Sandeep Ghildiyal, practice head, Platform Consulting, Wipro Infotech, speaks to Biztech2.0 about the intricacies of building a comprehensive DR plan.

Where do you begin Disaster Recovery (DR) planning?

For a DR plan to be successful, the important aspect is an exhaustive planning process. You have to start by conducting a risk analysis process specific to your organisation. This includes discovering the risks present in an organisation that can impact business operations. The next step is to profile those risks. Some risks might have a high impact, but the occurrence might be low and vice versa. Ultimately this process needs to highlight risks that have a high business impact combined with a high probability of occurrence.

The risk analysis depends on the types of risks that an enterprise wants to factor in to their disaster recovery plan. The next step is to conduct a business impact analysis for the risks that are going to have a major impact and then plan a recovery strategy around those risks.

What are the guidelines that you can use when conducting a business impact analysis?

A business impact analysis is a very organisation specific task, hence it is difficult to lay down guidelines that would be applicable across all verticals. The important aspect of a business impact analysis is understanding the business issues specific to a particular organisation.

An impact analysis generally starts with a workshop session that involves all the divisions of that particular organisation. This process from risk analysis to business impact should be conducted as a joint exercise between the external consultant and key members of the organisation.

What are the essentials storage managers need to take into account when they plan for a disaster event?

When you talk about DR from a storage perspective, what’s important is the recoverability of the data and not how secure the data is. For an organisation’s backup data, they should conduct restoration drills to ensure that the data is secure and can be restored at any point of time. Generally what happens is that enterprises backup data at regular intervals but at the time of a disaster, when they really require it, recoverability of data becomes a big issue. 

Two important steps that a storage manager needs to keep in mind is whether the data is getting backed up properly and ensuring that recoverability does not become an issue.

For example, one of our big clients experienced downtime of their database servers during a disaster. When they tried to restore the data to get the database up and running, they discovered that the restoration did not work and they had to fall back on the disaster recovery site to restart operations. Had they done regular DR drills or recoverability testing then they could have avoided this scenario.

Can you outline some best practices for the lifecycle of a DR plan?

A best practices regime or approach should be taken to cover the entire lifecycle of a DR plan. Most organisations start a DR plan by inviting technology vendors without profiling the risks that they want to mitigate. There are a lot of risks not directly related to technology but related to the people-process aspect, which occur in every organisation. For example, if a database administrator accidentally deletes a file, any security company or product cannot solve the problem. Planning for these errors has to be incorporated into the planning process for DR. The best way to approach DR is to first cover planning for the entire DR lifecycle and then deal with the technology to enforce that plan.

What is the most common mistake when it comes to DR planning?

The biggest myths surrounding DR planning is that it’s a one time, ad-hock job. Organisations feel that once they are done with the planning, they can forget about DR. For a DR plan to be successful it need to updated, tested and refined continuously.

Organisation need to conduct DR drills, find loopholes in their existing plan and then work towards plugging those holes. All organisations keep rolling out new solution or processes. The DR plan has to be modified to accommodate these new processes.

Therefore the DR plan is an ever-evolving process. The more DR drills you carry out, the more an enterprise refines the DR plan, the better the DR plan.

Can you elaborate on any trends you have come across in the DR space?

One of the trends I have noticed all over the country from the customer requests that Wipro Infotech gets is that some of the smaller organisations, which a couple of years ago would not have given a second thought to DR planning, have actively started thinking about it.

Disaster Recovery evolved primarily as a regulatory and compliance requirement but is now driven by competition. Companies are more worried about not providing services to a customer when they really require it, regardless of the size of the company. Over the past year, DR has become a buzzword amongst the Indian IT community and more and more companies are realising the importance of DR planning for the survival of the organisation. In time to come, DR will become one of the most critical success factors for any organisation.