Get prepared for when, not if disaster strikes
We see all manner of scenarios when it comes to business disaster recovery (DR) plans. There are those who think they’re prepared and ready for any type of natural or man-made disaster, and others who think daily data backups to tape will keep them safe in the event of IT failure. And, we also see plenty of organisations who haven’t got further than thinking about DR.
Data suggests that less than a third of small businesses have a continuity plan in place to protect themselves in the event of IT failure. While for large organisations, shockingly a third have no contingency plans in place either.
Whatever the size of business, it’s clear that organisations place varying degrees of importance on the impact of business disruption in the event of a disaster.
No business is immune to the risk of cybercrime impacting their business. Today’s threats are so sophisticated that even those who believe their DR set up to be pretty robust could see their business paralysed by a particularly nasty ransomware attack.
And it’s not just cybercrime that businesses need to worry about. Businesses can also find themselves facing a period of operational downtime at the hands of a power outage, hardware failure or human error. A few years ago, British Airways suffered a major power outage which damaged servers at its data centre. Flights were cancelled impacting approximately 75,000 passengers, putting their reputation at risk and leaving them facing a hefty compensation bill.
Fire, flood or even a terrorist attack may all feel unlikely scenarios but if there are no plans in place to get back to business as usual following a catastrophic incident, they all have the potential to stop business proceedings altogether, sometimes for good.
The fact is, any of the above scenarios can happen to any business and at any time. A problem we encounter all too often though is that many businesses believe that their DR set ups are robust enough to handle any form of IT failure, when in fact, the DR plan has never been tested to see if it works.
Even large enterprises occasionally fall foul to not testing for vulnerabilities in their DR plans and procedures. Sophisticated ransomware attacks can not only encrypt data stored on the primary infrastructure but their back-up data too. Even the replicated data stored off site is at risk from a particularly ferocious virus.
It’s also important to remember that businesses have a duty to protect their clients’ data and they’re putting it at severe risk if it is comprised in any way. Last year businesses had to ensure they were compliant with the new GDPR regulations to avoid a fine. But how many ensured that their data was protected from IT failure? It is essential that DR processes are compliant too.
However, it’s never too late to review or test your DR plan to protect yourself against lost sales, reduced productivity and the associated reputational risk that comes with operational downtime. According to analyst group, Gartner, the average cost of IT downtime is approximately £4,400 per minute, a high price to pay for situations that can be avoided. System outages are highly preventable if your business continuity plans include the right solutions.
A good place to start is to answer a few key questions:
- Is your DR set up tried and tested?
- Have you protected your core business-critical services?
- Does your current DR infrastructure need updating? Does it need further investment?
- If your primary systems were to fail right now, what would happen?
If you struggled to answer any of the above questions or are concerned about the impact a significant period of downtime could have on your business, it might be time to reconsider your approach to DR and outsource it to a third-party provider to ensure you’re covered against every eventuality.
This is where Disaster Recovery as a Service (DRaaS) comes in – enabling a third party provider to provide failover by replicating and hosting physical and virtual servers in the cloud. DRaaS can provide full recovery by replicating infrastructure, applications and data from multiple locations to the cloud. A set of Recovery Point Objective (RPO)/Recovery Time Objectives (RTO) rules can also be built into DRaaS to automate recovery in the event of an incident within an agreed timeframe.
The main benefit of DRaaS is that it offers CIOs the reassurance that their business-critical assets are outsourced to a safe pair of hands and can be recovered in the event of a cyber attack, a hardware fail or power outage.
Business can’t prevent some incidents from happening, but what they can do is adequately prepare for disaster to prevent operational downtime significantly impacting them. Unfortunately, the likelihood of a disaster striking has become very real and it’s essential that they are prepared for when rather than if it happens to them.