The Vital Role of Robust Disaster Recovery Planning

Digital dependencies are the norm, so safeguarding systems against unforeseen circumstances, such as cyber attacks and regional system outages, is paramount to prevent data loss and operational downtime. 

In this article, we'll examine Formpipe's Disaster Recovery (DR) provisions and how we can help businesses of all sizes optimise their Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to ensure that they can mitigate myriad IT system risks. 

Understanding the vital importance of disaster recovery plans

Disaster recovery comprises a series of policies and procedures designed to maintain IT system functionality and bring services back online swiftly in the event of unforeseen circumstances. Disaster scenarios can range from individual virtual machine crashes to full-scale cyber attack breaches, natural disasters or regional data centre failures. 

In heavily regulated industries such as banking and healthcare, robust disaster recovery plans and meticulously documented procedures are vital for maintaining compliance and avoiding substantial fines from regulators. 

A stark example of this is the 2022 incident where TSB was fined £50 million by the UK's Financial Conduct Authority (FCA) for a series of IT failings that resulted in millions of customers being locked out of their online bank accounts for weeks. 

Similarly, in the healthcare sector, Oxford Health NHS Foundation Trust experienced a cyberattack in August 2022. Criminals targeted patient data records, ambulance dispatch units and financial systems, rendering doctors unable to access patient records for an extended period. One year later, the affected Trust remains engaged in discussion with the tech firm responsible for installing its ERP system, seeking financial compensation for jeopardising patient care. These cases highlight the critical importance of safeguarding sensitive organisational data.

However, system outages can still occur even when disaster planning provisions are put in place. For instance, in October 2021, Facebook (Meta) and its associated services, WhatsApp and Instagram, experienced a six-hour outage worldwide. Facebook's DNS names stopped resolving, its infrastructure IPs became unreachable, and according to the company's blog, the issue originated during a routine maintenance exercise. Despite conducting regular system testing and disaster drills to mitigate risks, the company's share price fell by 4.9% as a result of the outage. 

This incident demonstrates the importance of updating disaster recovery protocols regularly to ensure business continuity in an ever-evolving threat landscape. 

The evolution of disaster recovery 

In the past, companies bore the sole responsibility of disaster recovery planning as they had to store and backup their data on-prem - incurring significant costs for security hardware, software and personnel. 

However, cloud computing has revolutionised disaster planning, as external providers can offer more affordable disaster recovery services - even as a company's IT infrastructure grows to cover multiple regions. 

Advanced cloud computing features, such as global data distribution and zero-trust security, further streamline disaster recovery processes. Global data distribution ensures data is stored in multiple locations, while zero-trust security safeguards sensitive information by limiting company-wide data access.

However, investment in the right tooling alone is not enough to safeguard systems. Data has become more valuable to cyber criminals, with buyers on the dark web willing to pay a premium for stolen information. As a result, attackers are devising ever more sophisticated methods to disrupt company operations, steal data or extort organisations for financial gain. 

To use an illustrative example, the frequency of DDoS attacks has risen by 150% since 2022, with the repercussions of an attack lingering for months, sometimes years. In the aftermath of a DDoS attack, victims must not only grapple with rebuilding their damaged infrastructure, they also have to restore trust with their consumer base. In some cases, their efforts to recover from the reputational damage fail. A 2022 survey by Hyve found that a third of consumers would switch brands if they found out a company suffered a prolonged IT outage. 

Therefore, companies must work closely with their cloud providers to establish robust disaster recovery plans that combine cloud-based solutions with proactive testing, training and regular security intelligence sharing. 

Choosing the best disaster recovery solution for your needs

When it comes to choosing the best disaster recovery solutions for your needs, consider the following vital metrics: 

• Recovery Time Objective (RTO): This is the time it takes for your services to be returned online in case of a system outage.
• Recovery Point Objective (RPO): Refers to the maximum acceptable amount of data (measured in time) that can be lost after an incident. 

Opt for a cloud service provider that can enhance RTO and RPO with the following disaster recovery planning features:

• Structured disaster recovery protocols: Leading cloud providers conduct thorough business risk assessments and draw up tailored disaster recovery protocols designed to get you up and running again quickly. The assessments should aim to minimise recovery costs as well as data loss and downtime. 
• Robust access restrictions: Trusted cloud service providers employ strict two-factor authentication (2FA) measures and utilise on-demand privilege escalation, mitigating the risk of authorised access. 
• Rigorous infrastructure security provisions: Organisations should prioritise vendors that implement external gateway-based systems for managing resource access. This approach partitions environments into distinct network segments, providing more control over access permissions, thereby enhancing RPO and RTO. 
• High-level data security: Reputable cloud hosts deploy end-to-end encryption for data in transit and at rest. This measure bolsters RPO by preventing unauthorised data access and theft. 
• High availability: Your ideal cloud computing host should leverage multiple production nodes across diverse data centre locations and replicate data in alternate regions to improve RTO metrics, and ensure uninterrupted services.
• Comprehensive backups: Besides boosting RTO and RPO, regular data backups assure regulatory compliance across many different industries and regions. 

The role of regular testing in disaster recovery

Regular and comprehensive testing of business-critical systems is crucial. Addressing common and less common causes of unplanned downtime helps companies build well-rounded plans for any potential resource outage. 

However, many companies need help ensuring that they are carrying out adequate disaster planning tests at the right frequency to ensure they are always ready should a real-life incident occur. 

At Formpipe, we work with you to create a comprehensive disaster recovery plan encompassing all aspects of cloud hosting, including backups, uptime, data security, data residency, testing, and compliance. Our team is ISO 27001 certified, so our systems, processes, and services are tightly regulated, guaranteeing you receive consistent services at all times. All you have to do as a customer is configure the Formpipe Cloud software. 

Illustrating our efficacy with a recent case study, a Formpipe Cloud premium customer suffered a hardware failure in one of their data centres. Azure alerted us of the issue, and we were able to defer to the second node running in a separate data centre, so there was zero disruption to the company's services. 

Leveraging a high availability setup, we harness Azure's Geo-redundant Storage (GRS) to automatically back up data in a secondary region. So, if one region or data centre fails, we can rapidly recover the data from the alternate location. We offer all customers a 99% (or higher) uptime guarantee, ensuring secure access to Formpipe Cloud resources when needed. 

Implementing Formpipe’s disaster recovery solutions

Swift implementation of disaster recovery provisions also boosts your company's resilience to unseen scenarios. With Formpipe, we can get you up and running with a secure plan within two days of signing up for our services. We host exclusively on Microsoft Azure, and our solution can be adapted to your unique infrastructure needs if you use alternative cloud services (such as AWS). 

Our platform updates feature adheres to Microsoft's patches across each node, ensuring you always benefit from the latest security technologies. We also deploy regression testing to validate the updates' effectiveness and compatibility with your existing IT infrastructure. 

Annual software updates also apply bug fixes, helping you mitigate security risks. However, in rare instances where unexpected issues arise, we deploy rollback procedures alongside comprehensive reporting of the circumstances, keeping you in the loop. 

Disaster recovery planning is more than a check-box exercise

As industries and technologies continue to evolve, we set out to be your reliable partner in navigating the complexities of disaster recovery. 

Our tiered solutions ensure you can always meet your document generation and management requirements, even as your infrastructure and compliance needs change. 

In short, we take the time, effort and costs of managing disaster recovery off your shoulders, allowing you to focus more on growing your business. 

So, if you want to learn more about Formpipe and its benefits for optimising RTO and RPO in disaster recovery, contact us today or reach out to us by filling out the form below.