Disasters happen, be they manmade or natural, no corporation or government can ever assume their data and access to their data will be exempt from damage. Disaster recovery is their ability to recover electronic data and data processing to pre-disaster levels in the shortest possible time thru forward planning and setting policy objectives.
Preparing for disasters and knowing that recovery will be possible requires careful analysis of the threats facing a corporation such as earthquakes, terrorism, hacking, staff strikes, electrical failure, even human error, and understanding the consequences for data of each possible situation.
The simple activity of keeping off-site data backups may be all that is required for recovery in smaller corporations and private households, but in larger corporations most responsible IT managers would consider this a basic minimum which would already be provisioned and costed as part of their annual budgets.
Some disasters on the other hand have very little to do with recovering backups, a denial of service attack (DoS) on the corporate website could happen at any time, and all the backups in the world won’t help the corporation with their recovery, instead skilled manpower is needed. This is the sort of disaster that affects a corporation’s ability to use it’s data and communicate with stakeholders, and if not contained quickly affects credibility and stockholder confidence.
Forward planning for eventualities such as DoS attacks and other forms of hacking or viruses often involves contracting third parties for network routing and emergency response. Common network related disasters include hacking, viruses, server and router failure, cable fractures or satellite failure, or any number of other failures in the network loop.
Protecting a corporation from disasters is costly, and often considered a wasted expense until after a major disaster has occurred, and business recovery specialists often complain of the difficulties they face convincing management and staff of the need to work to set procedures.
Equipment and network redundancy plays a large role in mission critical disaster recovery, and may in extreme situations require two or three completely separate systems performing the same task. Many Fortune 500 corporations may not need completely redundant systems that can be brought online almost instantly although this is common in larger financial corporations, and of course large telecommunications operators.
The construction of disaster proof data centers with high levels of redundancy, fire containment, and temporary power generation is often seen as integral to disaster recovery planning, as well as provision of redundant network loops to third parties. Most major corporations and governments allocate as much as 5% of their annual IT budget to disaster recovery planning, a high expense, yet preferable to not continuing in business in the event of catastrophic data loss.
Preparing for every possible contingency would require superhuman effort and unlimited funds however using the Pareto Principle (80-20 rule) and planning in advance for the few disasters that could permanently shut down the corporation is much more affordable, and once these steps are in place the incremental cost of adding more preparedness may not cost that much more.