Putting a robust disaster recovery strategy in place is a bit like going to the dentist. We all know it’s important, but not everyone’s good at doing it in practice. High stakes
Some organisations – especially big firms or those in highly regulated industries – have exemplary disaster recovery set-ups.
At the other end of the scale, an alarming number of small and medium organisations have little or nothing in place, either not having ‘got around to it’ yet or simply hoping a crisis will never strike them – a high stakes gamble.
Many others have put some measures in place, but are operating under a false sense of security and are not nearly as well-protected as they believe.
I’ll look in subsequent blog posts at ways to create an effective disaster recovery (DR) strategy and what to look for in suitable DR facilities. But first, I’ll focus on the basic matter of why we need to have one at all.
Business continuity
Fundamentally, of course, it’s all about business continuity. You need to ensure that, if a crisis should strike, you can continue operating with as little interruption as possible.
Any significant disruption, even for a relatively short period, could well mean lost orders and therefore lost revenue and profits.
Depending on when it strikes, just a few hours’ downtime could mean your staff and suppliers don’t get paid or customers invoiced. It could cause internal chaos that takes you a while to bounce back from – even when the external crisis is over. This could affect staff morale and distract you from your core business at a critical time.
It could mean a blow to your reputation if you’ve let customers down – and the harsh reality is that reputations are far easier and quicker to damage than to repair.
And, if the disruption lasts a significant period or entails a loss of business-critical data, it could be devastating – even fatal – for your organisation.
While the exact statistics vary, there’s general agreement that most businesses will experience data loss at some point. And, in cases of major loss, a great many of these organisations aren’t in business two years later.
The good news
The good news is that a comprehensive DR strategy can protect you from all of this, whatever the nature of your organisation. While some upheaval in a time of crisis is probably inevitable, it should mean you can continue to operate with minimal impact on your customers, staff, processes and reputation.
So, given this, why don’t all organisations have a solid solution in place?
I think part of the answer, aside from blind optimism, is that many organisations don’t take proper account of the full range of risks that face them.
You might think of the most obvious disasters, such as a fire or terrorist bomb at your premises, and conclude that the risks – because, perhaps, of where you’re based or your fire protection systems – are slim.
But the reality is that disasters come in many shapes and sizes and are often far less predictable than this.
Hidden dangers
You could be hit by a fire in your local telephone exchange or a power outage which affects the whole area.
It could be a crisis that strikes another company in your building or based next door – but which equally affects you by closing off access to your premises. This could be anything from a fire to an explosion, a building collapse or protest action. You can take care over the safety of your own business, but you can do little to control the safety of other firms.
If you can’t access your premises and that’s where your IT systems are based, aside from a period of downtime, that could seriously affect your data. It maybe that no-one will be able to get in to back up on schedule. You may also find that, because your systems were suddenly interrupted, some of your data is corrupt when the power comes back on or you regain access, meaning significant work still to be done to restore normality – not to mention any data you’ve lost
It also might not a physical disaster at all but an act of data theft or IT sabotage by a disaffected member of staff, an intruder or a hacker. Just look at the huge damage a bunch of teenage hackers caused to Talk Talk’s business in 2015.
False security
The other reason I believe many organisations are not well enough protected is the false sense of security which comes from having a partial solution in place – typically some kind of cloud data back-up.
If you’ve chosen a cloud route, do you truly know exactly where and how your data is being stored? How well is it protected there? How easy will it be to retrieve in an emergency?
What level of support will your cloud provider give you in a time of crisis? Have you practised under realistic crisis conditions to stress-test the service and ensure you can get back up and running in a smooth, reliable process?
Too important
It may be that the disaster recovery solution you have in place is exactly what you need. But it might not. And with no less than your organisation’s survival at stake, it’s too important a matter to leave to chance.
In a later post, I’ll look at how to devise the most effective DR strategy for your organisation.
