Risk, Recovery and Resilience are the three R’s of disaster recovery. Are you ready to face a disaster? Have you evaluated the risks? Have you documented and provisioned for the risks? What do you think should be your time to recover? What will be the estimated loss if you are unable to recover business operations quickly? How resilient is your business? If you have answers for some of the above questions—you have began the process of putting together a disaster recovery plan. If you have answers to all the above, you have a disaster recovery plan in place!

Risk is inherent in everything. IT infrastructures—desktops, laptops, mobile devices, servers or networks—are at risk. Desktops containing mission-critical data that is not yet backed up into the server can be corrupted, destroyed or stolen. Mobile devices may be misplaced during travel or data contained in the devices may become inaccessible for different reasons. Networks may not function well and data may be lost, hijacked or corrupted in transit. Disaster recovery planners need to identify every possible risk and evaluate their impact on the business of the enterprise. They need
to understand that certain risks are high risk, potentially destroying the business; and then there are medium and low risks that may affect the business to different degrees, ranging from mild to moderate. The risks and impact need to be documented and solutions need to be spelled out for each kind of risk.

Recovery from disaster will be determined by the level of preparedness of the organization. If a risk has been identified and provided for, disaster recovery personnel need to follow the steps set forth in the disaster recovery plan and the business can hit the ground running. If the risk is unidentified or unexpected, there will be no recovery plan in place and the disaster may cripple the business for hours, days, months or even years. An instance in point is the 9/11 disaster at the twin towers in New York. Businesses which had taken their data offsite and created hot sites for recovery survived the
cataclysm. Others went down with the towers.

Resilience is the measure of the ability of the business to survive disaster. Public perception of ‘Resilience’ can make the stocks of a company plummet or rise. Disaster recovery plans improve resilience and public confidence in the business operation.

Cloud computing has facilitated IT disaster recovery in many ways. First, it separated local IT infrastructure from storage and reduced the risk of data loss. Online backup ensures that data is taken offsite instantly and painlessly and stored in secure vaults that are accessible only to authorized personnel of the company. Second, it has enforced discipline and made small and medium enterprises aware of data security. More and more companies riding the cloud are
examining cryptographic models and analysing security issues associated with the cloud and by transference security of local systems and networks. Thirdly, cloud computing has brought professionalism into disaster recovery as online backup service providers take on the mantle of IT disaster recovery managers and put in place disaster recovery plans covering most if not all of the possible disasters that can put the business data at risk. Finally, cloud computing has increased resilience of small and medium enterprises and has equipped them with alternate means of recovering data using web based interfaces from anywhere, anytime to same, similar or entirely different computing environments.

As a result, small and medium enterprises signing up for infrastructure as a service or software as a service are advantaged. All their IT infrastructure and data related disaster recovery is automatically provisioned for and they can focus their energies on providing for other kinds of disasters that may cripple their business. In this, cloud computing has proved a boon to small enterprises that would otherwise compete unequally with their large brethren.