Why choosing cloud-based back-up and DR needs to be a strategic decision
The benefits of cloud technology are prompting more and more organisations to investigate how the scalability, security, and economy it delivers can give their businesses a competitive edge. We’re also seeing many customers keen to use the cloud for its well-documented advantages in back up and disaster recovery (DR). In the rush to realise the benefits, however, many organisations are failing to take a strategic approach to their business continuity plans. I recently took part in a webinar discussion with participants from our partner CSN Group, and our back up and disaster recovery technology provider, VEEAM and I was struck by how frequently we encounter a purely tactical approach to back up and DR that doesn’t necessarily meet the strategic needs of the business. While I can understand how this situation has come about, I firmly believe that it’s time to open up the dialogue between the IT department and the C-suite and ensure that decisions concerning business continuity and DR are led from the boardroom.
Back-up and DR – two sides of the same coin
I often find that customers are looking initially for either backup or disaster recovery, when actually what they really need is a blend of both. Back up is about having snapshots of data in time, which might be required for compliance reasons or when an end user has lost data that they need to be restored, at a point in the future. Disaster recovery is about the business being able to continue to operate, with users still having access to systems and revenue generation uninterrupted, when something has gone wrong.
David Schaap, CTO of CSN Group, makes a good working distinction between back-up and DR, noting that back-up is driven by requests from end users for data restoration, while disaster recovery is initiated at the executive level. So, back-up and Disaster Recovery have different use cases and are needed at different times by the business but crucially, because they make use of the same technology, they should go hand-in-hand.
Good decision-making is hampered by bad communication
When it comes to selecting the technology used for back-up and DR it’s usually down to the company’s IT managers to make the decision, based on their knowledge of the organisation’s current systems and operations. It’s a bottom-up process that I believe sits at odds with the fact that the business continuity strategy that the technology is supposed to support is set by the C-suite. This can lead to the frustrating situation where the IT department is clamouring for budget to deliver back-up and DR, but they don’t have full visibility of the level of investment available and the amount of operational risk that executives are prepared to accept. On the other hand, business leaders suddenly get a wake-up call in the shape of a high profile climate or security-related disaster and demand an “instant” solution that guarantees zero downtime, without understanding that an effective programme is not a quick fix product that can be immediately installed.
Fundamentally, both sides are operating in the dark and this lack of alignment between the technical expertise of the IT department and the strategic priorities of the C-suite means that it’s difficult for either side to make good decisions.
Ideally, all technology decisions should cascade from the business continuity strategy. It’s the responsibility of the executive suite to decide what the business imperatives should be when problems occur and what level of back up is needed to ensure regulatory compliance. These directives should then be interpreted by the IT department so that the solution they select can meet the stated requirements. There’s also an important role for the IT department in providing technical counsel to the executive level, so information needs to flow both ways.
Getting strategic about testing regimes
I’d like to see organisations applying more strategic thinking to their DR testing regimes. I often hear companies saying that they’re going to test quarterly, and perhaps over a weekend. But disasters don’t happen quarterly, and they often happen when the business is in full operation. A disaster, by definition, is going to be something that hasn’t been anticipated. This actually means that events such as major storms, which can be predicted and prepared for to some extent, aren’t the concerns that should be driving the testing cycle. It’s more likely that a major issue will be caused by human error, a patch that goes wrong, or a newly evolved cyber-threat. Business leaders need to be confident that their testing regimes and the associated business continuity programmes are being continuously enhanced and updated to meet the next level of potential threat.
[easy-tweet tweet=”‘But disasters don’t happen quarterly & they often happen when the business is in full operation.'” user=”@ilandcloud” hashtags=”BusinessContinuity, DisasterRecovery, Strategy”]
One of the benefits of using the cloud for DR and back-up is the ability to run test programmes without impacting day-to-day operations. This means that testing can be carried out on an ad hoc basis if necessary, allowing the business continuity plan to evolve and adapt in real-time as described above. The isolated test environment can even be used to test software patches before they go live – potentially avoiding a disaster in the first place.
Promoting a culture of preparedness
The culture of disaster preparedness needs to be set from the top and talked about at all levels of the organisation. Users need to know how they will access critical systems if they can’t reach the office for whatever reason, and this plan needs to be tested outside of the disaster cycle, to ensure that those employees will be able to keep working should disaster strike.
All of this comes firmly under the auspices of strategic decision-making, so it’s time that the C-suite and IT departments aligned to support one another. The nature of cloud – its cost benefits and scalability plus the business critical aspects of back up and DR – mean that selecting solutions should be a board-level decision supported by the knowledge and expertise of the IT department.
In today’s world it’s a case of when, not if, companies will be affected by disaster, and when they are they should be confident that their business continuity plan will do its job, so everyone else can continue to do theirs.