Disaster Recovery

Disaster recovery involves delving into a number of methodologies and technologies. However, every effective disaster recovery strategy involves the following five elements:

1. A disaster recovery team: The organization assigns a team of people responsible for making, implementing, testing, and managing its disaster recovery plan. The plan must outline the role of each member of the organization, as well as their responsibilities in the event of a disaster. If a disaster happens, the team members must have predetermined methods of communication with each other, employees, customers, and vendors. The communication plan should account for likely infrastructure failures that may negatively impact email and other methods of conveying information.
2. Evaluation of risk: The organization must figure out the various hazards that are likely to necessitate a disaster recovery plan. Then the appropriate measures should be designed based on the event type. This may vary depending on geographic location. A range of natural disasters—even those uncommon to the area—should also be accounted for. When considering what to do in case the organization suffers a cyberattack, the functionality of the systems and endpoints at risk must be included in the disaster recovery plan, as well as essential and sensitive data.
3. Identification of business-critical assets: An effective disaster recovery plan documents the systems, data, applications, and related resources that are most essential to maintain business continuity. The plan should also outline the steps needed to recover and protect important data.
4. Backups: First, the team needs to figure out what must be backed up or moved if a disaster hits. The organization also has to make sure the backup methods are established, as well as who will be responsible for creating the backups and performing any restorations or migrations. The plan should involve a recovery point objective (RPO), which dictates how frequently backups are made, and a recovery time objective (RTO), which outlines the maximum acceptable amount of downtime the organization is willing to tolerate after a disaster. The data from these metrics will serve as a guide as the IT team determines disaster recovery objectives.
5. Testing and optimization: The recovery team is responsible for making sure the disaster recovery system is ready for an event by continually testing it and updating its various elements. For cyberattacks, for example, the team must make sure the security measures in place are up to date and reflect the most recent cyber threats on the landscape.

A disaster recovery team includes the following roles:

• Senior Crisis Manager: The person in this role has the authority to implement the disaster recovery plan by communicating with disaster team members, employees, and customers to coordinate the disaster recovery efforts.
• Business Continuity Manager: This manager ensures the disaster recovery plan addresses the issues discovered from a business impact analysis.
• Impact Assessment and Recovery Manager(s): These IT and business experts assess the damage and fix IT infrastructure, servers, applications, and databases.

There are several types of disaster recovery methods, and an organization can choose one or combine multiple techniques to suit their situation.

1. Backup: Backup is the most basic kind of disaster recovery. Backing up involves storing data either off-site or in a removable drive. Backing up, on its own, is typically insufficient because the network infrastructure is still left without a recovery solution.
2. Cold site: When an organization uses a cold site, they set up some of the most essential elements of their infrastructure in a remote site that is rarely used. If a disaster occurs, employees can relocate to the cold site and resume their work. Because a cold site typically cannot recover or protect data, it may be an insufficient solution on its own.
3. Hot site: A hot site has copies of data that are regularly updated with essential data. They cost more to set up, but they allow a business to recover with far less downtime.
4. Disaster-Recovery-as-a-Service (DRaaS): If an organization is struck with a ransomware attack, a DRaaS company shifts the organization’s computer processing to a cloud-based infrastructure. This makes it possible for the business to keep operations going even if its own servers are down. In many cases, an organization can benefit from lower latency by choosing DRaaS servers that are close by. However, some disasters may also affect the DRaaS infrastructure if it is physically close to the organization. Therefore, some companies opt for DRaaS providers with servers that are farther away.
5. Backup-as-a-Service: With BaaS, a third-party provider is tasked with backing up the organization’s essential data. The IT infrastructure itself would still need a recovery solution, however.
6. Datacenter disaster recovery: A data-center depends on physical elements to store and process data. Data-centers must keep elements such as fire suppression tools and backup power at the ready to reduce or negate the effect of disasters that can impact physical infrastructure.
7. Virtualization: With virtualization, an organization can back up operations and data on a replica of pieces of its system. With some architectures, a complete replica in a virtualized environment is possible. The virtual machines, positioned off-site, can be used by the company to quickly resume operations. Virtualization also makes it straightforward to include automation as part of the disaster recovery solution. The transfer of data and workloads can be set up to occur frequently or on a regular basis, which ensures the recovery solution is up to date and ready to handle the necessary workloads.
8. Point-in-time copies: A point-in-time copy is a snapshot of an organization’s entire database. If the data is unaffected by a disaster, a point-in-time copy can be used to restore data at a certain time in the past.
9. Instant recovery: With instant recovery, both the data and the entire virtual machine are included in a snapshot, making it possible for data and processes to be recovered quickly.

Disaster Recovery as a Service (DRaaS) uses cloud services managed by a third party to host and replicate critical path functions for full recovery in the face of a disaster. A service-level agreement (SLA) defines the role and responsibilities of the DRaaS provider in the recovery efforts and the timeline.

Disaster Recovery is part of Business Continuity. Business Continuity is a proactive effort to mitigate risks and plan for an organization's operations to continue regardless of the type of interruption. Disaster Recovery focuses on the IT infrastructure and systems needed by the organization to resume operation after an interruption occurs.

An effective disaster recovery system is only as good as its security. With the Fortinet Security Fabric, you can make sure your disaster recovery infrastructure is safe from attackers, so you can be back up and running with the help of uncontaminated systems and data. 

The FortiGate next-generation firewall (NGFW) provides deep packet inspection (DPI), making it an effective tool to use on the edge of your disaster recovery network. With DPI, FortiGate not only catches the threats that normal firewalls detect but it also uses artificial intelligence to look deep inside the contents of a data packet to identify malware and other threats that can impact your disaster recovery architecture.

The FortiWeb web application firewall (WAF) provides protection for your disaster recovery system against both zero-day attacks and threats to your web application programming interfaces (APIs). If your disaster recovery system incorporates a parallel system running a business-critical API, FortiWeb can keep it protected so it is ready to go to work immediately in the event of a disaster.