https://www.n-able.com/products/cove-data-protection/trial OS: Cloud based 2. SolarWinds Network Configuration Manager (FREE TRIAL)Another tool that you can download and run on-site, the SolarWinds Network Configuration Manager, is great for tightening up device security on the network as well as preparing to restore the system as part of the network recovery. It is not a cloud-based tool, though; instead, it runs on Windows server. The standardized device configurations of the business can be stored in this tool, and it reloads if any unauthorized change is detected. Key Features:
The tool helps you create a standard setup for each type of network device, model it, and then store an image of it. You can then include the image store in your general data backup strategy to completely secure your devices against disaster. Pros:
Cons:
There is a 30-day trial versions available for download. SolarWinds Network Configuration Manager Download 30-day FREE Trial 3. NinjaOne Backup (FREE TRIAL)NinjaOne Backup is structured for use by managed service providers so that they can implement data protection and recovery plans for their clients. The tool installs an agent on each protected device and offers a range of backup strategies, including full, incremental, and differential backups. Key Features:
The service gives options to store backups on a local server or removable storage device, a cloud storage plan, or on the secure storage space that is included in the NinjaOne Backup plan. Pros:
Cons:
You can get a 14-day free trial to assess NinjaOne Backup. NinjaOne Backup Start a 14-day FREE Trial Related: NinjaOne Backup – Full Review 4. SpinOne (FREE TRIAL)SpinOne from Spin.ai is a cloud platform that offers backup and recovery for SaaS systems. The tool is designed for three specific platforms: Microsoft 365, Google Workspace, and Salesforce. It also offers malware detection, ransomware remediation, data loss prevention, risk assessment, and compliance reporting. Key Features:
The SpinOne system tracks activity on the protected cloud file server, watching user behavior to identify insider threats and account takeover. Anomalous behavior triggers alerts and account suspension. The system also scans for API access, which might indicate that a user has given permission to an unauthorized app to access the filespace. Pros:
Cons:
SpinOne plans each protect one specific platform. You can try any of the three editions with a 15-day free trial. SpinOne Access a 15-day FREE Trial 5. ManageEngine Network Configuration Manager (FREE TRIAL)ManageEngine Network Configuration Manager offers security against unauthorized changes to network device settings and can also be used to backup and then recover all of your network configurations in the event of a site-wide disaster. The tool can also be used to start up again on a new site with entirely new equipment. Key Features:
This system takes a copy of a standard device configuration and lets you alter it to create an ideal standard. You can then store that image and apply it to any new device of the same type. Pros:
Cons:
You can access a 30-day free trial. ManageEngine Network Configuration Manager Access 30-day FREE Trial Network disaster recoveryIt finally happened: a network disaster! Thankfully, though, your business has done everything it reasonably can to mitigate the damage. Let’s discuss the most important points for effective recovery.
ConclusionAs mentioned earlier, a network disaster recovery plan should be there for any business—regardless of the size. Yes, the recovery plan costs money, time, and effort, but it is worth it because no one knows when a disaster will occur. Without a recovery plan, everything can be lost. Don’t leave things to chance! Network Disaster Recovery FAQsWhat are the five phases of a disaster recovery?The phases of disaster recovery chain right back into normal operations before any indication of an actual disaster arises. The five phases of disaster recovery are:
What is network recovery?Network recovery is a broad discipline. It ranges from restoring the configuration of network devices after tampering by hackers to the complete recreation of a network in a new location after the main office is wiped out. What is computer network disaster?While a computer system disaster relates particularly to the loss of or damage to data, a network disaster can mean a device outage or an alteration in the settings of a network device that renders its security or efficiency impaired. What are some forms of DRP testing?Types of disaster recovery tests
There are three basic types of disaster recovery testing. These include a plan review, tabletop exercise and simulation test.
What is a DRP test?Degrees of Reading Power® (DRP) assessments are easily implemented measures of literacy skills, meant to determine a student's comprehension of text passages. They calculate a student's overall ability to comprehend and critically understand writing.
What is the best BCP testing methodology to validate if the recovery plans are working?Tabletop Exercise/Structured Walk-Through Test: At its core, a BCP Tabletop Test is a scenario-based role-playing exercise. The objective is to ensure all critical personnel in your organization are aware of and familiar with the relevant portions of the BCP, as well as their role in a disaster/event.
How often is a disaster recovery plan DRP tested?While there is no one standard for how often you should test your DRP and BCP, you should generally conduct functional disaster recovery testing at least once per year.
|