What is Disaster Recovery? Why It's Important for Businesses, the Strategies That Can be Used and How to Choose Them

Companies in Japan started taking Disaster Recovery seriously after the Great East Japan Earthquake in 2011. Although many headquarters were not in the affected areas, many company operations were disrupted, data centers were damaged, and some businesses even had to shut down entirely because they were not prepared for the disaster.

What happened in Japan is a valuable lesson, especially for companies in Indonesia, a country known to be prone to natural disasters such as earthquakes, floods, volcanic eruptions, and massive power outages. For example, the earthquake in Cianjur in 2022, the annual floods in Jakarta, and the mass power outage that once paralyzed most business activities in Jabodetabek.

Without an effective Disaster Recovery strategy, the risk of business data loss, service disruption, and financial loss can happen at any time. Many companies in Indonesia still rely on on-premise systems without adequate backups or clear recovery plans in the event of a disaster.

Now, more than a decade has passed since the tragedy in Japan, and similar challenges are even greater in Indonesia. Therefore, it's time for your company to start reconsidering:
 

• Is your business data safe in the event of a disaster?
• Do you have an adequate Disaster Recovery solution?
• Can your business continue to run when the main system is disrupted?

Disaster risk is undoubtedly not a thing of the past, and we don't know when or where we will experience it in the future. This time, we will provide an in-depth explanation of disaster recovery, its importance, and key implementation points.
 

What is Disaster Recovery?

Disaster Recovery refers to the efforts or systems used to restore a company's operations that have been rendered unusable by a natural disaster or other incident.

While you may understand the meaning of the term "Disaster Recovery", you may not understand the concrete details. Here, we will explain how it differs from a BCP (Business Continuity Plan), as well as two important terms that often arise when discussing Disaster Recovery: "RPO" (Recovery Point Objective) and "RTO" (Recovery Time Objective).
 

Difference between Disaster Recovery and BCP

Disaster Recovery is often abbreviated to "DR". Literally, it means "recovery from disaster". Although the scope of disaster recovery is vast, for companies, this term generally refers to the recovery of systems that are damaged during a disaster.

On the other hand, "BCP (Business Continuity Planning)" translates as "Business Continuity Planning". Factors that can threaten business continuity are not limited to natural disasters. It could also include system disruptions caused by human error or even terrorist attacks.

BCP is about how a company establishes methods and means in advance (during everyday situations) to minimize losses when facing emergencies, and to ensure the continuity of its core business operations. In other words, a BCP plan does not only focus on system recovery.

In addition, if disaster recovery mainly aims to recover the system from a disaster, then BCP also considers business continuity after that.

Seeing this, we can say that disaster recovery is a part of BCP.


 

What is a Recovery Point Objective (RPO)?

"RPO (Recovery Point Objective)" can be translated as "Recovery Point Objective" or "Targeted Recovery Point in Time". It is a target value that determines how far back data will be recovered in the event of a system disruption due to a disaster.

The RPO setting is determined mainly by the nature of your business operations. For example, if you manage an e-commerce site, "RPO = 0 seconds" is ideal. Why? Because there is a high probability of a significant transaction occurring right before the system goes down, and the loss of that data could cause a substantial loss to the company. On the other hand, for companies with a data update frequency of only once a day, "RPO = 1 day" may be sufficient.

Of course, for every company, the shorter the RPO, the better. However, keep in mind that to achieve a very short RPO, you will have to perform frequent data backups, and this will, of course, increase costs.
 

What is Recovery Time Objective (RTO)?

"RTO (Recovery Time Objective)" translates to ""Recovery Time Objective" or "Targeted Recovery Time". It is a target value that determines how long it will take to recover the system in the event of a catastrophic disruption. In other words, it refers to the duration of system downtime that can still be tolerated without causing significant impact to the business.

As you might have guessed, just like RPO, RTO also needs to be set based on the nature of your business operations. For example, for a company managing an e-commerce site with a turnover of millions of rupiah per hour, the longer the RTO, the greater the loss. Therefore, ideally, they will try to achieve "RTO = 0 seconds" or as close to it as possible.

However, if an e-commerce site is only operated with one server, losses due to system interruptions are almost inevitable. Therefore, it is common for sites and servers to be set up with "redundancies" (backups). That is, measures are taken to prepare a backup site or server in case of failure, so that the RTO can be as short as possible.


 

Why is Disaster Recovery Important in a Business Environment?

Here are three reasons why disaster recovery is necessary in a business environment.
 

Enhanced Security

Although Disaster Recovery translates as "recovery from disaster", there are other factors besides natural disasters that can cause disruptions to systems. These include cyberattacks such as ransomware and malware. When a company focuses on disaster recovery, its security is strengthened, and this helps protect customer information and other confidential data.
 

Prevent Cost Losses Due to Downtime ( Downtime )

According to a 2019 survey conducted by Gartner, the average downtime in the event of a data breach is 2.2 days. The average cost per minute is 5,600 US dollars

(approximately 90,886,320 IDR)

(approximately 780,000 Yen, approximately 86,127,600 IDR), and the total average price of a data breach reaches 3.92 million US dollars (approximately 63,629,224,000 IDR) (approximately 546 million Yen, approximately 60,299,800,000 IDR).

Many studies confirm that the cost of downtime has a linear correlation with its duration. This means that while system disruptions are unavoidable, shortening the RTO (Recovery Time Objective) as much as possible is key to the sustainability of corporate disaster recovery. A survey from Magna revealed that if a business cannot resume operations within 5 days of experiencing a disaster, there is a 90% chance that it will go bankrupt within a year.


 

Business Operations Run Smoothly Even During Disasters

With a focus on disaster recovery, companies can continue business activities and secure revenue even during a disaster. Furthermore, the ability of industries such as finance, healthcare, telecommunications, transportation, and manufacturing to operate smoothly during disasters is also closely tied to maintaining social infrastructure and supply chains.

When companies can restore these critical operations quickly and continue their business amid a disaster, it's not just about the company's bottom line; it also leads to corporate social responsibility (CSR). By investing in disaster recovery and planning to fulfill CSR, companies can increase brand strength as well as trust from consumers and business partners.
 

Types of Disasters that Companies are Vulnerable to

The risks that companies must anticipate are diverse. Here, we will discuss three types of disasters that companies often face.
 

Impact of Communication Disruption in Indonesia and Disaster Recovery Solution

Communication disruptions in Indonesia are not limited to phone calls or mobile data communications. Still, they can also affect critical infrastructure in daily life, including areas such as healthcare, logistics, and finance. KDDI's communication disruption in 2022 arguably highlighted this, providing a vivid picture of the potential chaos that could arise if major communication systems were to fail.

Considering Indonesia's conditions, particularly in a natural disaster scenario such as an earthquake directly under the capital city, it can be expected that communication cables, including those on electric poles, will be cut off immediately after the quake, resulting in communication chaos. In the event of a power outage, the functions of base stations that utilize emergency power sources will be maintained; however, communication devices that rely on commercial power will likely be unusable. This highlights the importance of having a reliable Disaster Recovery strategy in place.

With the potential for significant communication disruptions like this, cloud disaster recovery services are a vital solution. These services allow organizations to replicate and store their data and applications in separate, secure geographic locations. So, when a disaster or communications disruption occurs at the primary location, operations can be quickly transitioned to the backup cloud infrastructure. This ensures minimal downtime and business continuity, minimizing financial losses that could potentially reach tens of billions of rupiah as shown by the Gartner survey. With cloud disaster recovery, companies in Indonesia can be better prepared for unexpected communication challenges and maintain critical services.
 

Application Error

When an application error occurs, the continuation of work becomes difficult, and this can result in significant losses to a company's activities. There are various causes of application errors, not limited to literal natural disasters, but also caused by cyber attacks or bugs in the system itself.
 

Disasters like Building Collapse

Among the various disasters a company may face, building collapse is a very real form of physical damage. Earthquakes are indeed the leading cause that comes to mind for this scenario. In Japan, one of the most earthquake-prone countries in the world, experience has led to the construction of very sturdy facilities with high earthquake-resistant standards. In fact, during the Great East Japan Earthquake, it was reported that no buildings collapsed entirely due to the quake. From a data protection standpoint, data centers are crucial. The relatively new data center buildings in Japan are equipped with earthquake-resistant structures, minimizing the risk of building collapse and data loss due to earthquakes.

This condition is also relevant in Indonesia. As a country located on the Pacific Ring of Fire, Indonesia is highly vulnerable to earthquakes and tsunamis. The "Pacific Ring of Fire" itself is a horseshoe-shaped band that encircles the Pacific Ocean basin, famous for being the location of most of the world's earthquakes and volcanic eruptions due to the meeting of tectonic plates.

Therefore, the implementation of earthquake-resistant building standards, especially for data centers and critical infrastructure, is vital. Companies in Indonesia can learn from Japan's experience in building facilities that are resilient to earthquake shocks, thereby minimizing the risk of damage and maintaining operational continuity.

However, other factors besides earthquakes can cause building collapse or severe damage, such as terrorism, fires, and floods. Indonesia, with some of its flood-prone areas, also needs to be mindful of these risks. Therefore, it is imperative for companies not only to rely on the physical strength of the building at the main location but also to have a backup of the data stored at a remote location. This will ensure that even if the main physical location is directly affected by the disaster, the company's critical data remains safe and recoverable.
 

5 Key Points in Choosing a Disaster Recovery Tool ( Disaster Recovery Tool )

It is difficult for us to spend a lot of money on things that we "don't know when they will happen". Emotionally, this view may be understandable. However, as part of enterprise risk management, such an approach is arguably a failure. It is essential to develop an optimal disaster recovery strategy (Disaster Recovery), considering the Recovery Time Objective (RTO) and Recovery Point Objective (RPO), which are tailored to your company's business model and security policies.

Here are five points to consider:
 

1. Replication Functionality

Replication is a redundancy method designed to mitigate the impact of a disaster. That is, it involves setting up two identical system environments, including hardware. By building a standby system separate from the normally operating system, businesses can continue operations by simply performing a system switchover in the event of an emergency.

Some may ask, "How is it different from backup?" Replication synchronizes operational and standby systems in real-time, whereas backups hardly do so and thus take longer for system recovery. Therefore, considering replication functionality is mandatory when choosing a disaster recovery tool.

However, relying on replication alone is not enough. The reason is that replication does not allow you to restore the system environment to a specific point in time like a backup. Also, due to its real-time updating nature, if the operational system is infected with a virus, the standby system will be affected.
 

2. Ease of Operation for Anyone

Naturally, disaster recovery tools are utilized in emergencies. To operate it properly under agitated conditions, it requires ease of use that is accessible to anyone. Additionally, in the event of an incident, it is advisable to conduct repeated internal tests within the company.
 

3. Possible Ideal Disaster Recovery Site Construction

A DR (Disaster Recovery) site is a facility that serves as an alternative location when the main system location cannot continue business operations.

In general, there are three types of DR sites: "Hot Site", "Warm Site", and "Cold Site".
 

• Hot Site: This is the quickest type of redirection to a DR site if the main system cannot be used due to a disaster or other incident. Data is likened to preparing a spare car with the engine running, just in case the main car breaks down. Because it requires the same facilities as the main system, this type is the most expensive.
• Warm Site: This can be likened to a spare car, where even though the engine is not running, the ignition is always on, ready to be used if the main vehicle breaks down. The facilities needed to run the system are already in place, so RTO (Recovery Time) can be achieved within a few hours to about a week.
• Cold Site: This type of DR site has the longest startup time. Perhaps it can be compared to installing the ignition key after discovering that the main car is broken. The RTO for redirection ranges from one to several weeks, so this type of DR site is not suitable for companies that are directly related to vital infrastructure (for example, public services).

However, cold site does not mean "bad". The most important thing is to determine which type is most ideal for your company to continue business with minimal loss, even in the face of disaster.
 

4. Budget-friendly Implementation Costs

As mentioned earlier, choosing a Hot Site as a DR site can bring you closer to "RTO = 0 seconds", but the cost is very high. It would be useless if sophisticated disaster recovery efforts put a strain on the company's everyday activities.

To balance disaster recovery security with cost concerns, utilizing cloud services can be an option.
 

5. Trial Availability

Again, disaster recovery tools are designed to be operated in emergencies. Since it is not an everyday tool, it is crucial to test whether everyone can manage it effectively in an emergency and whether the system migration can proceed smoothly.

For this reason, it is advisable to choose a tool that offers a trial period. By trying during the trial period, you can test whether the ideal disaster recovery environment for your company can be realized, while considering the cost of implementation.
 

How to Build Disaster Recovery ( Disaster Recovery )

Let's take immediate preparatory steps to deal with potential disasters. Here are three steps to build an optimized Disaster Recovery for your company.
 

1. Asset Inventory

The primary goal of Disaster Recovery is to prevent company activities from coming to a standstill during an emergency, and the key to achieving this is data protection. However, you cannot build a Disaster Recovery system without first clarifying requirements such as "what data the company wants to protect", "where it is stored", or "how to protect it". Therefore, start by taking an inventory of the data assets your company has.
 

2. Perform Risk Assessment

Risk assessment is done based on RPO (Recovery Point Objective) and RTO (Recovery Time Objective). RPO and RTO indicators will differ significantly between companies that rely heavily on IT systems (for example, those that build e-commerce sites) and those that do not. The goal is not to make downtime or RTO zero. What should be targeted is building a solution that minimizes risk for your company while keeping costs to a minimum.
 

3. Develop a Communication Plan

In emergencies, command and control systems can malfunction. To avoid this as much as possible, it is crucial to develop an effective communication plan. Additionally, it is essential to conduct training and socialization in advance so that all relevant employees can access systems that operate in emergencies.

If you are looking for a secure and reliable disaster recovery solution, "Cloudmatika Cloud Backup" is the right recommendation.



The Disaster Recovery provided by Cloudmatika is offered as an optional feature of "Cloudmatika Cloud Backup".

"Cloudmatika Cloud Backup" not only provides file backup, but also uses image backup. This means that if your data is lost at any time, recovery can be done quickly. By subscribing to the Disaster Recovery option, you can promptly switch operations to a recovery site in the event of an incident. So you can implement a DR strategy without the need for a significant investment in equipment.

"Cloudmatika Cloud Backup" uses the highest level of security also adopted by the US military. All file transfers are protected with AES-256 encryption. In addition, to protect data from ransomware attacks, AI-based technology called "Active Protection" will immediately detect and respond to suspicious changes, keeping your backup data safe.

24/7 customer support and 99.98% SLA guarantee further strengthen Cloudmatika's commitment to providing reliable services. With "Cloudmatika Cloud Backup", businesses can focus on growth without having to worry about the risk of data loss.

You can choose from various packages that suit your needs and usage capacity. Try a free trial to experience its ease of operation and convenience.