If you think most companies have a business continuity (BC) plan, think again. Three out of four companies are not ready to face a disaster, according to the 2014 annual report by Disaster Recovery Preparedness Council (DRPC).
This is surprising on two counts. First, C-level executives have seen the havoc created by a series of high-profile data breaches and natural disasters in the last several years. Second, data protection, security and disaster recovery (DR) are expected to be among the top five areas driving spending on storage-related services during the next 12 to 14 months, according to a recent IDC survey.
So, what's the holdup?
“Many companies have chalked out a backup and recovery strategy, but are still in the process of moving to a full-blown, comprehensive business continuity strategy," said IDC program director, Storage and Data Management Services, Paul Hughes.
Stay A Step Ahead Of Disaster
Too many organizations think they are all set when all they have is backup and recovery technology. However, backup and recovery are not enough to keep a business running in the face of a storm or earthquake. They are just ways to restore data and applications after a data center or servers get damaged or destroyed.
According to Hughes, companies need to assess their risks before any problem occurs, and proactively plan how they will manage disasters and operate with minimal or no downtime or service outage. Business continuity is a continuous process—and not something that can be implemented at the time of a disaster. The consequences of being caught without such a plan can be serious, he added.
Downtime Hits Bottom Line
It is easy to see how outages can lead to financial losses—downtime affects productivity, revenue and profits.
“Loss of Internet connectivity is a serious business risk," said Hughes. "It could kill or seriously damage a small company. Imagine a small online retailer that is offline for a few days. It will surely lose revenue, but might lose several customers permanently."
The DRPC report confirms his warning: Losses from outages ranged from a few thousand dollars to millions of dollars, with nearly 20 percent of businesses indicating losses of more than $50,000 and some exceeding $5 million.
Loss Of Critical Data
More than one-third of organizations lost one or more vital applications or critical data files for hours at a time over the past year, according to DRPC. And it might not be enough to just deploy a backup solution. A Kroll Ontrack survey from March 2015 found that more than half (61 percent) of companies had a backup solution in place at the time of data loss.
Hughes advises that companies validate their solutions over time to check for any coverage gaps or oversights in backup protocols. This is important any time, but especially when companies merge and migrate their data or software. “Mergers and acquisitions are a point of greater risk," he said. "I recently interviewed an organization that suffered a major data loss. They had recently acquired another company, which allowed employees to transfer data via USB drives, thus creating a vulnerability."
Information Leak
Customers can flee in droves when a company loses their sensitive data. It's no wonder when you consider that almost half of respondents in a 2012 Ponemon survey believe identity theft means their identities are at risk for years or even forever. Reports of high-profile security breaches at companies from Target to Home Depot have only added to consumers' concerns.
Breaches and outages can negatively impact your internal customers, too—causing further damage to the business itself. "If you are part of a sales organization of a large company, it would be frustrating if you are disconnected from the rest of your company and can't complete your sales," Hughes said.
What's Your Business Worth?
Thankfully, there are several ways to save your business from disaster.
“Start with an assessment of business service-level requirements; calculate the cost of downtime to decide on your tolerance for downtime; and then lay out a plan," advised Hughes. The idea is to identify critical areas of business and make them more resilient.
For small and mid-sized companies, Hughes recommends cloud-based disaster recovery as a service option. “A lot of new technology providers that have evolved from a cloud foundation offer comprehensive disaster coverage at low cost," he said. Also, putting your business in the cloud could offer better protection during a disaster than replicating your infrastructure in various locations.
But there is no one-size-fits-all BC plan. Every plan should begin with a realistic understanding of IT and business architecture across the company and its vendors and customers. "Take a close look at your business processes, criticality of your data and budget before you decide whether you want a third party managing your disaster recovery, a cloud-based offering or a hybrid approach that uses a back-up appliance," Hughes advised. Equally important, he added, is the need to draw out specific disaster scenarios and communicate a detailed step-by-step plan for each across stakeholders.
Disaster recovery and business continuity are complicated issues and require thoughtful planning and collaboration across departments, but there are some basic truths: Your business continuity plan should be governed by how you value your business and which parts you value most.
