Why You Need To Put Business Continuity Ahead Of DR In The Cloud
The emergence of disaster recovery as a service (DRaaS) has made thinking about disaster a whole lot less scary for an increasing number of organizations. It’s cheaper than outfitting a separate and equal disaster recovery site that mirrors your data center. It helps your CFO shift costs from the capital budget to the operations budget. It’s backed up by service level agreements (SLAs) with your cloud provider—or should be. It frees your IT team to concentrate on physical and personal challenges presented by the disaster itself. And it’s way faster than tape.
For all its much documented benefits, however, implementing DRaaS, does not excuse you from addressing the state of your typically unloved business continuity plan. To borrow a popular metaphor: DRaaS is the cart, and business continuity is the horse. Unless you make the commitment to develop and/or refresh your long-term business continuity strategy, your DRaaS solution will save your critical data but you could still lose your business.
DRaaS is a technology. It will save whatever data you tell it to, but the success of your business depends as much if not more on the effectiveness and efficiencies of your processes and procedures. Critically reviewing, evaluating and improving your processes and procedures, as a result, is essential to ensuring the success of your business. Skip that step and the business you are protecting with DRaaS, may still not survive.
That’s the stick: commit yourself relentlessly to the rigors of business continuity planning or risk getting whacked with otherwise avoidable failure. There is so much to dislike about that thought that many, if not most organizations, are inclined to not think about it at all. Business continuity planning is something they did five years ago—or more—and it was so much fun then, that they never, ever want to do it again. The whole process was time consuming and disruptive. Some veterans of past business continuity initiatives compare them to being sequestered for a murder trial.
It doesn’t have to be like that. There is a carrot for business continuity…actually several:
- Business continuity is not just about finding what’s wrong with your business operations, it’s more about identifying what’s right and then finding ways to make them more efficient, reliable and resilient. It’s an opportunity to think strategically, not tactically.
- Business continuity is not about finger pointing, as much as it is about team building. The continuity of your business, after all, is the shared responsibility of everyone, not just the IT department, but business stakeholders as well.
- Addressing business continuity fosters not only communications, but also collaboration across the entire organization. Business continuity planning requires that IT and business units share in the responsibility and accountability for the overall well-being of the organization.
The Power to Act
As with any long-term objective, developing a business continuity plan is best undertaken in a phased approach. A good first step is the development of a business continuity roadmap that identifies where you are now and where you want to be in the future. You need to identify risks to critical systems—business and IT—and establish just how much risk you are prepared to accept. (There is no getting rid of all risk.) The roadmap also needs to project a budget that shows specifically what needs to be done, over what period of time, and how much it will cost. You don’t have to do it all at once. Implementing your plan needs to be a sustainable effort, so you need to map out what you can accomplish with available resources over an acceptable period of time.
Cataloging and rating the threats to your survivability has the additional benefit of demystifying them and making them approachable and resolvable. It is a fact of life that most things are scarier when you have your back turned to them. Having knowledge gives you the power to act and allows you to be proactive, instead of reactive.
The key deliverables that result from a comprehensive business continuity plan are choices. You get to decide what to do before a disaster instead of afterwards or worse, in the middle of one. Better yet, you get to choose what steps you and your CFO are willing to take to reduce or eliminate risks to your organization’s continuity of operations. There may well be chances your organization is prepared to take; but you at least need to know what they are.
Business continuity planning is not a one-time project. It is a living process like a healthy diet or an exercise routine. The scope of an effective plan needs to be as broad as the organization it is designed to protect, and to ensure that every detail is accounted for and all the right stakeholders are involved.
A good time to talk seriously about business continuity is any time your organization is facing a significant change, i.e., a major systems upgrade, acquiring another company or being acquired. Success is one of the best reasons to ensure nothing happens that would suddenly turn your fortunes in the opposite direction.
The true value of business continuity planning is not limited to technology. Done correctly, the exercise of developing and implementing a thorough business continuity plan opens ongoing conversations between IT and business units which contributes to a sense of trust as well as a shared confidence in their combined abilities to work together as an efficient team to face whatever challenges lie ahead. Hitch a well implemented DRaaS solution to a vigorous business continuity plan, and you have a winning combination of long-term sustainability and affordability.
As Logicalis practice manager for protection services, David’s role is to develop comprehensive best practices and disaster recovery and business continuity solutions that protect Logicalis customers from suffering a significant data loss that could impact or threaten their businesses.
Latest posts by CloudTweaks (see all)
- 7 Cloud Security Mistakes Bound To Bite You - July 2, 2015
- Bridging The Chasm Between Business And IT – GRC Way - July 1, 2015
- Cisco Expands Portfolio By Acquiring Threat Protection Firm OpenDNS - June 30, 2015