To view this article in its original location, please click here.
With technology driving so much business activity now, it’s easy to start thinking of it as the be-all and end-all of business continuity. After all, cloud and virtualisation solutions instantly move computer loads between servers and sites. Policy-defined software programs securely control access to information. Virtual desktop applications exactly reproduce the same user computing environment on any device in any location for automatic business continuity, whether or not your physical office is still standing. However, the danger is in confusing a resource with an objective.
But you have to remember what is fundamentally important about business continuity – that the business continues to operate satisfactorily. Technology can be a huge help in making a business efficient and effective, but on its own it is insufficient. Technology without useful application is like a car without a good driver. In both cases, you risk getting lost, having an accident, or both. So the ability to balance IT loads and use virtualisation can be useful, but only if the workload itself bringing in useful results for the business. Being able to log on from a completely different PC and immediately recover your own personal work environment is great, but you as an individual need to be in good shape to use it. Disasters can affect workers and families too, not just IT systems and business premises.
If you make sure that you always have the key business continuity objectives in mind, including employee safety, customer satisfaction and business income, you can measure any technology action against these objectives. If IT staff says that certain systems are more important than others, check for yourself. Sometimes things appear to be more important to people when they spend more time on them. But what you really need to know is how critical any piece of technology is for achieving those basic BC objectives. Then you’ll have a good fix on what it takes to keep the business going in the face of adversity and the right levels of priority to be given to any system or technology in particular.
To view this article in its original location, please click here.
Disaster recovery has already come a long way since the early days. Back in the 1970s, IT systems were mainframe and batch-oriented, with downtime (grudgingly) accepted of a few hours or even a few days. Since then technological advances have led to big changes in DR management. In addition, the Internet catalysed significant social changes that in turn had impacts on the way IT is used. As a result, expectations have changed from the availability of systems to the way information is communicated about problem resolution. Do the following trends now need to be integrated into your own DR planning?
- Geographical distancing of disaster recovery facilities. Separate DR recovery sites are a requirement for many organizations. But ‘next building’ solutions don’t protect businesses against area floods, fires or storms. Cloud backup solutions may be a good solution for mitigating this risk.
- Geographical limitation of DR. Sounds like a contradiction to the point above? Not really – this is about the need for many entities to now ensure their data do not move out of the same country. Somewhere between too close and too far, the right geographical separation will have to be found.
- Use of managed DR services. Increases in speed, size, conformance and complexity are pushing DR beyond the capabilities of many organisations. The entire DR process may be better done by specialized, reliable third party providers. Savings on in-house infrastructure and staff training may also make such managed DR services more cost-effective.
- Social media for communications management in DR situations. If your customers, prospects and employees are all constantly online and in touch via social networks, they’ll expect that from your company too. Email and notices on websites are a start, but micro-blogging with viral distribution (Twitter for example) is the ‘gold standard’ for good crisis and DR status information today.
These are some of the bigger waves washing over industry and government. And each sector also has its own specific needs. What have you been putting in place recently – and what positive effects have you seen so far?
For those who haven’t had the benefit of participating in a DRI International course on disaster recovery planning best practices, watch out! There’s still a tendency in some organisations to adopt a ‘one size fits all’ or else a “leave it to IT” approach when it comes to disaster recovery planning. While eliminating complexity may be good, over-simplification isn’t. But modularity and flexibility in your DR planning can help, as long as the modules fit together and cover the range of outcomes identified. Here’s a quick checklist to make sure that your DRP can handle different incidents or disaster situations.
- Keep Your DRP focused on outcomes. Instead of a stock solution that tries to cover all causes, examine the different impacts on your organisation. Appropriate DR measures may vary: staff working in the office, at a backup site or at home, for example.
- Think ‘business’ not just ‘technology’. Even if disaster recovery is an IT-centric activity by definition, backup and restore procedures need to be done in the way that is of most value to the business – rather in the way that is the easiest to accomplish technically. Get business people involved and test your plan with them as well to check.
- Ensure that any cloud storage services you use also give you appropriate guarantees and options in terms of geographically separate sites and data transfer speed for restores. In particular, make sure you can recover a large amount of data in a hurry if necessary (by bulk tape transfer for instance).
- Set priorities correctly between smallest RPO (recovery point objective or ‘time since last backup’) and highest data consistency. Don’t just take vendor assurances for granted – test data consistency for yourself before any incident occurs.
- Finally, don’t be fooled by your own technology. If for example you’ve automated data storage so that actions are replicated between your primary storage and your back-up storage, then formatting the first (and destroying data) could automatically trigger formatting (and destruction) on the second, leaving you with no data and no backup. Engage your brain before setting up your IT processes!