Data protection is just one component of a disaster recovery plan.
What would happen to your business in the event of a disaster?
According to experts, the vast majority of business owners would respond, “I don’t know.” The sobering reality is that very few businesses have disaster recovery (DR) plans — of those, very few are complete and up-to-date.
Small to midsize businesses (SMBs) in particular generally lack the resources or budget to develop comprehensive DR plans. And given the relative rarity of major natural disasters, DR planning is seldom a high priority. Research shows that disasters such as tornadoes, floods, earthquakes, hurricanes and terrorist attacks cause less than 10 percent of all downtime.
Far more often, it’s the non-natural disasters that cause the greatest amount of business disruption. Humanerror is the No. 1 culprit, followed by network service provider outages, IT equipment failures, application glitches and power outages.
A well-designed and tested DR plan can minimize the duration and severity of business disruption due to disaster. However, many organizations confuse DR planning with data backup. While data protection is certainly an important part of DR planning, it’s only one component. SMBs need to understand the risks to the business and have processes in place for rapidly restoring systems, applications and data.
Planning Is Job One
Where to begin? The answer is as simple as the Boy Scouts’ motto: “Be prepared.” To do so, experts strongly recommend that SMBs perform a business impact analysis (BIA).
The first step is to identify all functions within the organization and determine the importance of each function to business operations. Would disruption of a particular function result in lost or delayed sales, increased expenses, legal or regulatory penalties, or loss of customers? The answers to these questions allow the organization to prioritize functions that are mission-critical.
Once these priorities are established, the recovery time objective (RTO) and recovery point objective (RPO) should be established for each function. The RTO is the allowable amount of downtime before the function is brought back online, while the RPO is the allowable amount of data loss since the last backup.
The RTO and RPO must be weighed against the scope of each possible downtime event. While a server crash might have an RTO of four hours, that would probably be unrealistic in the event of a tornado.
Of course, the likelihood of a particular event must be factored into the equation. A company located in the Midwest might not be threatened by hurricanes but may face danger from tornadoes. Likewise, an SMB located close to a river might have to factor in flooding while a business in California would have to consider the risk of wildfires.
Choosing the Right Solution
The BIA should cover more than just the breakdown of IT systems and applications. It’s important to consider physical damage to facilities, travel restrictions, restricted access to facilities and absenteeism of essential employees.
The COVID-19 pandemic drives home the importance of addressing these disruptive factors. Few organizations had anticipated a health emergency in which employees would be unable to come into the office. A thorough BIA puts organizations in a much better position to make informed decisions about disaster recovery.
The next step is to select a disaster recovery solution. Ideally, every organization would have a fully redundant data center with instant failover capabilities. However, this is a very expensive and complex solution that is beyond the scope of most SMBs and even many larger organizations.
It’s important for SMBs to remember that DR solutions come in all shapes and sizes. While an SMB’s needs are going to be vastly different from those of the Fortune 50, the same concepts and approach can be applied to identifying risks, developing a plan and selecting an appropriate DR solution.
Help in the Cloud
The good news is that the cloud has relieved much of the expense of DR solutions. Organizations can replicate vital applications and data in the cloud so that they can be accessed from virtually anywhere if needed. Some cloud-based DR solutions have minimal cost until they are activated.
Cloud-based data protection solutions automatically and continuously back up data to the cloud, where it is available for immediate recovery in the event of a system failure, malware, human error or other disaster. It ensures the recovery of all business-critical data and lets companies quickly return operations to the state they were in immediately before a downtime event. It also reduces the need to rely on staff to perform backup procedures or maintain costly equipment that often fails.
Disaster recovery is a classic back-burner issue for many SMBs. Faced with tight budgets, SMBs are more likely to pour resources into projects for which there is a pressing need or that promise clear-cut returns. They often prioritize disaster recovery right out of the picture.
However, experts estimate that 43 percent of companies experiencing disasters never reopen, 29 percent close within two years and 20 percent fail within five years. More than data backup, an effective DR plan can be the difference between survival and failure for businesses that experience a disruption.