Benjamin Franklin said, “Nothing in this world can be said to be certain, except death and taxes”. For businesses today, there is one more thing on that list; an IT systems outage.
The reliance on IT systems has become so great that even a minor blip can have a detrimental impact on your business, reputation, and customer perception. An ever more important defence against these outcomes is developing and maintaining a Disaster Recovery (DR) Plan.
Why develop a disaster recovery plan?
No business that has any reliance on IT can be considered safe when you regard emerging threats like Spyware, Phishing and Ransomware. Disaster recovery planning is not just for large and enterprise scale businesses, it’s for all businesses.
According to Cybersecurity Ventures, Ransomware damages reached $5 billion in 2017. In 2016, IBM reported that 70% of businesses paid to get their data back from ransomware attackers. Considering more traditional risks of outage, research has shown that the most common are Power, Human Failure and Natural Disaster, with the direct costs of these running to $2.5 billion (IDC) annually. It is fair to say preventative and remedial security measures, such as an effective Disaster Recovery plan, have now become essential.
What is disaster recovery planning?
DR planning is putting in place the measures and actions to be taken, in the event of an IT systems failure, to recover those systems in an acceptable time frame. It is a component part of a company’s security profile, as well as being an essential element of a comprehensive Business Continuity Management (BCM). A DR plan should not be confused with BCM, which is much broader and considers not only IT but also environmental and human impacts on a business’ ability to operate.
Disaster Recovery Challenges
When we look at what is involved in implementing a DR plan, a lot of companies struggle with two main challenges – Budget and Expertise.
A lot of companies don’t have, or want to have, the expertise to plan on delivering and maintaining what could be a complex IT operation. Not to mention that no one wants to spend money on something you hope will never be used!
Defining a Disaster Recovery Budget
Cloud services now make the possibility of an Enterprise-level DR solution at a main-street price a reality for a lot of IT environments. Cloud solutions now mean that for relatively low costs (when compared to investing in hardware and onsite services) any company can have robust DR solution that provides levels of availability that would have previously been beyond reach in terms of cost.
Identifying Disaster Recovery Experts
On the challenge of expertise: Companies can now extend a Cloud service to becoming a Managed Cloud Service for Disaster Recovery. This outsources the setup, operation and maintenance of your entire DR requirement to an expert partner at a completely affordable price point.
What Disaster Recovery Plan do I need?
There are two concepts that you can use to determine what level of DR Plan you might need. You should look at the processes that run your business and at the IT systems that these processes depend on (end to end), and define:
- RPO: The Recovery Point Objective for the systems driving your business. Basically, if you must restore or recover and entire system – how old can the data be? This may seem obvious, but it is very important to realise that the gaps between system backup and system failure can be significant. If your system is backed up at 2am, and the server fails at 4pm the following afternoon, all information from 2am to 4pm would be lost. In this example, 2am is the recovery point.
- RTO: The Recovery Time Objective for your systems. This defines how long you can be without a system before your business (or the process affected) starts to become seriously impacted. For example: if you have an online ordering system that becomes unavailable, how long can you sustain business with the system offline?
While RTO & RPO are linked, they can have different goals. For instance, you might need a system back online within 2 hours to enable business transactions, but the data needed for these transactions can be recovered offline. Conversely, you might have an RTO of 24 hours, but the data must be no older than 15min!
Kickstarting your Disaster Recovery Plan
All businesses should be considering how a DR plan can form part of a security and business continuity process, and safeguard operations, integrity, and reputation. Managed Cloud services bring the capability of Enterprise DR solutions to all businesses. Once you have defined your reliance on IT through Recovery Point and Time Objectives, you can begin to formulate a plan to protect your IT and your business.
For more information on Disaster Recovery, or to speak to one of our expert team, contact us today.