The last few years have seen traditional disaster recovery approaches put under unprecedented pressure. Businesses have had to rethink their approach to disaster recovery at speed, with particular emphasis being placed on putting together contingency plans and protecting business interests in the event of total data loss.
Regulators have also become more stringent about organisations’ ability to cope in the event of a ‘total loss scenario’, whereby the company in question can still function at minimal capacity in the event of all its data being compromised. According to Darren Lea, senior product manager for operational resilience at “collaborative automation” specialists Cutover, organisations which still rely on manual processes for data recovery are being caught out. Excel is no longer fit for purpose for this task and pressures are only set to grow.
“EU digital operational resilience acts have done an enormous amount of work to improve the financial stability of organisations in the aftermath of a significant event,” Lea says. “This was probably after 2008, but that work has only intensified since the pandemic.
“Though they might, at times, seem to hamper activities, regulators are actually there to ensure that organisations don’t go out of business because they haven’t properly thought through their recovery plans. In that sense, we’re likely to see more regulation coming in the next few years, not less, building upon recent examples we’ve seen, such as from the Monetary Authority of Singapore (MAS), and the EU’s Digital Operational Resilience Act (DORA).”
2022 State of Operational Resilience in the CloudBy Cutover
One must proactively put one’s resilience to the test, rather than wait for disaster to unfold. Lea stresses that there are technologies available which allow companies to continue their day-to-day work without too much disruption to activity, all the while maintaining compliance with regulatory standards. The key, he says, is a platform that can optimise orchestration – that is, sequencing complex activities with multiple moving parts and automating integration as far as possible into a business’s workflow.
“Businesses have to prepare for a disruptive event in a way that works for them,” he says. “Simulating a datacentre takedown in the middle of a working day, for example, is a form of disruption in and of itself, and while we hold that automation over time is a desirable end product, it isn’t realistic to expect it immediately.
“Consequently, we do a lot of work with customers to test Cutover in a way that mimics an actual response to an incident without disrupting the working day too much. We integrate with current working processes instead of demanding a complete digital overhaul.”
In Lea’s estimation, the main mistake that businesses make when it comes to upgrading their data recovery plans is assuming that, because they have made the switch to cloud, they are automatically resilient. Despite signing up with cloud providers such as AWS or Azure, Lea stresses that businesses still have to structure their applications or services in a way that takes advantage of the resilience features those cloud providers offer.
“You also need a process, a plan to recover your service to an alternative region,” he says. “And you have to have the ability to test that. Clearly, there’s a cost involved, where the more critical the application, the more resilience you need to bake into the architecture.
“As you come down the criticality stack, businesses tend to architect their applications more cheaply, because those applications perhaps aren’t in constant use. But that’s where vulnerabilities start to open up – and it would be prudent if more businesses made sure they were covered across the board.”
Why automation matters
According to Lea, the most common pain point he hears from customers when it comes to data recovery planning is the struggle to complete the total data centre failover required by regulators, especially since it tends to happen within a small window. Businesses that still rely on on-prem technology or manual processes and tools such as Microsoft Office, struggle to articulate their recovery plans, never mind capture, sequence, and follow through on their continual improvement cycles. Cutover, he says, is a useful way to encourage and enforce the articulation of recovery plans.
“One British bank was able to reduce its disaster recovery preparation time from twelve weeks to just two,” Lea says of a Cutover client. “The key for them was having a single source of truth. One place where they were able to look at the events they were preparing to set up. Up to then, they’d been dealing with multiple documents, spreadsheets, and PowerPoint. Cutover centralised that activity and turned their disaster recovery plan into a series of executable actions.
“The act of actually translating steps from a simple recovery plan, datacentre test, application change, or migration from an on-premises datacentre to the cloud, forces businesses to think about their dependencies. The advantage of a cloud-based SaaS solution is having a single source of truth means that everyone can see what’s going on in real time. Everyone knows what the current state of that activity is and information is accessible, which helps organisations be more flexible in their approach to recovery.”
Cutover interconnects teams and technologies through Collaborative Automation, enabling organisations to successfully manage their IT disaster recovery, cloud migration, and release strategies.
Learn how Danske Bank improved operational resilience efficiency by 300%