Home Editor's Picks How to Create Well-Developed Disaster Recovery Plans

How to Create Well-Developed Disaster Recovery Plans

How to Create Well-Developed Disaster Recovery Plans

By Edward J. Hawkins, II
Contributor, InCyberDefense

Planning for disaster is never fun simply because we never know when disaster may strike or what form it will take. If you talk to some financial planners, for instance, they may tell you that you should have at least three months’ worth of savings on hand in the event of a disaster.

From a technology standpoint, the rule of thumb for data backups has always been one and half times the size of the hard drive in the system. This would allow the system administrator or owner to capture three full data backups.

One thing to note regarding, the one and a half rule of thumb, it also depends on storage utilization. What I mean is that if a system has a 512 gigabyte hard drive, that means that the backup hard drive should be 768 gigabytes (512 x 1.5 = 768) in size.

However, if the hard drive utilization is at 90%, then the backup hard drive size should be adjusted to capture three complete backups or the backup solution needs to change. Keep in mind that human lives always come before technology in any disaster recovery plan.

Backup Storage Options

The strategies set forth in this article are not meant to be all-encompassing, but rather a set of potential solutions that may be possible in a given environment. There are multiple storage solutions in the marketplace, with cloud storage being the most recent addition to the list.

Traditionally, there are magnetic tapes, optical disks and removable hard drives for backups. While redundant arrays of inexpensive disks (RAID) technologies can fulfill a disaster recovery function (minus RAID-1, which is for performance increase), I see them more as a business continuity function, but more on that is coming.

Tape Backups

Tape backups are one of the most “old school” ways of creating a data backup that is still in use today. While newer tape backup solutions provide an extraordinary amount of storage space and can perform a high-speed recovery, everything is sequential.

For instance, the tapes must be in a specific sequential order when they are being loaded. Also, they must be marked when unloaded so that if they are needed again, they are reloaded into the same location.

Tapes have a limited lifespan compared to other forms of data storage. Environmental conditions, such as heat, moisture and electromagnetic environments, can also affect a tape backup.

Optical Disks

Optical CDs, DVDs and Blu-rays  provide a longer storage life, but at the cost of storage space. First came CDs, which had either 650 or 700 megabytes of storage. This storage capacity was adequate for the smaller hard drives of Microsoft Windows 98 and an earlier era.

Next came DVDs. They could store between 4.7 gigabytes and 17 gigabytes, depending on the type of disk purchased. The most common amounts of storage for a DVD was 4.7 and 8.5 gigabytes.

The follow-on to DVDs was the Blu-ray format, which can hold either 25 or 50 gigabytes of data. Blu-ray offers a significant improvement over the other forms of optical media.

However, Blu-ray pales in comparison to the capacity of a single tape backup, which I have seen store 650 or more gigabytes. That’s 26 times greater storage than a single 25-gigabyte disk and 13 times greater than a 50-gigabyte disk.

Another issue that optical media face is that the disks must be stored in cool environments. Because they are typically made of plastic, they can melt, warp or break.

Removable Hard Disks

Removable hard disks offer a variety of advantages over the other forms of media backup, simply due to their storage capacity, durability and evolving potential. Hard disks can be placed in various housings that can allow external connectivity between the target system and the hard disk, such as a Universal Serial Bus (USB), FireWire, External Serial Advanced Technology Attachment (eSATA) or ethernet cable.

Some housings allow the hard disk to be removed, replaced and stored in a safe location for later recovery. If connected via an ethernet cable, the system may be able to have a synchronized backup of files, which would allow the system to be continuously protected in the event of a disaster. That is where the cloud comes in.

Cloud computing is a boon to any environment, depending on who owns it and where it is stored. While I am a fan of the cloud, I do believe that it must be properly provisioned to protect the data owner. For small organizations that might not be able to adequately set up a robust disaster recovery solution, backing up their data to a cloud storage solution will provide the organization with necessary peace of mind.

Larger organizations, however, should utilize a private cloud solution that synchronizes data among all locations. If a third-party solution is going to be put in place for data backup and storage, be certain that you can retrieve or recover data from that third-party solution. That may seem self-evident, I am aware that should go without saying, but I know of an organization that could not recover its data from the third-party source.

Backing Up and Recovering the Data

Once an organization has decided what storage medium to use, a schedule for backing up the data needs to be created. Creating a regular schedule for backups is important because no organization wants to lose critical files or have to make changes to data files.

There are three basic types of backups:

  • Full — A full backup is just how it sounds. It captures everything on the drive, but it should not be considered a bit-for-bit backup.
  • Incremental — Incremental backups capture the data that have changed since the last backup. This type of backup could capture all data or just the data from the most recent incremental backup.
  • Differential — Differential backups capture the data that has changed since the last full backup.

Locations of Disaster Recovery Sites Needs Careful Consideration

Scheduling backups should be done in such a way that it allows for the capture of all changes.

If a disaster is strong enough to destroy the building and force company employees to another site to resume operations, the recovery site must be chosen carefully. Ideally, the displaced workers will be close enough to a secondary location that is both operational and available; in this situation, cloud storage is useful for offsite data storage and recovery.

While cloud solutions can effectively address offsite data storage and recovery, where displaced individuals are to be relocated is something that needs to be considered as well. Ideally, the displaced individuals are close enough to a secondary location that is operational and available.

Disaster recovery sites fall into three categories:

  • Hot – The backup is in place and already working. It has enough additional space to take the displaced workers.
  • Cold — The organization may have a warehouse that stores backup hardware. But it needs to have various services installed or turned on before the site can be utilized by the displaced employees.
  • Warm — The location may already have limited services and needs only minimal additions or reconfigurations to be operational.

Recommendations for Effective Disaster Recovery Plans

When it comes to writing disaster recovery plans and developing your individual strategy for how your organization is going to recover, every solution needs to be vetted to ensure that it is going to work for either the organization or an individual. For me, a private cloud was the right solution because it allowed me to control how much storage space I needed and I just had to put in the appropriate size hard disks.

Remember, cost matters to those making the decisions, so your backup solutions must provide an adequate return on investment. No one should spend thousands of dollars backing up data that may be worth far less.

Identify your critical data, determine what it would cost if that data were lost and develop your disaster plan around it. Then, test your plan to ensure that it works as intended. How else would you know if the plan worked?