Organizations of all sizes are vulnerable to business disruptions - natural disasters, unplanned outages, human errors, critical system failures, or cyberattacks, and the list can go on and on. The tough question is not whether you will be hit by one of these unforeseen disasters, but when; and when it happens, how long would it take your business to recover if you lost even an hour or a day’s worth of data from your most important mission critical system?
A Business Continuity and Disaster Recovery (BCDR) plan deals with the people, processes and resources that are needed before, during and after such disruptions occur. It includes many aspects such as risk assessment, facilities management, emergency management, communication as well the technologies utilized for data backup and recovery actions. A robust BCDR plan is the key to recover quickly from any unplanned disruption. However, there are many misconceptions about how to build a BCDR plan.
Misconception 1: BCDR is an IT Department’s Responsibility
Yes, there are technical components in a BCDR plan that include the design and implementation of technologies for backup data and restoring data centres, and applications. However, BCDR should first and foremost align with your business objectives, and it should never be just an IT function. As such, a fully functioning BCDR plan should involve executive management, business unit leads (i.e. HR, Finance, Operations) and IT leaders (i.e. infrastructure, application development, security). The combined group, each with defined roles and responsibilities, should communicate and collaborate with each other to decide:
-
Recovery priorities of critical business systems and services
-
Acceptable recovery time frames – Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
-
Business continuity operating procedures
-
Disaster response and restore operations
Misconception 2: I Don’t Need to Refresh My BCDR Plan
If nothing has changed since you last reviewed your BCDR plan, then you’re probably right. However, typically this is never the case. Think of how much and how fast things are evolving around us – from modified work practices (remote work), new technology introductions (AI, IoT), growing extreme weather and climate concerns, cyberattack sophistication, to the most recent global supply chain issue. What worked 18 months ago will need to be reviewed to keep up with the ever changing operational and IT landscape.
A good practice for BCDR is to undergo an annual review including testing procedures to measure recovery capabilities and adapt to evolving business needs. In the past, Disaster Recovery testing was a difficult and potentially risky process. Today’s technologies and services have greatly eased the testing process. With virtual servers, you or your Managed Service Provider can set up DR test environments without the risk of harming production systems.
Misconception 3: Small Business Doesn’t Need BCDR
Hackers are constantly looking for vulnerabilities in networks, servers, and endpoint devices, to spread ransomware, plant other types of malware, steal user data, and more. According to the Verizon 2020 Data Breach Investigations Report, attacks on small to medium sized businesses (SMBs) amount to 28% of all cyberattacks in 2020; and 60% of small businesses that experience a large data loss incident go out of business within 6 months.
Even if you have a backup solution, how quickly can you restore systems to production? Or in a worst-case scenario, what if your backup systems have been attacked by ransomware? Remember, for every minute your employees lose access to business-critical applications and data, there is a direct impact on productivity and revenue. Cloud BCDR solutions have eliminated the need to maintain a secondary data centre for backup and DR, which typically only large enterprises have been able to afford in the past.
Misconception 4: Our Traditional Backup Is Good Enough
Backup is a critical part of BCDR, but it’s not enough. Traditional backup uses tape or dedicated disk for daily incremental and weekly full backups and duplicate copies are shipped off site for disaster recovery. Sound like a good plan? This only issue is when unplanned downtime happens, it can be very time-consuming to recover large data sets from tape.
Modern BCDR solutions use backup, snapshot, virtualization, and the cloud to protect data and enable fast restore so you can achieve RPO/RTO objectives.
Misconception 5: Most of Our Data and Applications Are in the Cloud Already so We Are Safe
Even if your data and applications are 100% in the cloud, you are not fully protected by those cloud service providers. Under the “shared responsibility” model followed by the major cloud providers, your business shares a lot of the responsibility for your data, including the responsibility for backing it up to an independent repository. Studies found that, by 2022, 70% of businesses will suffer an unrecoverable data loss in SaaS applications.
That’s why if you are using Microsoft Azure, Microsoft 365 and /or Google Workspace, you need to have separate backup to minimize downtime and quickly recover data after user errors, ransomware attacks, and more.
Furthermore, if you have multiple cloud vendors for different applications, this may result in multiple points of failure as well as longer issue resolution time requirements. A well-integrated BCDR solution with cloud-to-cloud backup will make data recovery quick and easy.
BCDR planning is a company-wide responsibility and failure to protect your business from human error, hardware failure, and/ or natural disasters can be detrimental and impact every stakeholder. If you have any questions and concerns about your current BCDR practices, contact Blair Technology Solutions today.