Business Continuity and Disaster Recovery Planning: Why It’s Important in 2018

Articles I'm Exploring Security Vaultastic

Business Continuity and Disaster Recovery Planning: Why It’s Important in 2018

Why modern businesses must function as-usual, post disasters

Digital transformation of businesses has been in progress for a while now. Modern enterprises no longer look at IT as a supporting infrastructure for it’s activities.

Today, IT not just empowers business objectives, strengthen organizational collaboration integral to productivity, but enable business models that can deliver decisive competitive advantages. But, ‘with great power, comes great responsibility’.

With businesses big and small embracing digital transformation, and the resulting rising customer expectations, IT systems need to be reliable, resilient and adaptive. Downtime costs can be high.

The scenario is particularly critical when it comes to Crisis Management, Disaster Control & Response, and other such areas – where a single event (accidental or intentional) could lead to heavy costs.

Understanding BCP & DR: Ideas that address, contain, and fortify

Disaster recovery (DR) outlines how tech departments would react in the event of a disaster, taking into consideration all possible tech and business-drivers.

The ownership for DR implementation typically lies with IT teams – differing from business continuity plans (BCP).

A BCP maps the steps that would keep mission-critical products and services alive and in-action – at a predefined level – even after a disaster. What’s important here is that it may not involve a complete recovery.

We share 3 examples of crisis/critical fallouts where BCP and DR plans swing into action.

1. Tackling hardware failures

Research suggests that around 45% of all unplanned downtime is a direct result of hardware related failures.

Consider a common scenario: servers crashing when faced with massive user volumes, faulty network switches, or employee-facing devices that refuse to function.

The challenge here is that hardware failures are nearly impossible to predict. However, there are ways to combat this nagging recurrence – setting up an alternative infrastructure is pivotal to a smart BCP.

Businesses often complement hardware frameworks with cloud platforms – like a document created using in-house software backed up on the cloud or, employee emails archived on the cloud with the help of an independent service provider.

A preventive approach would involve checking for glitches, violations, or a clunky setup with a roadmap for IT infrastructure replacement/upgrades etc.

2. Addressing power outages

Between 2000 and 2014, outage instances doubled every 5 years.

Today, this contributes to 35% of downtime. Further, the number is constantly in a flux given the sheer variety of potential triggers. Natural disasters are a major threat and can knock out power for days or weeks.

Having an alternative supply is a popular solution – most businesses today have in-house backups that snap into action, at the time of a utility shortfall. Large-scale businesses should also consider moving critical operations elsewhere, to cope with prolonged outages.

One could even combine the two – keeping the servers going, for instance, via generators while human-led tasks are shifted to a different location.

3. Mitigating cybersecurity threats

While hardware and power supply challenges are reasonably well understood, cyber security threats are rapidly evolving and are often unfamiliar.

Hackers are exploiting the large-scale networks and data repositories built by companies around the world. These is a hive of sensitive financial data, proprietary tech information, and personal customer files.

2017 was symptomatic of this trend. Ransomware attacks (where key information is held for a massive price) witnessed a 90% jump in occurrence, and old-school threats like malware made a worrying comeback.

However, there is a retaliation strategy out there: 96% affected businesses can survive ransomware outbreaks if a clearly-defined backup and disaster recovery (BDR) pathway is outlined.

Cybersecurity threats tap into existing vulnerabilities and have human origins – making them easier to predict than most disaster events. What’s required is the identification of impact areas, asset safeguarding, and the implementation of a resilient defense mechanism.

The best recourse is always ‘in the sky’: Transitioning to Cloud

Remote infrastructures can play a critical role in disaster recovery and business planning.

Essentially, the cloud ensures operations are accessible anytime, and from any device. This could be as basic as saving contracts on Dropbox instead of filing them away in a tangible storage unit that’s open to disasters and accidents.

Or, it could be a deeper, more well-articulated roadmap where all key components – from emails to servers – are stored in a secure cloud system, customized to unique business needs.

When it comes to inking a cloud-based Disaster Recovery and Business Continuity Plan strategy, organizations could choose between 4 routes:

  • Active configurations: While absolutely minimal downtime is guaranteed, this is cost-intensive as a piece of cloud real-estate needs to be continuously operational. For global enterprises, this is often the ideal solution.
  • Active/passive hybrids: Some downtime is expected, but not for extended periods. The upside is that this is typically an efficient, cost-optimized ‘pay-as-you-use’ alternative
  • Workload-specific DR and BCP: The plan is limited to certain segments of infrastructure, assets, and processes. They are stored in the cloud to be mirrored on live platforms (BCP) or fully restored (DR), in case of downtime.
  • Backup-based recovery: Ideal for organizations that can absorb a chunk of downtime, this focuses on restoring applications and workloads to its original state. For large-scale plans, this is a slightly sluggish but comprehensive option.

Today, disruptors in the cloud technology space are taking the debate to more granular levels – a contingency plan isn’t just an afterthought. It is entrenched into day-to-day operational models, via solutions that go beyond storage and allow key functions to simply move to the cloud.

With a dedicated cloud collaboration platform in place, organizations could restore Business As Usual (BAU) after IT disaster events with minimal costs, and at a fraction of the expected timeline.

A secure cloud email archival tool could protect vital information from external threats and internal vulnerabilities – the use cases are virtually limitless.

What’s needed is a framework that takes these essentials and drafts a 360-degree BCP & DR strategy, covering every milestone: everyday exchanges, minor downtimes, and fatal cybersecurity risks.

Turning Thought to Actuality: The Big Leap

In spite of the conversations around DR and BCP, 1 in 3 companies are yet to take any concrete steps. Management teams often push it to the bottom of the priority list, miscalculating the probability and the potential impact of risks.

To push a standard policy into place, begin by asking stakeholders – “What happens if X application crashes and cannot be recovered?” The answer defines the Recovery Time Objective (RTO) for DR – the service level within which operations must be up and running to avoid a negative result.

Next up is the time factor: “What would happen if we lose data for 1 minute, 1 hour, 1 day, 1 week, and so on?” This extracts the Recovery Point Objective (RPO) for the BCP.

Remember, these are only starting points.

Building upon this skeletal blueprint with an exhaustive event and impact analysis and reaching out to third-party providers equipped to manage DR and BCP planning is the obvious next move.


Leave a Reply

Your email address will not be published. Required fields are marked *


Share via
Copy link
Powered by Social Snap