Business continuity planning helps ensure that an organization can recover quickly should downtime or disaster strike.
The 2014 hurricane season has been quieter than anticipated, with only one storm impacting the eastern U.S. But with several months left to go before the season officially ends, organizations would be wise to take stock of their disaster preparedness. How much time would it take to recover data and applications in the event of a data center outage? How much would it cost?
Hurricanes aren’t the only cause of disaster, but they serve as a stark reminder of the importance of business continuity and disaster recovery planning. Most organizations are unprepared even though unplanned downtime is virtually inevitable. Research from the Ponemon Institute found that 95 percent of companies experienced a data outage within the past 12 months. Another study from Gartner revealed that about one in four organizations have experienced a full data disaster.
“Statistics show a steady increase in the number of climate-related disasters since the 1970s,” said Krystal Triumph, IT & Telecom Advisor, Atlantic-IT.net. “Malicious cyber-attacks are also on the rise, as well as other types of man-made and technical disruptions. Experts warn that organizations should consider disruptions to be regular events and plan accordingly.”
Without a documented and tested business continuity and disaster recovery strategy, the financial impact of such disruptions can be staggering. According to Gartner, downtime costs $70,000 per hour for midsize companies — and those organizations experience 16 to 20 hours of network, system or application downtime per year. The cost to repair damaged relationships and a tarnished reputation could be even more expensive. In fact, PwC found that seven in 10 organizations that suffer a major data loss shut their doors permanently within a year.
What’s the Difference?
Many organizations confuse the concepts of business continuity and disaster recovery. While definitions may not seem important on the surface, understanding the distinction between the two can help organizations plan more effectively and minimize the risk and impact of downtime.
Disaster recovery is the process of storing data at a secondary site so this data can be quickly recovered and accessed when a disaster occurs. The speed of this process is critical. If disaster recovery isn’t well-planned, or if the organization has no plan at all, it could take days or weeks to recover and access data. Some data may need to be re-created, which could cost thousands of dollars, and other data may be permanently lost. If the organization is subject to regulatory compliance requirements, the failure to produce data could result in severe penalties.
Disaster recovery is just one component of business continuity. Gartner states that, in addition to a disaster recovery plan, business continuity should include a business resumption plan that identifies how critical services are maintained at a crisis site, a business recovery plan that identifies how business functions will be recovered at a secondary site, and a contingency plan that identifies how events that affect the organization will be managed.
“While disaster recovery focuses on data, a business continuity plan includes the processes and procedures that enable an organization to operate during and after a disaster with little or no downtime,” Triumph said. “Business continuity planning also prioritizes what data and applications need to be recovered based upon the needs of the organization as well as customers, business partners and vendors.”
Data protection is still a key component of business continuity. Data should be stored in at least two locations simultaneously, with a failover mechanism that makes it possible for users to access data and applications from a secondary source when the primary source goes down.
Clearly defined processes and effective internal and external communication are also critical. Organizations may be able to recover data quickly but find that the data is difficult to access because passwords and other essential information are lost.
Business continuity plans must be regularly tested and updated through mock exercises and drills so organizations can carefully analyze any number of “what if” scenarios. Weaknesses, errors, omissions, discrepancies and threats need to be identified and addressed. For example, will the plan allow the organization to live up to contracts with customers and business partners?
“The 24×7 nature of today’s business environment underscores the need for effective business continuity planning,” said Triumph. “Zero downtime is the goal. Downtime measured in minutes is tolerable. Downtime measured in hours can be crippling, while downtime measured in days or more can devastate a business. We live in a world in which people expect fast access to data, fast answers to questions and fast decisions. Only through proper planning and preparation can organizations meet these expectations.”
Given the complexity of today’s IT environments and the sheer volume of users, devices and data that networks must support, organizations should operate under the assumption that disruptions will occur. The key is to have an effective business continuity plan in place to ensure that normal business operations can continue with little or no downtime when something does go wrong.