Storm Dennis and DRaaS Disruptive TestsFebruary 20th, 2020 by Tibor Marosi
The recent widescale flooding caused by Storm Ciara and Storm Dennis has wrecked homes and businesses across the country. Although flooding of this scale doesn’t happen very often, IT outages make the news on a weekly basis, from power outages to ransomware and terrorist attacks. The impact on business is very real, over 40% of businesses affected by the Manchester bombing went out of business, never to return1.
Sadly it is perhaps not surprising as a recent survey of UK businesses found that a quarter of SMEs don’t have a Disaster Recovery plan, and of those that do, more than half (54 per cent) don’t regularly test it.2 These shocking statistics are made worse when you factor in that whilst businesses may have off-site backups, the ability to source replacement hardware, configure the environment and sort out network connectivity could take weeks. Businesses need to seriously consider if they could survive that kind of IT downtime, and if not, they need to do something about it. The first step is to create a Disaster Recovery Plan.
Making a Disaster Recovery Plan
Disaster recovery planning involves agreeing a strategy with a comprehensive plan, deploying the appropriate technology and continuously testing it as though it were live. Organisations tend to shy away from duplicating their existing IT infrastructure due to high costs. It’s like having two cars sitting outside your home in case one fails to start in the morning. This is one of the reasons why ‘proper’ DR is a neglected component when delivering IT to the business, but maintaining off-site backups alone is not an adequate solution to the problem.
You may have off-site backups, but during a catastrophic event where do you restore the data to, and how long does restoration take to complete? Current backup methodologies use a variety of technologies that mean maintaining up-to date off-site data is generally quick and easy. Unfortunately, off-site backup solutions are not geared to be able to restore, for example 50 systems in parallel, in a timely fashion. This translates to days or weeks in best-case scenarios before all systems are live. This is where a robust DRaaS (Disaster Recovery as a Service) solution allows organisations to have a near time replica site ready and waiting (usually with an SLA of under 4 hours) should disaster strike.
Disruptive Testing is Key
A fundamental, and often overlooked part of any DRaaS solution is testing that it works and is fit for purpose! A ‘read only’ test of the DRaaS environment where users log on, see their files, and connect to systems does provide some level of functional testing, but it cannot give 100% assurance that all systems will be operating as expected.
Some simple examples of necessary tests are:
- Can DNS records be updated correctly?
- Do third party remote SaaS applications allow connections from different IP address ranges?
- Are IPS/IDS systems correctly configured?
- Do MPLS/VPN/SD-WAN circuits fail over and operate as expected?
In order to mitigate and correct unforeseen issues which can affect systems and services, BrightCloud undertake disruptive tests with our customers. In fact, we recently completed such a test for a leading property management company.
During the test we turn off our customers live environment as would happen in a catastrophic event, and our DRaaS is fully invoked. Usually customers select key personnel from each business division to then test their systems and services. Emails are received and sent, business processes are carried out as if they are live, SaaS applications used, invoices raised, etc… Typically this will highlight areas and systems that have changed or have been missed from the initial DRaaS design and allows the customer to amend and alter the DRaaS configuration accordingly. The option to fail back or carry on using the DRaaS environment which would now be categorised as live is then up to the customer.
Ignoring the truth that disasters do and will strike shouldn’t be a valid reason to not have a disaster recovery plan. And once the decision to use DRaaS has been made, having the option to invoke a disruptive test with BrightCloud provides the highest level of assurance to organisations that things will just work as expected when it rains, and without the overheads of maintaining a duplicate data centre.