2ri2017 Disaster recovery - Wikipedia
Disaster recovery
From Wikipedia, the free encyclopedia
Disaster recovery (DR) involves a set of policies and procedures to enable the recovery or continuation of vital
technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on
the IT or technology systems supporting al business functions,!!! as opposed to business continuity, which
involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster
recovery is therefore a subset of business continuity.!
Contents
= 1 History
# 11 Classification of disasters
2 Importance of disaster recovery planning
3. Control measures
4 Strategies
5 See also
6 References
7 Further reading
8 External links
History
Disaster recovery developed in the mid- to late 1970s as computer center managers began to recognize the
dependence of their organizations on their computer systems. At that time, most systems were batch-oriented
mainframes which in many cases could be down for a number of days before significant damage would be done to
the organization.
As awareness of the potential business disruption that would follow an I'-related disaster, the disaster recovery
industry developed to provide backup computer centers, with Sun Information Systems (which later became
Sungard Availability Services) becoming the first major US commercial hot site vendor, established in 1978 in
Philadelphia.
During the 1980s and 90s, customer awareness and industry both grew rapidly, driven by the advent of open
systems and real-time processing which increased the dependence of organizations on their IT systems,
Regulations mandating business continuity and disaster recovery plans for organizations in various sectors of the
economy, imposed by the authorities and by business partners, increased the demand and led to the availability of
commercial disaster recovery services, including mobile data centers delivered to a suitable recovery location by
truck.
With the rapid growth of the Internet through the late 1990s and into the 2000s, organizations of all sizes became
further dependent on the continuous availability of their IT systems, with some organizations setting objectives of
2, 3, 4 or 5 nines (99.999%) availability of critical systems, This increasing dependence on TT systems, as well as
increased awareness from large-scale disasters such as tsunami, earthquake, flood, and voleanic eruption, spawned
disaster recovery-related products and services, ranging from high-availability solutions to hot-site facilities.
Improved networking meant critical IT services could be served remotely, hence on-site recovery became less
important.
hiteev/enwikinedia.craNwiki/Disaster recovery aeamen Disester recovery - Wikipedia
The rise of cloud computing since 2010 continues that tend: nowadays, it matters even less where computing
services are physically served, just so long as the network itself is sufficiently reliable (a separate issue, and less of
a concern since modem networks are highly resilient by design). Recovery as a Service’ (Ras) is one of the
security features or benefits of cloud computing being promoted by the Cloud Security Alliance]
Classification of disasters
Disasters can be classified into two broad categories. The first is natural disasters such as floods, hurricanes,
tornadoes or earthquakes. While preventing a natural disaster is impossible, risk management measures such as
avoiding disaster prone situations and good planning can help. The second category is man made disasters, such as
hazardous material spills, infrastructure failure, bio-terrorism, and disastrous IT bugs or failed change
implementations. In these instances, surveillance, testing and mitigation planning are invaluable.
Importance of disaster recovery planning
Recent research supports the idea that implementing a more holistic pre-disaster planning approach is more cost-
effective in the long run. Every $1 spent on hazard mitigation(such as a disaster recovery plan) saves society $4 in
response and recovery costs.!#l
As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy
as a whole, the importance of ensuring the continued operation of those systems, and their rapid recovery, has
increased. For example, of companies that had a major loss of business data, 43% never reopen and 29% close
within two years, As a result, preparation for continuation or recovery of systems needs to be taken very seriously.
This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a
disruptive event.[51
Control measures
Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different
types of measures can be included in disaster recovery plan (DRP).
Disaster recovery planning is a subset of a larger process known as business continuity planning and includes
planning for resumption of applications, data, hardware, electronic communications (such as networking) and other
IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key
personnel, facilities, erisis communication and reputation protection, and should refer to the disaster recovery plan
(DRP) for IT related infrastructure recovery / continuity,
IT disaster recovery control measures can be classified into the following three types:
1, Preventive measures - Controls aimed at preventing an event from occurring.
2. Detective measures - Controls aimed at detecting or discovering unwanted events,
3. Corrective measures - Controls aimed at correcting or restoring the system after a disaster or an event.
Good disaster recovery plan measures
regularly using so-called "DR tests".
ictate that these three types of controls be documented and exercised
Strategies
oe a _amen Disester recovery - Wikipedia
Prior to selecting a disaster recovery strategy, a disaster recovery planner first refers to their organization's business
continuity plan which should indicate the key metrics of recovery point objective (RPO) and recovery time
objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc.). The
metrics specified for the business processes are then mapped to the underlying IT systems and infrastructure that
support those processes.[4)
Incomplete RTOs and RPOs can quickly derail a disaster recovery plan. Every item in the DR plan requires a
defined recovery point and time objective, as failure to create them may lead to significant problems that can
extend the disaster’s impact.!7] Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR
planner can determine the most suitable recovery strategy for each system, The organization ultimately sets the IT
budget and therefore the RTO and RPO metries need to fit with the available budget. While most business unit
heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the
desired high availability solutions impractical. A cost-benefit analysis often dictates which disaster recovery
measures are implemented.
Traditionally, a disaster recovery system involved cutaver or switch-over recovery systems. Such measures would
allow an organization to preserve its technology and information, by having a remote disaster recovery location
that produced backups on a regular basis. Flowever, this strategy proved (o be expensive and time-consumi
Therefore, more affordable and effective cloud-based systems were introduced.
Some of the most common strategies for data protection include:
= backups made to tape and sent off-site at regular intervals
= backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
= replication of data to an off-site location, which overcomes the need to restore the data (only the systems
then need to be restored or synchronized), often making use of storage area network (SAN) technology
= Private Cloud solutions which replicate the management data (VMs, Templates and disks) into the storage
domains which are part of the private cloud setup, These management data are configured as an xml
representation called OVF (Open Virtualization Format), and can be restored once a disaster occurs.
= Hybrid Cloud solutions that replicate both on-site and to off-site data centers. These solutions provide the
ability to instantly fail-over to local on-site hardware, but in the event of a physical disaster, servers can be
brought up in the cloud data centers as well.
= the use of high availability systems which keep both the data and system replicated off-site. enabling
continuous access to systems and data, even after a disaster (often associated with cloud storage)!*
In many cases, an organization may elect to use an outsourced disaster recavery provider to provide a stand-by site
and systems rather than using their own remote facilities, increasingly via cloud computing.
In addition to preparing for the need to recover systems, organizations also implement precautionary measures
with the objective of preventing a disaster in the first place. These may include:
= local mirrors of systems and/or data and use of disk protection technology such as RAID
= surge protectors — to minimize the effet of power surges on delicate clectronic equipment
= use of an uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of
a power failure
= fire prevention/mitigation systems such as alarms and fire extinguishers
= anti-virus software and other security measures
See also
= Backup site
= High availability
oe a meamen Disester recovery - Wikipedia
= Continuous data protection
Data recovery
Emergency management
IT service continuity
Remote backup service
Seven tiers of disaster recovery
Virtual tape library
References
1. Systems and Operations Continuity: Disaster Recovery: (hitp://continuity. georgetown. edw/dr') Georgetown University.
University Information Services. Retrieved 3 August 2012
2. Disaster Recovery and Business Continuily, version 2011. (hitp:/!vwww-304.ibm.com/partnerworld/gsdsolutiondetails.do?
solution—448328expand-truesele-en) Archived (htips://web. archive. org/weby2013011 120392 L/http:/‘www-304. bm. com!
parmerworld /gsdisolutiondetails.do?solution=44832Sexpand=truedle=en) Famuary 11, 2013, at the Wayback Machine.
IBM. Retrieved 3 August 2012.
3. Secaas Category 9// BCDR Implementation Guidance (https://cloudsecurityalliance. org/downloadl’secaas-category-9-bedr
-implementation-guidanco’) CSA, retrieved L4 July 2014.
4, "Post-Disaster Recovery Planning Forum: How-To Guide" (PDF). University of Oregon's Community Service Center.
Retrieved 2013-05-23. |firsta= missing [lastt~ in Authors list (help)
5, “IT Disaster Recovery Plan*, FEMA. 25 October 2012. Retrieved 11 May 2013.
6. Gregory, Peter. CISA Certified Information Systems Auditor All-in-One Exam Guide, 2009, ISBN 978-0-07-148"
Page 480,
7. "Five Mistakes That Can Kill a Disaster Recovery Plan’, Dell.com. Archived from the ori
2012-06-22.
8 Brandon, John (23 June 2011). "How to Use the Cloud as a Disaster Recovery Strategy”, Ine, Retrieved I May 2013.
nal on 2013-01-16, Reuieved
Further reading
= ISO/IEC 22301:2012 (replacement of BS-25999:2007) Societal Security - Business Continuity Management
ystems - Requirements
= ISO/IEC 27001 :2013 (replacement of ISO/LEC 27001:2005 [formerly BS 7799-2:
Security Management System
= ISO/IEC 27002:2013 (replacement of ISOMTEC 27002:2005 [renumbered 18017799:2005)) Information
Security Management - Code of Practice
ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity management
ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services
TWA 5:2006 Emergency Preparedness—British Standards Institution
BS 25999-1:2006 Business Continuity Management Part 1: Code of practice
BS 25999-2:2007 Business Continuity Management Part 2: Specification
BS 25777:2008 Information and communications technology continuity management - Code of practice—
Others --
= "A Guide to Business Continuity Planning” by James C. Barnes
= "Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L
Fulmer
Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell
ICE Data Management (In Case of Emergency) made simple - by MyriadOptima.com
Hamey, J.(2004). Business continuity and disaster recovery: Back up or shut down.
AIIM E-Doc Magazine, 18(4), 42-48.
Dimattia, 8. (November 15, 2001).Planni
1002]) Information
for Continuity, Library Journal,32-34.
External links
oe a _amie Disaster recovery - Wikipedia
= IT Disaster Recovery Plan from Ready. gov (hitps://www.ready.gov/business/implementation/IT)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Disaster_recovery &oldid=76283582 1"
Categories: Disaster recovery | Data management | Backup | IT risk management
= This page was last modified on 31 Janvary 2017, at 00:30.
= Text is available under the Creative Commons Attribution-ShareA like License; additional terms may apply.
By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark
of the Wikimedia Foundation, Ine., a non-profit organization,
hiteev/enwikinedia.craNwiki/Disaster recovery