Digital information is the lifeblood of all modern organisations?so it’s no surprise to learn that, according to research carried out this year, 99% of UK businesses are finally backing up their data. However, the same research points out that more than a quarter of UK businesses do not have a disaster recovery strategy in place. This means they will be unable to retrieve their backed-up data, should the worst happen, says Andy Hardy, Managing Director of Compellent.

Backing up data without a disaster recovery plan is one of the most dangerous things a company can do. It creates a false sense of security and leaves organisations unnecessarily exposed to risk. And don’t be fooled into thinking that disasters won’t happen to your business—according to a recent report, almost half of UK businesses have suffered a disaster in the last year.

It’s also worth keeping in mind that, in the majority of cases, disasters are not caused by terrorist attacks, hurricanes, floods or extreme weather—they’re far more likely to be something as mundane as a drive or server failure, computer virus or other malware. When you look at it in these terms, companies are much more susceptible to disasters than their staff might first imagine. It’s therefore vital that businesses take the threat of disaster seriously, assess the risks to their operations and prepare a well-thought-out and realistic disaster recovery plan.

The first thing that companies should do in order to build a sound disaster recovery strategy is to think about acceptable losses and downtime across the organisation as a whole and for each application and associated data set. E-mail will generally need to be at the top of the list, together with Web site, payroll and HR data and applications. When making a plan, businesses need to be honest with themselves and their customers (particularly if they’re offering service level agreements)—setting realistic expectations in line with system capabilities. Keep in mind that there’s usually a trade-off between cost and speed/quality of recovery—although there are a number of new storage solutions that offer practically instantaneous and reliable recovery at a fraction of the price of the traditional big storage names.

Companies should also make sure they know how many servers, workstations and applications they own—and ideally create a clear and comprehensive network diagram so that it can be quickly referenced and understood in the event of a disaster. Many companies overlook this vital step, but it’s a key cornerstone of any disaster recovery solution—after all, if you don’t know you own it, then how can you protect it? Companies using hosted, managed or cloud applications should also consider this point and not imagine that they are immune from an onsite disaster that could bring their business to a halt just because some of their key applications are supported remotely.

It’s also worth thinking about a move away from once-a-day back-ups. If a disaster occurs two minutes before the next backup is due to be made (or 23 hours and 58 minutes after the previous one was carried out) all the new and/or amended data created that day will be lost. Some of the most sophisticated storage solutions on the market today allow companies to create an unlimited number of data snapshots from which lost data can be quickly and simply recovered. Furthermore, the newest, most efficient Storage Area Networks (SANs) today can take a snapshot every few seconds and offer almost instant recovery times.

The most effective way to protect snapshots (and data in general) is to backup to a remote site using replication technology. Replicated data should be stored on a secondary SAN at a remote site, connected by a secure IP or FC network. It’s also worth keeping in mind that newer SANs allow automated replication, which is more a reliable, faster and straightforward process. There was a time when this level of functionality would have been outside the reach of all but the largest enterprises, but that’s not the case today.

Even if they don’t have a secondary site, companies should try to position their back up infrastructure in a different part of their building from their main IT infrastructure. That way, if the server room is inaccessible, the backup infrastructure can still be brought into play quickly and with minimal disruption. If you’re still backing up to tape or other portable media, make sure that you take it off site each night—many companies allocate this task to a junior member of staff, but it’s one of the most important protection measures that a company can take if they’re still relying on portable media.

Finally, it’s extremely important that companies test their disaster recovery strategy with as many scenarios as possible—at least once every quarter, and whenever an application or piece of hardware is added. This will allow you to check if proposed recovery times are achievable and ensure that everyone involved in a disaster recovery operation understands what’s expected of them. It’s also important to ensure the disaster recovery plan is formalised, turned into a document and distributed to all relevant staff. Companies could then think about training-up non-IT staff to deal with potential IT disasters, in the event that key system administrators are not available at a time of crisis.

Disasters are inevitably going to occur, but with detailed planning and the right mix of backup and recovery applications, the consequences for businesses can be kept to a minimum and reputations kept in tact. And that’s good news for everyone.