How Much Does Disaster Recovery Cost?

DRI ANZ

To view this article in its original location, please click here.

Good disaster recovery may be what saves an enterprise from extinction. But disaster recovery planning and preparation has a cost in terms of time, effort and money. Senior management knows that a company will need to make an investment in order to build the robustness to survive an IT catastrophe. Now it wants to know how much that investment will be; not just to understand impacts on profitability, but also to be able to plan it appropriately to gain optimal protection with expenditure that can be controlled or phased over time.

There are two main ways to set about budgeting for a given expense. The first is use the last set of budget calculations and then factor in changes such as new or discontinued items and inflation. The second is to do the complete budget from the ground up (zero-based budgeting). Each method has its pros and cons. Whichever solution you choose, a good way to start is often to map out the major expenses including IT systems maintenance, specific DR items such as cloud storage or purpose-designed recovery solutions, utilities/power, and staff salaries. Additional expenses might then be rent, travel and third party assistance. Industry benchmarks where available can help to judge the realism of a budget, as can information about industry DR trends.

Next comes the question of who will pay for disaster recovery. The company as a whole pays for its own DR of course. However, the cost may be divided up among different departments according to their current use of IT resources and their DR needs (not everybody needs split-second data recovery). If your company is already running its IT department as a profit centre by billing groups according to usage, it may well make sense to finance DR in the same way. However, it is also important to maintain an overall perspective on DR expenditure to make sure that opportunities to leverage DR over several groups can be taken, thus lowering total costs and individual departmental contributions.

Making Sure the Right Procedures are Followed for Business Continuity

DRI ANZ

To view this article in its original location, please click here.

Procedures are there to make sure that things consistently get done the same – and the right – way. When good procedures for using technology are followed correctly, productivity and profitability can be increased. But technology used the wrong way can cause business discontinuity, where operations and productivity grind to a halt. A recent outage in a major cloud provider’s IT service was caused not by any technical problem, but by a failure to follow the correct operating procedure. So why did things go wrong and what lesson can other organisations learn from this case?

The service concerned was the Azure storage service provided by Microsoft. This service is updated from time to time like most IT installations. The procedure defined by Microsoft is to move to a new update little by little to allow the time to run checks and make sure that everything is still working properly. However, a misunderstanding about the status of a recent update led an engineer to apply a change over the entire service all at once. This change unfortunately resulted in the service becoming unavailable to users and the need to manually restart a certain number of systems. The key point is that although the correct procedure was defined, there was no safeguard to prevent employees from deviating from it (something that Microsoft has now fixed).

Organisations need to build in failsafe mechanisms to guard against human error. One of the simplest ones is the ‘four eyes principle’, in which two people must check and approve an action before it can be executed. Other failsafe devices may be mechanical or physical, such as automatic speed or rotation limits on machines. Information technology allows complex failsafe procedures to be programmed, but then those automated procedures also need to be properly checked by humans before they are set in motion. In summary, take a good look at your technology and your business continuity to also make a complete list of things that must not happen. Then make sure that you then have the appropriate preventive measures in place.

Mega-Tests, the Consumer IT Market, a Glo-cal Approach and more!

Thrive! Asia is now featuring articles written by DRI Australia and New Zealand!  Catch up on 2014 with some of our favorite entries:

And the Winner for Overall IT Security is . . . Linux?

The Glo-cal Approach for Business Continuity Across Multiple Locations

How the Consumer IT Market is Driving Business Continuity Management

Making Business Continuity the Bearer of Good News

The Mega-Test of Your Business Continuity You’ve Been Waiting For

Policies and Standards in Business Continuity – Old Hat or Essential?

Your Organisation has Business Continuity and Resilience – But What About You?

To view all articles from DRI ANZ, please click here.  For more information on DRI ANZ, please visit their website.

Where are the Likely Holes in Your Disaster Recovery Planning?

DRI ANZ

To view this article in its original location, please click here.

No disaster recovery plan is perfect. However, there is a big difference between knowing about and managing limitations; and being caught wrong-footed by a problem you never thought about. Some items seem to consistently make the ‘hit parade’ of omissions and absences in DR plans. Before spilling the beans, here’s a hint to help you guess what they might be. They each involve a lack of vision beyond the limited point of view of IT servers and applications in a data centre.

  • Getting the workforce back to work. Disaster recovery applies to IT systems in particular. But people need to know they can get back to work again after an IT outage has been resolved. Workers don’t always automatically resume operations. So make sure your disaster recovery also triggers productivity recovery by telling people it’s time to start work again.
  • Recovery for remote locations. The corporate IT centre may be vital to survival, but that’s no reason to forget about branch offices or distant sites. Your organisation may have a policy that separate business entities should look after their own resources. Make sure this does not lead to blinkered thinking or silo management. As a minimum, check that a workable solution has been defined and prepared for all parts of the business.
  • Supply chain end-to-end operations. High performance supply chain operations are finely balanced with many moving parts. If one part such as a particular software application fails, it can throw other parts out of kilter too. Damage may extend beyond a local IT outage and need thorough checking and subsequent ‘knock-on’ problem resolution in other parts of the supply chain.

To guard against such shortcomings, remember to start your planning process by clearly understanding the business objectives for your organisation. Check that your disaster recovery plan covers all entities making critical contributions to reaching those objectives and all inter-dependencies between those entities. If you find gaps, revise your plan until you have filled them.

Keeping Business and IT Connected for Better Business Continuity

DRI ANZ

To view this article in its original location, please click here.

For many organisations, markets change fast as customer needs develop and competitors offer new solutions. Business people under pressure to get new products and services to market may ask more of the IT department than it can deliver at that moment. This friction can cause difficulties in communication and relationships between the two groups. From there, it can lead to fragile or fractured business continuity. The answer is systematic collaboration to ensure that plans are made ahead of time and that the organisation can take advantage of opportunities while avoiding performance issues and outages. Ideally, both parties will have a proactive role to play.

This dual proactivity is part of IT governance, the process by which organisations can make sure that interlinked business and IT goals are met. IT governance has two potential advantages. First, it helps organisations to manage their IT to prevent disasters and strengthen business continuity. Second, it stimulates innovation that then generates higher business growth rates. Naturally, business people must make their needs and expectations known. But with the right IT governance, IT is not just a provider of resources and services: it is also a contributor of business ideas.

The fact is that the IT department is involved with the organisation at practically every conceivable level. IT managers, for example the Chief Information Officer, are therefore in a great position to spot opportunities for streamlining, improving and innovating in business procedures and activities. It was this approach that gave courier company Federal Express a strategic lead over its competitors with a package tracking application jointly built by the business and IT sides of the company. While business people tell IT what they need, IT can tell business people about additional opportunities open to them. Potential disconnects are replaced by synergy that reinforces both business results and business continuity.