The proper use of Nuabee protection tiers #
A Disaster Recovery Plan is like insurance: as long as there’s no loss, there’s no point. But also like insurance, its price must be as fair as possible.
This is where the Nuabee solution’s choice of protection classes comes into its own:
- Critical applications: essential for running critical business processes
- Important applications: necessary at a later stage if the interruption lasts more than a few days
- Other applications: desirable if the outage lasts a long time
Choosing which applications to protect #
To choose the applications to protect, and if you don’t want to enter into a BIA-type approach , which is quite structuring and may require the involvement of experienced resources (CISO, external consultant), it is possible to use a lighter approach to define the list of applications to protect.
This simplified approach involves :
- Prioritize critical/important business
- applicationsDetermine the list of business servers undergoing DRP
- Then look at their dependencies on cross-functional / technical applicationsarbitrate
- their criticality in a DRP context
Which risk scenarios should be covered by the DRP? #
The risk scenarios to be covered is also a key question in defining the scope of the DRP.
Scenario family | Origin(s) | Type of impact | To be covered by PRA |
DC(s) Destruction |
|
Long-term unavailability of all IS components | Deployment of the DRP perimeter can be phased according to the risk scenarios to be covered. |
Cyber attack |
|
Unavailability of part of the IS. WAN/security components not impacted |
|
Human crisis |
|
Lack of personnel to manage IS | |
Complex IT incident |
|
More or less short unavailability of the IS on a few components |
RTO and RPO choice #
With regard to these choices, it’s important to understand that they have an impact on the recurring cost of the solution:
- The shorter the RTOs, the higher the performance of the components involved in restarting servers (VMs, disks, network interface, etc.), and therefore their cost.
- The shorter the RPO, the greater the amount of backup storage required, as well as the bandwidth consumed to make the backups.
In the Nuabee DRP solution, this choice of RTO and RPO is often a global one, but it is possible to customize it (generally to reduce it) on particular servers that are particularly critical
- either in terms of availability: hotline support application to be restarted within 4 hours
- or in backup frequency: database to be backed up every 4 hours