The Difference Between Disaster Recovery and Business Continuity

The terms business continuity and disaster recovery are often used interchangeably but they are not, in fact, the same thing. It is useful to have an understanding of the fundamental difference in order to carry out effective planning.

Business continuity (BC) planning refers to a strategy that lets a business operate with minimal or no downtime to critical business processes. This process goes beyond IT services and includes work facilities and staff availability. Disaster recovery (DR) supports the business continuity plan and refers to the ability to restore the data and applications needed to run your key business processes should your data centre, servers, or other infrastructure get damaged or destroyed. One important DR consideration is how quickly data and applications can be recovered and restored.

The design of both solutions must balance a company’s tolerance for down-time against the budget available to fund protection. Options include in-house save/restore, external DR service and/or hot standby. Each of the options comes with an associated speed of recover and cost.

Focus on Protecting Your Data

Whichever strategy you pursue, protecting your company’s data is critical. If your company lost some or all of its data, it could be catastrophic. You may not know what to bill to your customers, what they already owe you, and what you owe to your suppliers and partners. Inventory information, manufacturing processes, contractual obligations, and competitive intelligence would all be gone.

Disaster recovery plans are developed so that everyone knows exactly what to do to help the business IT function recover in the aftermath of a major catastrophic event. Earthquakes, hurricanes, floods, and acts of war have all caused big companies to either activate their DR plans or deeply regret not having one. Plans would include having recent off-site stored backups of all data available for restoration once replacement systems can be established. The more recent the backups, the better, meaning that the planning, scheduling, and rotation of data to offsite facilities is an integral part of a good DR plan. Having a replication based HA solution would be best solution. It could mean IT recovery in minutes or seconds rather than hours or days.

When largescale disasters happen, they can destroy or incapacitate entire buildings, towns, and cities. This is where the concept of redundancy becomes critical. You may backup your data locally, and should a server or storage device fail, you simply replace it and restore the local copy of your data. However, if a major outage hits your building, perhaps even your entire, you’ll need to be sure business critical data is replicated far away in a remote data centre, perhaps more than one.

BC measures need to be put into place at multiple levels. For example, redundant servers, redundant storage, even redundant data centres may be required to provide enough availability to support continuity of the business within the recovery time objectives. Anything that could fail must be considered, including personnel and physical premises. Replacement personnel may need to be ready to step in, and substitute locations must be designated where employees can work should a calamity befall the operation.

It’s easy to see why people use the terms interchangeably. True continuity of business operations requires high availability, which is the lowest level of fault tolerance, and the ability to recover from a disaster almost instantly.

Beyond replicating your valuable data, if your company can’t afford to stop doing business, you’ll need to replicate your entire infrastructure. When an outage or disaster occurs, your network “fails over” to the redundant data centre and your people continue working as if nothing has happened. Users unable to access the company’s network can connect to the secondary data centre easily from wherever they can securely access the internet.

Speed vs Budget

You may be unsure of just how much you need to invest to achieve the level of resilience appropriate for your business. You clearly don’t want to overspend, but you shouldn’t under protect either. Start your process by assessing the importance of each business-critical asset including data, IT infrastructure, facilities and people and create a specific plan for each. Compare the approximate cost of each plan against the value delivered by the asset to establish an acceptable ratio. From there, the rest of the process is one of logistics.

Leave a comment