Although flooding, fire and acts of terrorism are the disasters that grab the headlines when businesses are affected, recent stories of high-profile cyber-attacks have again highlighted the need for a disaster recovery plan. But why should your business pay a monthly premium for a service it is still highly unlikely to ever use?
Developing an IT disaster recovery plan for your business will identify the critical IT systems and networks, whilst determining the required recovery time and defining actions needed to restart, reconfigure and recover them.
Developing the plan
The following steps will help you build a tailored recovery plan that ensures the impact of any disaster is minimised, whilst keeping costs to a minimum:
1. Undertake a business impact analysis – to identify and prioritize critical IT components and systems, whilst also establishing the ‘maximum acceptable outage’ (MAO). This is the time needed for a recovery to become effective before compromising the ability of your business to survive.
2. Identify preventive controls – these measures reduce the effects of system disruptions and increase system availability, highlighting the need to regularly review options for creating a more robust and recoverable infrastructure.
3. Develop recovery strategies – to ensure the system can be recovered quickly and effectively following disruption, including a plan for communicating the situation to employees.
4. Contingency planning – offers detailed guidance and procedures for restoring damaged systems. It should contain contact details of third-parties needed to help you with recovery.
5. Test the plan – to help identify any problems with the plan. It allows you to train everyone for activating the plan and highlights areas for improvement or change. It can be done without serious disruption to the business, but the test must be as real as possible, while there is time to assess its operation, before it is needed for real.
Once finalised, assess your plan regularly and keep it current, taking into account changes to your business operation and infrastructure.
Backing up data is important, but do you check your data can be recovered from the back-up? The age of your backed-up data is another point of risk. You will have to assess how much data you are prepared to lose, but generally, the more current the back-up, the more expensive the solution. For smaller businesses back-ups are usually done at the end of the day, risking the day’s data up to the point of failure.
If your IT system, servers, applications, licenses etc. are no longer available following a disaster, what will you recover your data to? There are many options, but most incur costs that SMEs find prohibitive, so the temptation is to risk running your business without a proper disaster recovery plan.
Undertaking most of the responsibility for recovery yourself, introduces potentially greater risk to the continuity of your business, but keep costs low at a time when few businesses can afford to waste money. This is the risk versus cost equation that smaller businesses must continually weigh up.
Amongst its many benefits, the ‘Cloud’ brings comprehensive IT disaster recovery planning within reach of smaller businesses. Utilising the cloud for disaster recovery can offer faster recovery times and the ability to get remote workers up and running on a small budget compared to the high costs associated with traditional disaster recovery solutions.
Although cost-effective, businesses are still paying out regularly for a service that the vast majority will never use.
Do it yourself
Innovative solutions like Inactive/Active Disaster Recovery are entering the market to address the needs of smaller businesses and help them protect their future, without incurring monthly costs. An initial assessment is made of the IT infrastructure your business needs to function normally, recording all the necessary information to create a copy of the IT environment at extremely short notice – usually within 24 hours.
The necessary server space is then guaranteed, with the required power and communications to turn this virtual, inactive environment, active, as soon as disaster strikes. But unlike traditional recovery methods, after the initial consultation fee, there is only a small annual maintenance charge to pay until the service is required.
If disaster strikes, the client supplies the latest backed-up data, sending tapes or hard drives by courier if necessary and only at this point, once the system becomes active are the costs of new hardware, software licensing etc., incurred.
Businesses continue paying for a service they will never use on top of the insurance they have to cover their assets. Yet with a little planning and by using innovative solutions like Inactive/Active Disaster Recovery, you can protect your operation and free up budget to invest in the future growth of your business, rather than worrying about something that might never happen.