Data hosting is strategic. Whether companies choose to handle it internally or entrust it to an external provider, zero risk does not exist. The best prevention is to anticipate risks. It is essential for companies to secure their data and to implement a business continuity plan (BCP) and a disaster recovery plan (DRP).
The various viral attack issues, particularly those related to ransomware, as well as major incidents affecting data centers — such as the one experienced by OVH customers a few months ago — have enabled many companies to realize that data security is a critical issue. Furthermore, hosting in a so-called "secure" data center does not systematically include backup and disaster recovery services in the event of a major incident. It is therefore the responsibility of companies to manage risks, validate the services contracted with their provider, and test business continuity procedures in anticipation of such events.
Anticipating by putting in place a Disaster Recovery Plan strategy for the information system is paramount
For businesses, it is now essential to implement a business continuity plan. The reasons are numerous: natural risks, technical failures, or more commonly cyberattacks. It is therefore critical for all companies to put a BCP/DRP in place. To understand how a BCP/DRP works, one simply needs to keep the 3-2-1 rule in mind: "belt, suspenders, and parachute". This means that data must be copied three times, on two different media/technologies, with one backup copy stored in a secure location. This last copy is primarily there to ensure the DRP (Disaster Recovery Plan) in the event of a major failure.
BCP/DRP are technological solutions that enable data replication to be set up on a remote site. There are several types of data synchronisation:
- Active/Active: this solution is generally implemented on a mirrored infrastructure typically located less than 30 km from the production site. Data is thus synchronized in real time, enabling business continuity with minimal production downtime.
- Active/Passive: this solution is implemented on a dormant infrastructure that may be located several hundred kilometres from the primary site. Data is not synchronized in real time, and a degree of data loss is therefore accepted by the organization.
These two complementary solutions each have their advantages and disadvantages, particularly in terms of costs. It is the risk analysis that precisely defines the needs as well as the acceptable production loss for the company. This risk assessment is carried out by calculating the RTO (Recovery Time Objective) / RPO (Recovery Point Objective) of each application based on the company's vital needs. Regardless, implementing a BCP/DRP is imperative to secure and ensure the survival of a business.
How to implement a BCP / DRP?
To implement an effective BCP/DRP, one must begin by understanding and defining the service and application requirements upstream. From there, a specification document can be drawn up. Through this methodology, the company is able to think through risk management. It is nonetheless important to note that a BCP/DRP is driven by a continuous improvement approach. This must adapt and evolve in tandem with the company's information system.
The steps to implement a BCP/DRP should be viewed as cyclical steps.
Here are the key steps to follow when implementing a BCP/DRP:
- Assess risks and priorities
- Select the different technical solutions to implement
- Define all roles and responsibilities of each party within each process and activity
- Regularly test and update procedures
DRaaS: The service model in the 100% African Cloud by ST DIGITAL easily accessible to all African businesses.
Today, it is imperative to have both defined recovery procedures and the necessary skills in place for a major disaster. Failover plans should therefore be tested once or twice a year to update documentation and build familiarity with technical procedures. It is also essential to ensure that equipment is functioning properly. All of this comes at a cost. However, solutions exist to make these capabilities accessible within any budget, particularly DRaaS (Disaster Recovery-as-a-Service) solutions.
DRaaS enables the implementation of a recovery strategy based on a public or private cloud service. This alternative to more conventional solutions eliminates the need to own the infrastructure, which can be used on demand with pay-as-you-go billing and delivered as a service. This allows risk to be transferred to a third party, removing the need to manage a second infrastructure or a second site. This solution is particularly relevant for companies with a limited infrastructure or those that do not wish to deploy a backup infrastructure.
In conclusion, implementing a BCP/DRP means establishing both a human and technical organization as well as procedures to limit or even eliminate the impact of a disaster, in order to emerge stronger.
Would you like to learn more about our 100% African cloud offering?
Do you have a project or questions, would you like to get in touch with a particular region or country?