When developing a recovery plan, organizations consider the what-if scenarios. Not only in the IT field, actually all facets of business operations should be included.
If the company is located in a region that is a potential flood area, then there must be a recovery plan that addresses this. Bad weather may need extra attention. What does that mean for the organization and how do they handle it?
If, for example, a lot of work is still done on-site, the next question is: where must employees absolutely be able to access? Are the necessary IT resources arranged for that? How do you ensure that employees can continue working from other locations in case of an emergency?
Many companies probably think: we have learned our lessons after the floods in Limburg and the lockdowns during the pandemic. However, our research shows that there are still significant gaps in the current recovery plans.
What is important in an IT recovery plan?
An illustrative example is that of the hospital. Should they include in their recovery plan that TVs in patient rooms always remain operational? Probably not: it is inconvenient for a patient not to be able to watch TV, but it is not life-threatening.
What hospitals should focus on are the business-critical components, such as the operating rooms, the intensive care unit, and the emergency services. This means that, for example, an emergency power supply must be included in the plan. But also that business-critical systems are implemented redundantly. In situations where, for example, quarantine plays a role, this can even include an exhaust system.
The hospital cannot go dark if someone accidentally hits a cable during excavation work.
This principle applies to every company. Organizations must continuously determine what is truly necessary to survive. This starts with recognizing the business-critical components, or the components from which the organization derives its right to exist. An example: for trading banks, these are the IT resources through which trading occurs. A failure of these leads to significant payment problems and loss of trust, and thus reputational damage, often within a very short time, sometimes within just a few hours.
The role of the cloud
Cloud providers can also experience outages and (partially) fail. This has direct consequences for organizations using this cloud: they are then also unreachable.
Fully transitioning to the cloud does not change the issue of redundancy. If everything is with one provider and that provider fails, a problem arises. If the organization communicates with that cloud provider through a single connection and that path fails, the same applies.
Organizations must ensure that they can access or unlock a service or services in multiple ways. This should also be included in the plan.
Compare it to the physical location of the company: if there is one bridge leading to it and that bridge collapses, a problem arises. With two bridges, the location remains accessible. The same applies to IT resources. If organizations have two doors, they can always enter, provided they have the keys.
Key management
The management of those keys should also be included in the plan. If someone loses their house key and is locked out, they are faced with a closed door and need a crowbar to get in. The same applies in IT.
If an organization needs a certificate to access services and that certificate expires and cannot be reapplied for, a problem arises. Then the organization no longer has the key to the service. There must always be a fallback scenario for this.
Especially in the cloud, this is crucial. If cloud services are well secured, they are encrypted. In the event of loss or destruction of the key, only a lot of ones and zeros remain, but no data and no information.
How long is the recovery time?
If things do go wrong, organizations need to know how long it takes to recover. How long does it take to prepare the recovery actions? How much time does the actual execution take? Which people are needed for this? What mandate? Which suppliers?
In preventing a crisis, such matters must be established and agreed upon in advance. This should therefore be included in the plan.
The order in which recovery is executed is also important. First, the network must be operational again. Without this layer, you cannot transport data. After that, the application and data layer are next.
Why is this order important? In a different order, problems can arise with timestamps. If they are no longer synchronized, the applications can no longer communicate with each other, leading to data loss.
Without a plan, no recovery
A good IT recovery plan must also include a good process description. Who is allowed to take which steps? Who communicates with whom? If necessary, typed work instructions are created that are dummy-proof. Then someone can always restore processes, even if the regular IT administrator cannot.
