Servers & Systems: The Right Compute

Are your disaster recovery testing strategies up to date?

How confident are you in your disaster recovery testing strategies? Prepare today to stay secure.

Every business needs to have a solid disaster recovery/testing strategy in place. No matter how much you might think—or hope— that disasters only happen to someone else, it's only a matter of time before a large, dire cyberattack, a natural disaster like an earthquake or flood, or an internal act of sabotage threatens the security of your business data.

Unfortunately, a 2018 Berkshire Hathaway BusinessWire survey of IT professionals reported that 85 percent of businesses Disaster Recovery Testing_Blog_shutterstock_276758384.jpgweren't fully confident in their disaster recovery plan—if they even had one at all. While nearly half of survey respondents experienced a failure requiring a disaster recovery solution to resume operations, only half of them met their recovery time objective. This suggests a high potential for severe repercussions in the event of a natural disaster, a virus or malware attack, or a problem caused by human error.

The best disaster recovery solutions incorporate backups, plans, and alternatives to restore operations in case of a major IT disaster. Your business most likely has a strong plan on paper, but how confident are you that the data recovery solution you've designed will actually work when disaster strikes? There's no way to know for sure until you test your disaster recovery strategies, and definitively demonstrate you're prepared for the worst.

Outline disaster recovery testing strategies

Start by determining an appropriate schedule for testing your plan. A lot depends on your type of business, but any significant IT system updates should come with an exercise to test recovery capabilities. Other triggering events can include a change in personnel or widespread adoption of new computer devices. Testing once a year should be the bare minimum, but you should consider conducting some level of exercise on a monthly or quarterly basis, as well.

Additional factors indicating it's time to undertake disaster recovery plan testing include:

  • Your business has expanded or relocated.
  • Your business faces an audit or investor due diligence review.
  • The physical location of your business recently experienced, or could experience, a natural disaster.
  • Your business experienced an unexpected shutdown due to a power outage.
  • You've never conducted a full-scale exercise.

Browse a buffet of testing methods

Performing a comprehensive disaster recovery exercise every time you want to test your system's viability isn't practical. Consider instead these testing methods:

  • Plan review. This basic approach puts the people responsible for business continuity and disaster recovery in a room to meet and review existing process documentation and pinpoint any areas that need changing or updating. This can also be a good time to review specific roles and responsibilities.
  • Tabletop exercise. This method is kind of like a dress rehearsal. Key players play out a scenario so that you can fully explore response times and procedures. All team members describe how they will act, given the scenario's circumstances, under the guidance of a trained facilitator. This approach can prove especially effective in uncovering any gaps or planning errors in protocol and execution.
  • Full-scale exercise. The goal here is to simulate a real-life disaster and to involve the company at large. Such an exercise generally requires actual system and employee downtime, just as would occur in a real emergency situation.
  • Assemble a team. In some businesses, a single individual is often charged with key continuity and recovery duties. But if that person is unavailable should a disaster strike, the business is left powerless if no one else knows how to execute the recovery plan. That's why several people should take on an active part of planning and testing, even if they're not in IT. Train several individuals in essential business continuity and disaster recovery responsibilities.
  • Document everything. There's little value to testing if you don't document every aspect of the exercise, such as issues that turn up (expected and unexpected) and why those issues arose, the length of time required to successfully complete the test, and anticipated costs related to system and personnel downtime. The more detailed your documentation, the better informed you'll be about the steps needed to improve the situation and adjust your plan for the future.

Regular disaster recovery testing will help you identify cracks in your security foundation, including vulnerabilities caused by mobile devices, the integration of cloud-based technology with on-site traditional infrastructures, and gaps in encryption and data control.

With hybrid cloud, your SMB can reduce downtime, cost and risk while increasing flexibility and scalability.

Discover why the new era of cyber warfare aimed at exploiting hardware vulnerabilities and the End-of-Support for Windows Server 2008/2008 R2 means delaying server replacement leaves SMB IT open to risk.

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no "dumb" questions!

Or are you ready to purchase? Visit the HPE Store.

0 Kudos
About the Author


Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMB’s end-to-end affordable infrastructure that’s secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.