Disaster Recovery: Planning, Strategies, Types & Procedures | Okta (2023)

A disaster recovery plan helps your organization resume core computing and IT functions after some type of disaster.

Many companies will face a challenge that puts their work at risk at some point. For example, organizations headquartered in Texas faced significant power outages at the beginning of 2021. At one point, power grid officials admitted that they had no idea when they could restore power.

In a situation like this, a disaster recovery plan could ensure that you don't lose data, customer confidence, or both.

Planning for an incident like this is complicated, and you'll need plenty of people to help you with the work.

Here's what you need to know to get started.

What is disaster recovery?

In IT circles, a disaster is any kind of disruptive event that knocks your company offline or somehow puts your operations on pause. A disaster recovery plan should help you get back to normal as quickly as possible.

The DR concept was developed in the 1970s as more companies relied on computers to get their work done. But the concepts you might use in a plan today are very different from those in the 1970s. And the types of disasters you face are slightly different too.

Common disasters teams prepare for include:

• Cyberattacks. In 2020 alone, more than 1,000 data breaches took place. When hackers get into your systems, they can steal data, take you offline, or both.
• Power outages. As the climate warms and superstorms become commonplace, your reliable source of electricity could disappear.
• Equipment failures. Modern tools are delicate, sensitive, and apt to fail. Even routine maintenance can't prevent your equipment from going down.
• Viruses. Companies without a disaster recovery plan had to scramble when COVID-19 hit and employees all stayed home to work.

Your disaster recovery plan could also focus on incidents that haven't happened yet but seem likely in the coming years and months. As you craft your plan, you'll ensure that the challenges you face won't wipe your company off the map.

How does disaster recovery work?

Disaster recovery plans detail how you'll recover data when your primary servers go down or become unavailable. Typically, that means understanding how and where you'll save critical files.

Consider this: A tree falls on your datacenter. All of your servers go down at once. People inside the center know that the organization has taken a hit. But everyone outside of your building has no idea what's going on.

A disaster recovery plan details how file restoration works. You've backed up data in a secondary location. Where is it stored? How quickly can you make it available?

Common strategies companies use for data restoration include:

• Clouds. Organizations partner with vendors, and they save data on the cloud automatically. Plenty of companies opt for this model, as it's considered easy and infinitely customizable.
• Discs. A program saves copies of critical data, and you can rewrite older versions with newer sets.
• Tapes. You record backups and send the tapes to an offsite location for storage. The model may seem old and low-tech, but close to 60 percent of companies still lean on backup tapes.

People measure disaster recovery efficacy in tiers.

• 0: An organization does not store any offsite data. Everything is available onsite.
• 1: Backups are on physical media (like a tape), which the company keeps in an offsite facility.
• 2: Backups are on physical media (like a tape), and the IT team transfers that to an offsite facility that they can also pull in to support key functions in a crisis.
• 3: An organization sets up a system to automatically transfer data to a live backup site (like a data center or cloud).
• 4: The company backs up data in multiple places, with multiple backups.
• 5: The system continuously backs up in multiple places.
• 6: The cloud or system provides continuous data and does not ever lose data.

People often confuse disaster recovery plans with business continuity (BC) plans. They are similar, but a BC helps your team stay open and functional during a crisis. A BC plan may have a computer component, but it may also involve your structures, teams, financial partners, and more.

What does a disaster recovery plan involve?

When a crisis hits, your team doesn't have time to bicker about next steps and common challenges. They need a road map they can access quickly, so they can get started right away. Your completed disaster recovery plan does just that.

Your completed disaster recovery plan should include:

• Directions. What should people do at every step as they attempt to restore files and get your company running again?
• Staff. Who should you consult at each stage of the recovery? Who is part of the disaster recovery team?
• Tools. What software and hardware will the team need as they work?
• Ramifications. When should you notify your insurance company? When should your stakeholders get messages about this? What should you tell the press?

Your disaster recovery plan isn't a static document. Every time something changes in your company, your staff, or your vendor set, you should change the plan accordingly.

Disaster recovery solutions

As we mentioned, plenty of organizations buy tapes and discs to handle disaster recovery independently. But if you need a vendor partner, you have a few choices.

Companies that offer disaster recovery as a service have cloud storage options for data backups. Some offer flexible costs, so you can pay only for the storage you need. And you can add or remove seats as needed.

You can choose from a wide variety of vendors. Most organizations make a decision based on cost and features. But you will want to hold in-depth conversations with potential partners to ensure they offer all of the features you need.

Disaster recovery sites, such as external data centers, can store your information and restore it as needed. If you have significant information needs and plenty of critical data, you may decide that investing in a backup data center is wise. But these backups can sometimes be too costly for average business owners.

Disaster recovery testing

With a plan created, are you truly safe? If you don't test your systems, you won't know until the next crisis hits. Testing helps you understand your coverage gaps so you can patch them.

Recent data losses from big companies prove just why testing is so critical. Manage testing by running your systems in disaster mode and watching how much data you (theoretically) lose. Or conduct an audit and see how well things work in a simulated crisis.

Can you prevent disasters?

Control measures help you eliminate or reduce the disaster threats your organization faces.

Three main types of control measures exist.

• Preventive: You stop an event from happening. Cutting down the trees around your power lines so you remain connected is an example of a preventative measure.
• Detective: You know when an event begins. Installing software with intruder alerts is a detective measure.
• Corrective: You can restore a system quickly. Anything in your disaster recovery plan is a corrective measure.

You can't prevent every problem from striking your company, and no IT worker should promise that to leadership. But corrective measures are a critical part of your overall disaster recovery plan.

Who should join you?

While disaster recovery is primarily an IT function, others in your organization have valuable insights and skills to share.

Your disaster recovery planning team might include:

• Executive management. Leaders must sign off on your plans, and they must budget for the tools you need.
• Risk management. If your organization has staff who handle organizational challenges, this person should be on your team.
• Team leads. People who head up core functions in your organization should know how the plans work, and they can give you insights on the datasets they consider vital.

This team may not help you draft policy. But they should be involved in all of your planning processes so you craft something your entire company can use.

What must you know to start planning?

A disaster recovery program includes hundreds of pieces, and it's hard to know where to begin collecting them.

In general, you should have solid ideas about these areas before you get started:

• Risks: What are the top security or connectivity challenges your company faces right now? What new issues may arrive within the next few years?
• Critical data: What files and sources does your company need first? What can wait until later stages of restoration?
• Recovery time: What's the maximum amount of time you'll need to gather up your files from storage and implement them? How much downtime can your company handle?
• Recovery point: What's the maximum age of files your company will accept? Can they handle 4-hour-old files? Or must they be instantaneous? This number will guide your backup strategy.

You must know much more than this to complete a plan, of course. You should know where your files are, how much your solution will cost, and more. But this brainstorming list can help you start.

Disaster recovery help from Okta

Okta can help you enhance your identity-driven security to protect your organization from breaches.

Read our whitepaper to find out how these programs work and how you can get started.

References

ERCOT Officials Say They Have No Idea When Texas' Power Outages Will End. (February 2021). The Dallas Morning News.

Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2020. (January 2021). Statista.

Why Time's Up on Preventive Maintenance. (July 2019). Processing.

The Five Hidden Risks of IT Disaster Recovery Failures. (October 2019). Disaster Recovery Journal.

Five Key Points About Cloud vs. In-House Disaster Recovery. (January 2021). Computer Weekly.

How Cloud and Disaster Recovery Trends Will Impact 2020 Digital Transformation Strategies. (February 2020). Forbes.

Delta Outages Reveal Flawed Disaster Recovery Plans. (February 2017). Network Computing.