The four essentials MSPs forget when disaster recovery testing
By Mary McCoy
By now, most MSPs recognise that offering backup is table stakes.
Your clients can receive this service from any number of your competitors. In order to stand out and increase monthly recurring revenue (MRR), focus on the disaster recovery (DR) aspect of backup and disaster recovery (BDR). Offer your clients DR testing.
To fully capitalise on the advantages of DR testing, keep the following four best practices in mind when adding this service to your IT portfolio.
Technology alone won't save businesses paralysed by an IT emergency. DR testing should also engage on the business level, considering continuity of operations and processes along with the validation of actual data availability. How robust is your client's DR plan? Being properly prepared can be as simple as knowing who to call and having an up-to-date contact list.
Your DR plan should also avoid ambiguity and set expectations when it comes to designating team and individual roles and responsibilities. Do both you and your clients know what to hold each other accountable for or who to reach out to when something goes wrong?
Pro tip: Your DR plans are not one-size-fits-all, which means your testing should vary across your client base. Each business you serve has different needs. Many organisations have specific compliance and regulatory statutes that they're required to adhere to. You may back up and store some clients' data at a physical location offsite and others' in the cloud. No two clients are alike. When DR testing, processes and procedures should be optimised for each individual client.
How often should you be conducting disaster recovery tests? There is no hard and fast rule, and it really depends on the client in question. That being said, you should run annual DR tests, at the very least. Your clients' disaster readiness depends on every employee's understanding of the current DR plan, which they can ultimately only achieve after familiarisation with the DR testing process. And when factoring in employee turnover, testing every year helps acclimate any new hires to the proper procedures and protocol, thereby helping you fine-tune your clients' disaster response.
Considering that a company's DR strategy is only as strong as its least prepared employee, you'd think more would advocate frequent DR testing to mitigate risk. According to the 2016 Disaster Recovery as a Service Attitude and Adoption Report, however, 22% of respondents test their DR plans less than once a year or in many cases, never test at all. Help them avoid this liability and package regular DR tests into your overall BDR offering.
Sure, testing backups every year should be the standard, but even this may be too conservative in certain circumstances. Let's examine a scenario in which you may want to test more frequently. Perhaps you serve a bank or any other financial services business bound by PCI DSS compliance. To comply with regulatory standards, you may need to test this client's DR plan every three months to ensure your BDR solution meets the necessary requirements. In contrast, a barber shop's DR plan may only need to be tested two to three times per year. Again, when formulating DR plans, always make sure you optimise procedures and processes at the client level.
Strong DR documentation starts with a client's disaster recovery plan, which should outline everything anyone would need to know in the event of an emergency. This includes contact information, a detailed outline of the steps and procedures that individuals need to follow in order to activate a disaster recovery, expected time frames for recovering data and more.
Only when your response policy is put to the test, can you adequately assess the effectiveness of a DR plan. Maybe certain directions are unclear and create friction across teams. Document any and all outcomes during and after testing. What worked? What didn’t? Where were the failure points? Why did those failures occur? How do you address these in your client's plan? Were any employees or team leads unavailable? In the event that you can't reach these people in the future, who are their backups? Little details like this can mean everything when the clock is ticking and your clients' business continuity is at stake. To help ensure a more seamless DR response, record all results that may be used to improve your clients' disaster readiness. Then, conduct a post-mortem with all involved, to review lessons learned and areas for improvement.
Update DR plans
Finally, update your clients' DR plans as necessary. This testing is all for naught if you don't do anything with the data you record. It's not enough to simply remember what to do next time around. Recall the conversation around client employee churn. If your client onboards a new hire after your DR test, this employee will only have the existing DR documentation to follow. Rather than repeat the same mistakes in your next round of DR testing, correct now to save your clients later. And remember, disaster readiness is ongoing. Continue to frequently revisit and strengthen your DR plans so that testing runs smoother going forward.
The article '4 Essentials MSPs Forget When Disaster Recovery Testing' first appeared on Continuum Blog.
- » SQL Server high availability and disaster recovery for AWS, Azure and GCP: A guide
- » Three reasons why killing passwords will improve your cloud security
- » How companies can tell good cloud sprawl from bad: A guide
- » Eradicate human error and make your cloud implementation a picnic
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security