In theory, disaster recovery planning and management are what every self-respecting organization should practice. Restoring systems, databases, and networks – and more importantly, IT-enabled business functionality – after an incident is one of the highest priorities for most enterprises, so dependent on their IT to carry out their daily activities. The problem is that too many organizations do not know, in real terms, what they should be recovering.
The root of this problem lies in poor IT asset management. Too few enterprises know what assets they have, many cannot locate or properly describe large amounts of assets that are logged in their assets register. This leads to follow-on problems, such as the viability of investments made in disaster recovery solutions (why pay for recovery of items you cannot locate?); and potential problems in the event of insurance claims (how can you prove to an insurer the value of damaged or destroyed IT equipment?).
Initial acquisitions of IT assets are often well recorded. What happens to the information on those assets afterwards is another matter. Items change location, users, configuration, or combinations of any of these, with ever widening discrepancies between the descriptions of the items and current reality. Part of this may be due to large items being recorded as a block without breakdown into the individual major subsystems or components. Conversely, smaller items may go unrecorded because of the (perceived) disproportionate effort to document them, compared, say, to their cost of replacement.
An IT asset management system based on spreadsheets (still a favourite in many IT departments) may be better than nothing. However, spreadsheets may then multiply to exist in different, incompatible versions, where the absolute truth can be hard to localize. In summary, DR practitioners must look beyond the principles and immediately visible assets to determine what other hidden resources are still being used. Supporting systems like asset management systems must be vetted to ensure they will let organizations know not only why, how, and when to do DR, but on what and where, as well.