The Ritz Herald
© Getty Images

A CEO’s Guide To Disaster Recovery Planning

Published on June 24, 2019

The word “disaster” evokes a catastrophic fire, a massive data breach or another large-scale event that seems unlikely to happen to your business. While these certainly could be classified as disasters, there are many other — much smaller — events that can be disastrous for your business, such as everyday downtime that cannot be quickly resolved or a ransomware attack. Some of these events start externally to your business, but many others are caused by the poor decisions of internal staff members or contractors. This type of disaster is much more likely to occur, but it is difficult to predict or prevent and can have the same ruinous impact on your business. According to the premier global market intelligence firm IDC in a recent whitepaper entitled The State of IT Resilience, “IT resilience needs to be a key strategic priority for any forward-thinking organization and data protection needs to be top of mind for organizations in this resilience effort.” See how having a proactive business continuity and disaster recovery (BCDR) plan in place can help accelerate IT and the digital transformation of your business.

  • What Does IT Resilience Really Mean for Your Business?

There are plenty of buzzwords in technology, and IT resilience is one that can mean different things for businesses depending on their unique needs and vertical. In computer network terms, IT resilience can be defined as the ability to provide and maintain an effective level of services in the face of faults and challenges to normal operation. Your network infrastructure and business systems must be prepared for any type of planned or unplanned disruption to service levels to mitigate the impact of downtime on your business. Many experts consider that there are three key aspects of IT resilience strategies: continuous availability, multi-cloud agility and workload mobility. Each topic helps your business weather the storms caused by disasters and allow your business to evolve with confidence with the peace of mind knowing that you are prepared for nearly any eventuality. Granted, there can be a great deal of activity required to attain true IT resilience and this work may feel more like an insurance policy that you may never use. Unfortunately, disaster recovery plans are launched much more often than many business leaders realize.

  • Disaster Recovery Statistics That May Surprise You

According to IDC’s research, the research firm estimates that 50% of business would not be able to survive a disaster event due to a lack of offsite backups, disaster recovery (DR) planning and automated DR processes within the organization. There are costs associated with disaster recovery planning in terms of opportunity costs, time and training — but the trade-off for this investment is the peace of mind that your business can recover after a disaster event. In the same study, 93% of the 500 respondents from 10 unique industries including financial services, manufacturing and information technology representing all sizes of organizations from across the globe reported that they had experienced tech-related disruptions in the past two years. Of these, 20% of the individuals reported that their business suffered a permanent loss of customers and major damage to their reputation as a result of the disruptions to their business.

  • What is the Difference Between Traditional Backups and BCDR?

A traditional backup schedule may have involved hard disks or cloud-based backup, but business continuity and disaster recovery paradigms considerably expand the scope of what your business can accomplish after a disaster event. With traditional backups, your business data is protected but the infrastructure underlying your business may not have the same level of support. An outage would still require substantial effort on the part of internal technology teams and would likely require external support from technology partners or consultants as well.

With business continuity and disaster recovery plans firmly in place, your business would conceivably continue functioning as normal with only some slight glitches as systems or servers are transitioned. Staff members could trust that their outage is only short-term. In the best case scenario, your customers and business users may not even realize that a loss event has occurred as their work and access to business systems is seamless. It may not be a realistic goal for all businesses to rise to the level of preparedness required, but this type of planning is crucial for healthcare and financial businesses. The level of disruption to your business is minimized and you don’t risk the loss of consumer confidence that can be devastating to the future potential of your business.

3 Ways a Lack of Disaster Recovery Planning Can Impact Your Business

Having a proactive disaster recovery plan in place can save your business from financial and operational ruin. Without the proper plans and testing in place, there are three main impacts that you can expect to see on your business.

1. Loss of Productivity

Expect productivity to plummet as staff members scramble in an attempt to answer customer questions, place orders and perform their daily activities without access to required business systems, customer data or telephony. It’s not unusual for it to take weeks or even months to fully bring all business systems back online. During that time, your staff may have to resort to paper record-keeping, personal digital devices for communication — all of which can lead to additional security risks as well as frustration on the part of employees, customers and vendors.

2. Customer and Staff Frustration

Today’s systems are so interconnected that it’s hard to imagine what life would be like without our computers. Business telephones and communication systems are intricately connected to network infrastructure, causing everything from email to voice mail and long-distance calling to fail during a disaster event. When customers can’t access your website, they’re likely to flood your call centers or customer service line — all individuals who will be unable to assist due to lack of access to digital customer information. Manufacturing and accounting are heavily impacted, too — reducing productivity in those centers and causing backups throughout the business.

3. Financial Impact of Recovery

Recovery starts with rebooting your infrastructure, which could involve everything from rebuilding servers and networks to restoring customer business data from recent backups. Determining the delta of any data gaps takes additional time — all while technology teams are facing the clamor from employees, customers and leadership. Many organizations bring on expensive external IT consultants to help manage through the chaos, but it takes time to bring new people up to speed on your infrastructure and business needs. If you suffered a customer data breach, there could be additional compliance and notification implications for your business, too.

Creating a disaster recovery plan can be time-consuming, but it’s not difficult to see the value when you are faced with the reality of what can happen when your business experiences an extended outage event. If your technology leaders are not already pushing this initiative, it’s not too late to get started.

Getting Started with Disaster Recovery Planning

Having a solid data backup plan in place is a great first step, but creating a comprehensive disaster recovery plan is much more involved. Start with creating a business impact analysis and then define a plan that will address your needs for specific events. Your disaster recovery plan should take into account all activities that need to occur to bring your business back to full operational health.

  • Determining Business Impact

Different business will have varying requirements for minimal operating activities and their timeline, often defined as “RTO and RPO”: Recovery Time Objective and Recovery Point Objective. Your disaster recovery plan (DRP) should include both of these key statistics. For instance, financial and healthcare operations may not be able to afford to lose a single piece of client data due to an outage, which requires a much higher (and more expensive) level of preparedness, while a smaller manufacturing firm may feel comfortable being able to rebuild data gaps of an hour or even greater. The cost of near-instant disaster recovery is much greater than if your business is a bit more flexible in terms of timeline. While all outages have a cost impact, it’s important that business and IT leaders balance this against the cost of preparedness.

Understanding the business impact of a disaster requires a full understanding of your systems and assets, making an inventory a critical part of your disaster recovery plan. Process maps and engineering plans of your systems and network and communications infrastructure should all be documented and included in your DRP, including cloud-based software or virtual machines (VMs) that are utilized. Even data locations — physical and virtual — should be included in this stage of your planning process. Consider exactly what would be needed to bring your business back to full operational health, although these plans can have various scenarios based on a specific disaster event.

  • Planning for Specific Disaster Events

Few people could have anticipated the scale of the floods, fires or other natural disasters over the past few years — and fewer still businesses prepared for this type of widescale devastation. Spinning up new offices remotely for workers who no longer had an operational business caused all manner of difficulty and additional costs for businesses in these regions. Businesses found themselves scrambling for resources as hundreds of their competitors picked up market share as the result of extended outages. Planning for this type of specific disaster event includes identifying the potential risks and determining recovery steps at a variety of stages to support recovery: immediate, intermediary and final.

Throughout the disaster recovery planning stages, it’s imperative that you not only define the steps that need to be completed but also that you define who will be performing the action. Assigning deliverables in this way will help your business rise above the chaos that an outage event can create. Disaster recovery plans should be close to hand with key leadership having a communication strategy to let customers, employees and other stakeholders know about the event and the plans for immediate remediation. This could include everything from posting a banner on your company website and intranet to text-based or email notifications directly to customers and staff members. Create drafts of these messages for various scenarios so they can simply be triggered instead of needing to go through formal review in the event of a disaster. Automate as much of your recovery procedures as possible, and document closely to avoid overlap as staff members attempt to quickly bring systems back online.

No one wants to contemplate that their business could ultimately fall apart in the event of a disaster. CEOs that get involved and raise the awareness of the importance of this exercise are mitigating yet another risk to the ongoing operations of their business. It’s vital that you prioritize this type of activity, even though it may mean reducing the availability of your technology team and key business leads for a short period of time. The short-term compromises in driving technology initiatives forward will more than pay off in the event of a disaster event.

Staff Writer