Disaster recovery has a cost, whether you measure it in money, time, or effort. It’s a cost that starts in the planning stage, before any disaster happens (hopefully), but it’s also supposed to be an investment or an insurance, in case something goes dramatically wrong. And of course, any discussion about investment soon leads to one about returns. How much should you spend on your DR for the right compromise between overspending and negligence – or to put it another way, how close to the wind can you sail? The answers below may give you food for thought.
A healthy margin of safety in disaster recovery planning is generally advisable. Such a margin is in turn defined by the limit or tipping point, meaning the level of disaster recovery planning and readiness below which your business could be severely and irreversibly damaged by an IT disaster. Where is this point? You can get a reasonable idea by looking at your business requirements in terms of system and data availability. These in turn define your RTO and RPO, and give you performance targets to aim at when you define the DR solutions to be implemented. If you are too stingy with your DR preparations, your risk of your DR itself breaking will increase, and overall risk may climb to unacceptable levels.
What then if your IT runs in the cloud, backups are automated, system configurations are automatically saved, and servers and virtual machines can be spun up inexpensively at any time? Does that justify reducing or even eliminating the budget of money, time, or effort you might otherwise have spent on planning and managing disaster recoveries? Murphy’s Law says that if anything can go wrong, it will do so, and at the worst possible time. Indeed, anything could happen, from cloud providers failing to open for business next week to disgruntled employees sabotaging systems. You still need that safety margin: the consequences of sailing too close to the wind are too dire, otherwise.