Risk Management, Mitigation, and Recovery
Article Featured Image Source: http://www.deviantart.com/art/disaster-is-coming-164089061
When you are running an infrastructure there are a few things you should be prepared for, mainly for the worst.
- Risk Management / Analysis
- Risk Mitigation
- Disaster Recovery
If you didn't know about these three items (or maybe you've only over heard or read about them briefly), it's time to take some notes. Many businesses that do not have disaster recovery plans in place (due to a lack of risk mitigation, analysis, and over-all management) either fail right away or fail within the next few years due to the loss of data, assets, and so forth (with data being probably the most important of them all).
Risk Management / Analysis
This is the starting phase. Here, you would manage your risks and identify where your most valuable assets are.
- Where / What are our most valuable assets?
- Is the storage server the most valuable piece of equipment or is it the non-tangible data located on the storage server?
- Is it the web server that houses the entire front-end?
These are three questions. I'm sure by now, you're already thinking of other important nodes, equipment, and data that are part of your infrastructure that could more than likely use some mitigation.
The analysis that relates to risk management is to, of course, analyze your assets to see how they are the most risky to lose if the situation ever came to be.
This segues us into the next area...
There is no such thing as 100% up time and no such thing as a 100% secure server (that is online).
Mitigation is just that. Mitigation. You are planning and knowing something bad will happen to your most important pieces of infrastructure. Mitigation is the practice and planning to make sure that when these bad things do happen, the impact is minimal.
- How do I protect my web server from hackers?
- How do I prevent a loss of data?
- What do I do in the event of a network outage?
There; another three examples that should have you pondering. Risk mitigation is the condom of the IT world and unfortunately, it seems there are many of people that don't use it.
Once you've figured out where your risks are and mitigating it as best as you could, you will still need to plan for the worst. Fortunately I can stop giving examples because the examples provided in the Risk Mitigation section above apply here (because I purposely thought of the worst things I could think of).
You need a strong Plan B for business continuity; to ensure everyone can still work, has their data, and doesn't have to be ball-and-chained to a desk at the office (because in some catastrophic events the office may not be there any more).
What will you do in the event of a disaster? It does not have to be just environmental.
- Will users work from home? If so, how?
- Is there a secondary, emergency office already set up at a different location?
- How will you retrieve any data that is needed?
Your plan will need to be applicable to almost any disaster that were to come your way (excluding the apocalypse). Not only that, those who could be potential receivers (pretty much everyone..) of said disaster recovery plan need to be made aware of it, review it, and more than likely test it. There; I said it. Testing.
One of the most over-looked aspects of any backup system or plan that is in place is the testing. I cannot say it enough times, test it over and over again, multiple times a month, every month to make sure it works as expected. This is because when crap hits the fan there will be no finger crossing. It works.