David Cumberland

(Photographer && Programmer)

What's your disaster recovery plan?

28 February 2020

If your production systems went down right now, lost forever, how long would it take you to be back up and running? What would your process be? Do you outsource IT? Do you keep backups, and how recent? How much data have you lost?

image source: tenor

Note: I’m no expert in this field, but I do have some experience and you should only follow this as a guide only.

These are the tough questions, which is why it’s important to have such a plan in place. All businesses big and small should have a disaster recovery plan in place. Sure, your business might not have the required budget for a team of IT professionals to keep things running smoothly 24/7, but it doesn’t mean that you can’t put procedures in place to protect your business.

Since there’s been plenty of attacks on some large companies in the past few months, I began to wonder if they actually have any backups or a plans in place; which made me wonder, how would my plan hold up (read more on this further down). How’s your plan? Let’s take a look at your website first.

Website

A good hosting provider will have some sort of backup service in place to protect themselves if anything were to happen to their server. This usually extends to the customer as well. My hosting provider provides hourly backups up to 30 days (rolling 30 day backups) all included in the hosting cost, and the backups are stored on a secondary server using Acronis. Sometimes it’s a little bit extra per month to keep backups at a regular interval, how valuable is that small fee if your files and data were lost right now.

This all depends on your website and what you do with it. If this is a static website that provides information about your company and is updated between none or once a week, then basic backups with your hosting provider should be able to cover that. If you’re running an online store, forum or service that allows for dynamic content from your customer base, then more regular backups are required. There are a number of ways this can occur, from hourly backups to a replication database (2 database servers, one reads, one writes), but this moves into more of the online presence than a basic business website. We’ll cover the bigger sites further down.

The next step is how quickly can these backups be applied? The longer it takes, the more business you could miss out on. If you’re unsure, always ask your hosting provider, and see if they can assist, they usually have a priority channel you can reach out to.

Computer Systems

Do you have an internal network, how many computers are attached to a central server? Do you allow personal devices onto the network or computer systems (USB, Laptops, Phones, etc)? Do they meet your security policy? Who has access to the production environment(s)? If one computer gets infected, it could spread out and start infecting other systems (like the current state of the Coronavirus) and eventually your central server.

Onsite servers require more maintenance than third party servers as you are responsible for the backups, firewalls, antivirus, etc. Let’s say your central server gets hit by ransomware right now, and now everything is encrypted with no hope of decryption. What have you lost access to, is it spreading to all computers attached? Are you hosting your own emails (why would you do this anyway?) Easiest solution, go get the most recent offsite/onsite backup and restore the server to that state, re-image all computers on the network that are infected, and then try to find the source of the problem. This won’t be a one-solution-fits-all method, what if these computers don’t save to the server directly, what work has been lost? Is there a backup procedure in place for each individual computer? I sure hope so!

Physical Items

It’s not just computer systems. What about important paper documents? Onsite backup drives? I think this part should be left to the experts in the field, but just have a think about that.


Our Disaster Recovery Plan

When it comes to computer systems and our website, this doesn’t really effect us too much, it’s more of an inconvenience. Our website is hosted with a third party who manage backups, our emails and important documents are hosted with G-Suite (Gmail, Google Drive), work in progress is stored on multiple drives and syncs on DropBox. Final results are stored online (offsite) and on hard drives (onsite). If something were to happen, there’s just one draw we need to get access to and run. IT wise, all my code is stored within third party services (GitHib, BitBucket, etc), so I rely on their disaster recovery plan. I also have TimeMachine that backs up automatically when I dock my Mac.


Photo by unsplash-logoDDP