Disaster recovery and business continuity policies are often considered the awkward, much less popular, second cousin of evacuation plans. Some time and effort may have been invested when you were first in the post to create/draft/redraft this document, before ultimately getting lost in the abyss and only resurfacing it as part of an annual tick-boxing exercise. But how many times in the last 12 months have you carried out a “drill” to check your employees’ knowledge of this critical document? If the answer is none, then you join the one in four companies that have never tested their disaster recovery plans.
I recently had the pleasure of seeing the notorious Cal Leeming keynote at a Cyber Security summit. Long are the days (ten to be exact) of his youthful hacking antics; he now stands an impressive public speaker, security adviser and founder of River Oakfield. No different to a traditional fire drill practice, his “let’s play make-believe” rendition of disaster recovery-style scenario testing was an excellent opportunity to show how simple gamification can quickly establish open and reflective discussions among staff.
Organisations that collect, hold and use information digitally need to be fully attentive to the union between the business and planning process. It amazes me how we continue to ignore, even after 20 years of research, such a critical task of ensuring policies are dependable, accurate and in line with business needs. This cannot be a quickly assembled document. It should be dynamic enough to involve active participation of the entire while. Reducing your Recovery Time Objective (RTO) to minimise downtime, while increasing Recovery Point Objective (RPO) restorability will minimise data loss. Despite the evolution of data tiering, I continue to refer to old research that has long recognised the barriers preventing organisations from establishing these policies in practice. It’s time to take the lead in your organisation and debunk these myths.
Cloud, edge, and fog computing: understanding the practical application for each
(1) “… lack of awareness for the need at an executive level because of the perception of no real risk…” Denial. The ‘it’ll never happen to me’ line. I hear this often after some mal- or ransom- ware attack. While many of us do not expect to be burgled whilst out, we still lock the door every morning. So why do organisations continue to not invest in anti-virus or cyber threat detection. If you are struggling to convince your superiors, send them this excellent Internet Security Threat Report that reveals the latest trends and statistics.
(2) “… lack of capacity to test 24/7…” If your IT systems are truly mission critical and cannot, at any point, be shut off, then I would expect a secondary system to have already been established in case of technical incapacity. If not, the associated risks within the organisation would undeniably be profound. It would then be necessary to explore alternative processes to maximise protection and manage disruption.
(3) “… you can have a plan that covers every aspect of your business…” A single one size fits all policy is limiting, ineffective and often results in the longest RTO. A multi-layered backup policy, including snapshots or backups starting at operating systems, continuing to storage layer, then local backups and finally an off-site backup at a disaster recovery site, is more robust. Sacrificing either metric, to reduce spend, could have negative consequences on the ability of your business to bounce back from disaster.
(4) “… using a BCP video in induction training… 200 eyes looking at security is better than two IT eyes… ” Business continuity policy is only one step of regular training and review. There are many IT disaster recovery training providers for employees that can bring awareness and support to ensure the plan works and everyone knows their role within it.
Cloud strategy Q&A: What does your business need to know?
Although I can appreciate the genuine challenges that lead to these excuses – the absence of preparedness acts as a catalyst for those “if only we had..” or “what if..” moments that are estimated to cost UK businesses upwards of £2 billion in unplanned downtime. Even more punitively 60% of small businesses who lose access, to either operational systems or data, often cease trading within six months of the disaster.
More recent research out of London South Bank University suggests the cloud could provide the most feasible solution. Due to its dynamic scalable and high availability structure it’s perfectly placed as a disaster recovery service, both low cost and minimal recovery time without data loss. A recent IBM patent shows a program currently under-development that would have the ability to recover servers during a disaster event, or at the very least allow for continued operations in the event one or more assigned resiliency attributes to fail. By linking a single or group of servers to an independent partner resource at an offsite location, workloads could be duplicated at recovery point to eliminate any form of disruption. A similar cloud service is already widely available if you set-up Microsoft’s Azure site recovery.
Do not wait for the next natural disaster, cyber attack or infrastructure breakdown impede your business. It is a matter of when not if, and your employees are relying on you to ensure the plan is in place (and practised!).
Written by Dr Laura Marulanda-Carter, Head of Curriculum IoT at Milton Keynes College
What’s causing the move to the cloud? It’s all about digital transformation
Agility, flexibility, scalability and eventually, digital transformation (or digitisation). This is why organisations are moving to the cloud in their droves
Recommended for further reading:
Information Storage and Management: Storing, Managing, and Protecting Digital Information in Classic, Virtualized and Cloud Environments by EMC Education Services. ISBN-10: 1118094832
Business Continuity and Disaster Recovery Planning for IT Professionals by Susan Snedaker. ISBN-10: 0124105262
Implementing Operations Management Suite: A Practical Guide to OMS, Azure Site Recovery, and Azure Backup by Peter De Tender. ISBN-10: 1484218256