Business Continuity and Disaster Recovery (BCDR) plans are not new concepts. They’ve been around for decades. As their longevity might suggest, they remain extremely relevant today. In fact, having an operative BCDR plan is more pertinent than ever in the cloud-computing era. For a brief review, a business continuity plan is the tailored plan a business creates in order to continue its normal operations should a problem arise. The impending calamities that must be accounted for can be anything from natural disasters to cyber attacks to theft to sabotage.
A disaster recovery plan is generally considered a subset of business continuity plans and focuses specifically on the recovery of vital IT infrastructure in order to continue mission-critical operations. Thus, an effective BCDR plan should include policies and procedures that allow a business to recover access to the software, data, and hardware in which their fundamental business processes depend upon.
We’ve stated in one of our previous blogs that “information technology will no longer be a component of doing business, but rather, may actually dictate how business is done.” Chances are if you’re a successful business in the modern world, you depend deeply on IT infrastructure for many, if not most, of your critical business functions. A disaster that obstructs this infrastructure could be crippling.
While natural disasters traditionally come to the forefront of our minds when we think of interruptions to business continuity and downtime causes, this really is a fallacious thought. In reality, according to a 2013 Quorum report, for small and medium-sized businesses, 55% of disaster-related downtime was precipitated by hardware failure, 22% by human error, and 18% by software’s failure, whereas only a meager 5% was natural disaster caused.
Whatever the cause, if a business is impeded, it will, evidently, be costly in the immediate future, certainly for as long as systems are down.
The estimated cost of per hour downtime in 2015 was up to:
• $8,000 for small businesses
• $74,000 for mid-size companies
• $800,000 for large enterprises
With the average time it takes for a business to recover after a disaster at 18.5 hours, this accumulates to an enormous amount of lost revenue very quickly. Furthermore, without an adequate BCDR plan, the obstruction of business could have long-term, intangible ramifications beyond the direct downtime costs, particularly in terms of reputational costs.
Looking at these statistics, and with the ever-increasing reliance on IT in all stages of business, across all industries, as well as the continual increases in cyberterrorism and malware, having an effective DR procedure in place as part of an overall business continuity plan is a more salient concern than ever. Facing disaster doesn’t necessarily mean a hurricane or a tornado; it could mean spontaneous technological failure, power outage, or inevitable human error. Ultimately, it is not really a question of if disaster strikes, but when, and it is imperative your company is prepared for when it does.
Step I: Develop a DR and business continuity plan, if you don’t already have one, or revamp an existing but out-of-date one.
Three of the most common DR solutions include:
• tape and disk backup
• cloud back-up
• hybrid cloud
However, you should experiment with what works best for your company.
Step II: Test your DR plan (often overlooked, but equally important). The DR Preparedness Council has estimated that 3 out of every 4 companies fail at DR preparedness, and this is, in large part, due to a lack of testing. One-third of companies worldwide participating in the DR Preparedness survey only test their plans once a year, and 23% never test their DR plans. And of those companies that do test their DR plans, more than a whopping 65% do not pass their own tests.
The harsh reality is, no matter how intricate and up-to-date a BCDR plan is, it will nevertheless be worthless if it does not function properly when called upon. Just like a fire extinguisher, you hope to never need it, but when you do, it had better work. And just as you should periodically check your fire extinguisher to ensure it’s effective, just in case, so too should you regularly test your DR preparedness.
Of course, many companies volitionally opt to avoid regular testing due to the cost, both in terms of money and time, often associated with testing. Nearly 65% of companies questioned in the DR Preparedness survey believed their DR budgets to be underfunded. Understandably, affordability is always an outstanding issue in the business world, but a BCDR plan is a necessary component of your company’s risk mitigation strategy. While it may require some up-front investment and ongoing maintenance, ultimately, it may simply be too costly to not have an effective (and testing verified) DRP in place.
Savvy entrepreneurs, seeing an expanding need in the marketplace, have begun to offer Disaster Recovery as a Service (DRaaS). This can be a cost-effective alternative to configuring, implementing, testing, and maintaining your own system, particularly for small to medium-sized businesses. Whatever your solution, don’t wait until disaster is already barking at your door to implement a plan – by then it will be too late! Preparedness is paramount.
Don’t have a DRP in place or yours needs revamping? Contact us today to see if our trained business analysts can help you develop a DRP or identify existing gaps in your current one so you will be prepared when disaster knocks.