Business continuity is essential for a company to be sustainable. Interruptions and corruptions to your IT system, such as an incident on your infrastructure, a natural disaster or a cyberattack, can pose real threats to the security of your business. In its latest report, Veeam states that in 2022, 85% of the companies surveyed had experienced a ransomware attack. In addition to the financial impact, an IT failure or disaster can temporarily or permanently harm your customers’ data, and these losses can be dire for your reputation. That’s why it’s important to devote some attention to your own disaster recovery plan.

To avoid any threats to your business, it is essential to have tools and processes in place to mitigate the negative impacts that an incident like this could cause. These measures limit the risks and make it possible to anticipate any damage, particularly if you:

•     Carry out backups
•     Set up a disaster recovery plan (DRP)
•     Create a business continuity plan

The continuous and exponential increase in data volume is a real challenge for companies. They need to protect their business and infrastructure, while protecting their and their customers’ data.

There are many advantages to setting up a DRP, in addition to preventing you from having to halt your activity. A data interruption can come with a number of consequences. In addition to the financial aspect, an event like this can affect your business in several other ways, as shown in this graphic:

Data and IT infrastructure resilience is an increasingly important factor in ensuring your business continuity. This concept of resilience can be thought of as resistance to potential interruptions and your ability to keep your activity going, despite your data or initial infrastructure being temporarily unavailable. This high availability, coupled with protecting your data through regular backups and a disaster recovery plan, allows you to avoid the total loss of your data and that of your customers. This way, you can ensure that you can resume your business in the event of an interruption (such as hard drive damage, hacking, human error, or a natural disaster).

Your disaster recovery plan (DRP) sets out the business processes to implement in order to restart your activity in the event of an incident or interruption. The important indicators to include in your strategy are:

• The RPO (recovery point objective). This term refers to the maximum allowable rate of data loss. It is measured over a set period of time and is generally staggered as follows: no loss possible, 1 hour, 4 hours or 24 hours since the last data backup.
• The RTO (recovery time objective). This refers to the maximum admissible time that an application can remain down before it is restarted. The RTO is staggered in a manner similar to RPO: no delay possible, 1 hour, 4 hours or 24 hours before disaster recovery.

These indicators must be pre-defined based on the criticality of the data affected by an incident. Some applications may not require the same disaster recovery plan as others. For example, an application that uses banking data cannot afford any downtime or data loss. On the other hand, an institutional application, although essential, is not critical, so a tolerance can be allowed for the interruption time.

At OVHcloud, we have made the decision to support our customers in setting up a DRP through our technological partner solutions. This means we can offer you the most popular and tried-and-tested solutions for setting up your disaster recovery plan. Veeam and Zerto clearly demonstrate the importance and added value brought by these technological partnerships.

Implementing a DRP helps you minimise the impact of incidents on your business, and minimise data loss resulting from even temporary service interruptions. However, some types of companies — such as banks or IT service providers — cannot afford downtime. Their services must be online at all times. This means building a resilient infrastructure that can work and remain accessible in any scenario.

Building resilient infrastructures is the goal for enterprise security. However, implementing an effective disaster recovery plan is a process that needs to be continuously adapted. The plan must be tested and updated regularly. Your IT solution portfolio and infrastructure are always evolving, and your security requirements should change with it.

“[...] Resilience should be seen as a global approach within the company. It is by no means the sole responsibility of IT or security experts. From a company perspective, it’s important to build a culture of IT risk management – and this culture should be fostered from the lowest to the highest levels. Each employee should be aware of their role and responsibilities in this overall strategy. To successfully implement an IT resilience plan, it is essential to start with a realistic risk assessment. It must be conducted on a regular basis. We usually recommend running it every 6 months on all of the critical points in your system.”

Arnaud Wetzel, co-founder and CTO of KBRW, and Ronan Garet, Site Reliability Engineer

A disaster recovery plan allows you to react to an unexpected event that could harm your business. To ensure your business continuity, you need to plan the actions you need to take before, during and after an incident, so that you can maintain your services, and ensure that your business can carry on functioning under the best possible conditions.

This plan is based on three factors:

• Ensuring transparent and reassuring communication on the channels available to you (e.g. email, social media, press) regarding the potential crisis. Keeping your teams, customers and partners informed of the progress of the incident resolution and notifying them when the incident is over.
• Establishing an action plan for your teams in the event of an incident. They need to know what to do, and who to contact. For example, ensure that they are regularly updated on planning and security policy changes.
• Having a resilient IT infrastructure. This is the best way to keep your services online in any scenario. This helps you avoid any loss or cost associated with service interruptions.

Planning procedures to follow will help you deal with most situations that impact your business. Our partners can provide you with consulting services to help you set up a DRP or business continuity plan.

“[...] the first step to take involves properly identifying your resilience needs, depending on the hosted service. Each service’s level of criticality must be defined, along with the risk involved in the event of an availability issue. Once we have completed this assessment, we enter the design phase of the architecture, looking all the elements identified during the assessment phase. [...] We can identify three different infrastructure plans that the customer needs to work on to ensure resilience:

Resilience of the production infrastructure,
Backup implementation,
DRP implementation.

These solutions must of course be secure, to ensure that all customer data is kept under lock and key.”

Jean-Charles Ferrand, Managing Director of Partitio

*According to a study conducted by software publisher CA Technologies.