It’s once again time to review your IT Disaster Recovery/Business Continuity (DR/BC) plan. Actually, since Hurricane season officially started June 1st, it is well past time. You do have a plan, don’t you? There is an adage from a wise but unknown sage that goes something like this: “If you fail to plan, you plan to fail”. Lofty words and a bold assertion, but they are based in fact.
Business continuity vendors like to toss out widely quoted statistics that 80% of businesses that experience system outages longer than 10 days, fail within 18 months. Searching the web for “business continuity statistics” yields widely varying and possibly even questionable results. Even so, it is clear that, based on data post Ike, Rita, and Katrina, a significant number of businesses failed to recover. Once we clear the hurricane season, there are always hardware failure, fires, theft, sabotage, even the possibility of a pandemic that could result in a partial or total loss of systems and data or availability to them.
Even if your business survives, what are you at risk to lose? eCommerce, phone, or even email sales losses can be easily computed by taking average daily sales and dividing it by 24. Chances are that if a significant portion of your revenue is generated this way, it won’t take many hours before the cost justification for protecting these systems becomes apparent.
Disaster Recovery refers to your ability to recover key systems from a catastrophic event. Business continuity refers to the ability for your business to continue to functions during that recovery. Two different concepts, but they intermesh at many points in your IT infrastructure.
Key Questions to Ask Yourself
As a decision maker for your company, how do you determine your risk? How do you balance recoverability with cost? How much protection is enough? What technologies are available for protecting critical systems and which ones are right for my needs and budget?
There are many “DR in a box” offerings (we have one ourselves) some of which only address rudimentary DR/BC needs (not ours, of course), but consideration should be made for the unique needs of your company. There are a dizzying array of products and services available that range from backup to tape or disk and storage offsite to complete duplication of systems, replication of data, and automatic failover capabilities to a secure location. Cloud services are featured prominently in many offerings. What is right for your business and your budget? A start to answering these questions would be to consider the following:
- What systems does my company need to operate on a day to day basis? (Phones and voicemail, email, data, applications)
- How long can my company do without access to those systems? You may be indefinitely without phones by using cell phones and forwarding your main number to an alternate phone, but access to data or email may be required within a single business day or even within a few hours. If your company relies on a web presence for ordering you may not be able to tolerate any downtime.
Once you identify what you need to operate and determine the maximum acceptable downtime for each system, you have determined the minimum standards for the products and processes needed to recover those systems.
Case in Point
I’ll use my company, 3coast, as an example of this process. As a services-based business, 3coast does not manufacture or distribute products, and as such we are not dependent on a specific physical location as much as we depend on access to data. When we underwent our DR/BC exercise initially, we identified that because our revenue was based on services billing that our AR, AP, Payroll, and timekeeping systems were essential.
3coast essentially has two core services offerings; IT staffing and IT services. Staffing essentially needs access to their CRM and phones to continue to function. Services needs access to our monitoring, ticketing, client data systems, and application development environments. Everyone needs access to email. Because we use telecommunications extensively in the course of business, it was also decided that maintaining our main and helpdesk phone numbers was a priority. That’s it really – no dependencies on a physical office per se. Consequently, our plan was to configure our systems in such a way that as long as a user had access to a Microsoft OS based PC with Windows XP or newer or a Laptop, and internet connectivity, they could perform any essential functions.
Because we contract to provide services to clients on a round the clock basis, we had already collocated a significant portion of our IT infrastructure to a secure hosting facility away from proximity to the Gulf. We placed our IP phone system, data storage, email, app servers, and monitoring systems in the facility which reasonably insured access to them in the event our business office should become unavailable. Our ticketing and payroll systems are web based SaaS and hosted by the provider. Our IP phone system allows users to take their phones anywhere there is a working internet connection and reconnect to our phone controller. Access to applications and email was provided by using Microsoft Terminal Server, and email was also available via Microsoft Exchange webmail for desktop users and either webmail or Outlook Anywhere for laptop users. VPN capability was established to allow transparent access to the infrastructure for laptop users as well.
Own and Host or Lease from the Cloud
One additional consideration would be whether it is financially desirable to own the equipment to be used for DR/BC, if any. And would you benefit more from accounting for the cost as a Capital Expense or as an Operating Expense? The technology you choose may impact one or the other, or even both.
Clearly, there are many considerations in producing a Disaster Recovery or Business Continuity plan that is right for your business. Why not schedule an appointment with one of 3coast’s DR/BC specialists to begin working on your plan before the next major storm or thief pays you a visit?