Ryan Weeks, chief information security officer at Datto, shares his five top tips for testing your disaster recovery strategy to make sure it provides adequate protection against damage and downtime from ransomware and other threats.
The ransomware threat is alive, kicking and causing a headache for many data centre managers.
Some businesses never recover from an attack and according to a recent survey amongst managed service providers (MSPs) conducted by Datto, the associated system downtime is now costing European businesses around £26,300 on average, which is 12 times greater than the actual cost of the ransom requested.
The same survey also found that businesses in Europe are now suffering more from ransomware than their global counterparts.
84% of MSPs reported ransomware attacks against customers, a higher percentage than on all other continents. The average number of incidents per year within an MSP’s client base was five.
Four in ten (42%) of the surveyed European MSPs even stated that their small and medium-sized clients had suffered multiple attacks in a single day.
With ransomware infections in the cloud also reported to be on the rise, having a good business continuity and disaster recovery (BCDR) strategy in place is therefore more important than ever.
This should not only minimise risk of system downtime and loss of sensitive data, but also help meet increasingly strict data protection requirements such as those of the GDPR.
Implementing the technology and processes needed to recover from a system outage is the first key step, but to find out just how solid the strategy is, regular testing of your disaster recovery capability is just as vital.
Scheduled and frequent testing – and allowing adequate time to resolve any problems that the tests might highlight – is the only way to guarantee that business operations can be restored quickly and smoothly in an emergency.
The purpose of these tests is to find and remedy any issues before real disaster strikes. Businesses should follow these five key steps for effective disaster recovery (DR) testing:
- Choose the right technology
The backup and disaster recovery solution selected must support various types of testing.
Modern disaster recovery systems offer instant recovery features; they store frequent image-based backups and replicate server images to the cloud.
In case of a primary server outage, operations can then be restored directly from a backup instance of a virtual server.
During testing, you can now easily start up virtual machines locally or in the cloud and check the ability to re-establish the most important services to the business, such as email and database applications. This approach has fundamentally changed DR testing.
Many disaster recovery tools come with a pre-test checklist of specific tasks that must be completed prior to testing.
Omitting those can create inaccurate test results, which would invalidate the entire test process. So always refer to the vendor’s guidance first.
- Carefully define the scope of testing
Are you testing in a cloud-based environment that mirrors the production environment, or going beyond that, perhaps even including non-IT services such as emergency generators?
Some of the more drastic test methods – such as unplugging a server to simulate an outage – introduce a risk of data corruption or data loss.
The chosen method will ultimately depend on the time and resources available, but also on how much disruption and risk your organisation can tolerate during testing.
Do not take shortcuts or perform incomplete tests, or you may miss potential issues that might impact your ability to restore systems and data in a real disaster scenario.
- Define the frequency of testing
There is no magic number, but routine tests might take place every four to six months, depending on resources and on weighing up the potential risks.
You might conduct local spin up tests quarterly and a more comprehensive cloud failover twice a year, for example.
However, additional testing is always required whenever there is a substantial change to the production environment.
- Document absolutely everything
From network details through DR plans and testing processes to test results.
You can choose from a wide range of tools to help with this, but the documented information must always go beyond pure IT and include other information that might be required during a disaster event, such as key contact lists for technology vendors and support teams.
- Do not neglect reporting
Share the test results with the board of management and other key stakeholders to demonstrate the value and the validity of your DR strategy.
It’s important that a business can be confident in its ability to recover from an outage, so the report should also show how issues have been resolved.
Conclusion
Disaster recovery testing is all about finding the flaws in your disaster recovery plan and fixing them accordingly.
However, many businesses unintentionally conduct tests that fail to accomplish that goal because they take shortcuts or ignore vendor manuals.
Following the above advice should ensure you have taken the important steps towards protecting your data centre from ransomware and other disasters.
