Management, compliance & auditing

Disaster Recovery Types

December 15, 2017 by

Before understanding the various methodologies and techniques for disaster recovery, it is essential to know what the term "disaster recovery" means in the first place. A disaster can be related to any incident (both intentional and/or non-intentional) that renders severe damage to the data storage of the company.

This includes things as such as human error; power failure; equipment failure; virus intrusion; general server crashes, and even cyber-based attacks. These incidents can result in outcomes ranging from temporary communication hindrance to permanent data loss or even system failure in extreme cases. The major categories of disaster can be classified as follows:

System failure:

This category includes various problems arising due to the failure of system components including the virtual machines, software applications, as well as the actual infrastructure of the data center.

The Extent of the Disaster:

This category includes city, regional, national and multinational-level disasters that rise to the "catastrophic" level.

Different organizations, based on their risk and impact analysis, set objectives based on recovery time. This is a specific metric which establishes the maximum time for which the system can be shut down as well as recovered without incurring any significant financial losses.

The recovery plans of businesses and corporations can be classified as follows:

  • No recovery plans:

    This is where there is no disaster recovery plan in place. As a result, such companies face a hard time even due to minor problems encountered such as a power surge or even a server crash. Thus, it is imperative that these organizations need to understand the value of their data assets and should opt for basic disaster management solutions which are cost effective.

  • No disaster management plan but there does exist a backup of data:

    These are the organizations, which at minimum take a backup of their critical data daily. As a result, these companies do not lose on their data entirely because they can retrieve their data on the newly replaced systems in case of failure. Because of this, these organizations need to audit their backups regularly.

  • There is a backup data plan as well as a backup system in place:

    These are the companies which have stringent resource time objectives and cannot tolerate to keep their systems down for an extended period. These business entities plan for the kind of disasters where the entire IT infrastructure will be destroyed. They have arrangements and contracts with other organizations to use their computer systems for the duration of time needed that is needed until the original system is fixed or replaced.

  • There is a dedicated backup area at the existing data center:

    These organizations have a dedicated, functional area with facilities to operate on the backup data in case of any catastrophic hit to the main system which is already in place. This type of infrastructure is put into place when a business cannot tolerate a downtime which exceeds 24 hours.

  • There are remote, redundant sites in place:

    These companies develop multiple data centers (at least two) that are located far away from each other. These data centers are interlinked with a strong communication network that facilitates the quick transfer of data in case of any disaster at either of these centers.

  • There is an exact replica of the working data system:

    This is where the data is backed up almost immediately per hour, per minute or even per second. With this method, business or a corporation can recover from a disaster almost immediately. Even though this method is the most efficient, it is the most expensive as well. In other words, the administrative overhead to maintain this kind of backup and recovery can be quite cost prohibitive.

The steps to be used when creating a disaster management system:

There are a few general guidelines to be followed when creating a disaster recovery plan, and these are as follows:

  • Collect all the relevant data regarding the network infrastructure of the business or corporation.
  • Conduct a historical review of any disasters which occurred in the past and the strategies which were used to recover from them.
  • An analysis of both the current and anticipated cyber-threat vector landscape.
  • A formulation of an emergency response team and the assignment of the required duties to them.
  • A review of the disaster management system and the actions which are supposed to take place in the face of a disaster.
  • The completion of the disaster management plan in accordance with the IT infrastructure.
  • The testing and constant fine tuning/upgrading of the disaster recovery plan.

The types of disaster management plans are dependent upon their application environment which are as follows:

  • Data center disaster management plan:

    This plan focuses primarily upon the infrastructural impacts of the disaster. It mainly takes care of the physical aspects of the IT infrastructure which includes the facility location, power system, storage facilities, and office premises.

  • Network disaster management plan:

    This specific plan relates to the network infrastructure of the business or corporation. Before the development of this kind of plan can even be considered, it is essential to understand the entire network infrastructure and its layout as well as its functionalities.

  • Cloud disaster management plan:

    Cloud-based recovery plan vary from the backup of necessary files to the complete backup of data. Although crafting this kind of plan is the responsibility of the provider that is hosting the cloud-based environment, the business or corporation must also work in conjunction with the provider to ensure that its data can be downloaded quickly onto the new servers after disaster strikes.

  • Virtualized disaster management plan:

    As the name suggests, a virtual machine engages almost immediately after any disaster takes place, not only preserving the saved data but also helping retrieve the application data.

As previously discussed, the world that we live in is driven by data. Thus, it is essential to consider all the disasters which can render any kind or type of threat to it.

Organizations that haven't formulated their disaster management system can refer to the above guidelines and use them to help create a basic disaster recovery plan with the guidance and help of disaster recovery specialists.


Sayaala is a graduate from India. Sayaala has interest in the field of information security and also other environmental studies. Sayaala would like to explore more and more about different aspect of information security domain such as AWS, Common threats in infosec, Malware, Vulnerability assessment etc. My Blog link