Many businesses have a plan for disaster recovery. But once in place, it needs to be tested and updated regularly. If not, businesses are asking for trouble, says C Spire Business engineering expert Gary Nalley. “Even the most well-prepared IT teams experience gaps in their recovery plans.
Sometimes the problem is a result of a simple oversight. At other times, organizations are digitally transforming so rapidly that their recovery plan becomes outdated. We asked Nalley to share a few reasons disaster recovery plans fail and how organizations can avoid these pitfalls.
The human element
Some businesses fail to plan for the most essential piece of a disaster recovery plan — people.
“I once heard about an external auditor running a test for multiple compliance requirements at a financial institution in Chicago. The auditor picked out three people from the testing team and said, ‘This is our scenario: You're in Chicago. There are 18 inches of snow on the ground, and its whiteout conditions. There are power failures all over the place, and you three people can't make it in because of road conditions.’ ”
The rest of the testing team had to implement their disaster recovery plan without the senior network architect, senior mainframe operator, and one of the business application specialists. “They couldn’t do it,” said Nalley. “They had a strong disaster recovery plan. But without these three critical people, they were sunk.”
IT leaders must know who on their team plays a critical role within a recovery plan and ensure trained personnel are available to fill in as needed.
The big picture
Disaster recovery is a broad topic that often needs a granular approach. Unfortunately, businesses can narrow the focus so much that they overlook a seemingly insignificant ancillary system. That is exactly what happened to a healthcare IT team Nalley consulted with. “The team made sure critical systems that house patient data could be recovered almost immediately,” Nalley said. “But they overlooked a single critical system among the many that underpin their electronic medical record (EMR) system.”
In this specific case, the team needed to ensure the availability of a very elaborate EMR ecosystem. “The team accessed the EMR through a virtual Citrix environment. When a catastrophe struck, they realized employees could not log into the virtual environment because of what they thought was an insignificant storage system."
Even though they ensured critical EMR software was available for use, employees could not access them. “That was a lesson learned! Always document your dependent systems,” said Nalley.
Rapid transformation
The last couple of years have seen huge changes in data streams. Before the pandemic, preparing a team to work remotely was evolutionary. Businesses had time to develop secure processes for remote access of data and tools. Then suddenly in March, April and May of 2020, companies were becoming remote within a matter of days and weeks.
For many, that meant their disaster recovery plan was no longer relevant.
“Businesses went from focusing on security systems that were built around firewalls and antivirus to suddenly needing encryption and cloud services for remote teams,” said Nalley. “A lot of people have the misconception that just because their data is in the cloud, it's safe or protected. It is somebody else's responsibility, right? But it boils down to the fact that this is your organization's data. You’re responsible for making sure that it's available no matter the situation.”
Nalley suggested all companies evaluate and revamp their disaster recovery plans if they have not done so since early 2020. “Never underestimate the value of doing recovery tabletop exercises with your team. Running through potential scenarios will help you collaborate and identify gaps in your backup and recovery plans.”
What’s your score?
Disaster Recovery Checklist
Most businesses think they are disaster ready. With this Disaster Recovery Checklist, you’ll know for sure. Get your score now to learn how well your organization will recover from a disaster like ransomware, hurricanes and more.
