7 Steps to Develop a Business Continuity and Disaster Recovery Strategy.
Mike Tyson once said, “Everyone has a plan till' they get punched in the mouth” and nowhere in business is that truer than when looking at Business Continuity and Disaster Recovery (BCDR). According to eweek only 70% of business update their BCDR plan every 1 to 5 years, only a third of business surveyed tested their BCDR plan once a year, and a staggering 17% admit to never testing their BCDR plan. The fact is many companies look at BCDR strategy as a check mark in a box and not an activity vital to securing there companies future.
And why not, when most people think of this subject they don’t think of continuity but simply think of disaster recover and they associate that to hurricanes, floods, or other natural disasters that could destroy their office. But, companies need to take the time to consider continuity as well. According to CA Technologies Survey small business lost on average $51,000 due to network downtime, midsize business lost on average $91,000 and large enterprise companies lose well over $1,000,000.00. Heck, a data center outage can cost as much as $7,900 a minute.
With all this information in mind let’s take a second and consider a short list of possible occurrences that can cause downtime. Such as;
Hardware Failure – Networks are complex things with lots of moving parts. A hard drive failing for a single user means loss of productivity. If a router fails the connection to the WAN could go down, lose a server and a tremendous amount of data is gone. Every single piece of equipment on your network has a Mean Time Between Failure (MTBF) it will fail eventually.
Software Failure – Your software can get infected with bad code. It may not fail in a traditional sense but can have a severe enough degradation in performance that it effectively fails due to decreased productivity.
Loss of Power – You may have an Uninterruptible Power Supply already connected to your server, but this is merely a device to allow a graceful shutdown. This is not a solution for any sort of long-term power interruption.
Loss of Network – As companies move more and more services to the cloud connectivity becomes more and more important. If a company cannot access the Internet productivity could drop off. Connections to the Internet such as cable, EOC, fiber will fail at some point for some amount of time.
Theft – How any times have we heard about an employee taking home a laptop and it being stolen? Internal theft is also something to consider, a thumb drive can easily be loaded with intellectual property and snuck out of the building.
All of these things are common occurrences that do not even take into account natural disasters. They can lead to a loss of productivity, revenue or even a loss to your company’s reputation. So what can you do as a business owner to sleep at night?
7 Steps to develop a Business Continuity and Disaster Recovery Strategy
Step 1 – Take a Complete Inventory: An inventory of your entire network is the first thing you will need. Inventory everything all systems, machines, hardware, desktops, lap tops, tablets, switches, routers, servers, storage every piece of gear your company uses to operate. Then add in the software, applications and connectivity. The important thing here is to get a complete picture of your network. You cannot protect what you don’t know about so be thorough.
Step 2 – Rate of Change: All your data, applications, and databases have a Rate of Change. This is how often the information changes. It is important to determine how often the data changes so you can determine how often the back ups need to occur in order to keep the information current. The Rate of Change will vary depending on the application, database, etc.
Step 3 – Determine tolerance for RPO/RTO: Recovery Point Objective (RPO) is the point that you would like the snapshot of the data to be at when recovered. Recovery Time Objective is how quickly the data needs to be restored in the event of a disaster. For Example accounting software might need to have a very current RPO but there might be an ability to allow for a longer RTO since the books can be done manually for a day.
Step 4 – Review the network: Much of your business may be in the cloud or at a data center. If the WAN goes down how are you going to access that information? Even if you still house most of your servers on site what about email or telecommunications. It is important to understand what your vulnerabilities are when it comes to the wider network.
Step 5 – Consider the geography: Where are you offices located and are they geographically protected? What about your servers are they geographically dispersed? It is important to consider what will happen if a location goes offline. If you are a single location company how can you utilize data centers to remain on-line in the event of downtime?
Step 6 – Consider your people: How are your employees going to work if for some reason they cannot access the office? Can you spin up teams who can work remotely, or from home? For some companies a snow day can cost them as much as $500,000.00 in lost productivity.
Step 7 – Document and Test, and Test, and Test: Many companies never test their Business Continuity and Disaster Recovery Plan. Once they are told something is in place they simply check the box and move on. It is important to test your back up plan at least once a quarter. Technology can fail, mistakes can happen, don’t wait until it is needed before testing your plan.
Every company regardless of size, industry, or location is vulnerable to potential data loss and downtime, so every company needs a strong Business Continuity and Disaster Recovery plan. As a business owner or executive your levels of tolerance will vary but suppose for a minute you lost your most important data for a single day, how much would that cost?
