Overcoming the impact of a major disaster on their IT infrastructure

Overcoming IT Infrastructure Disaster

One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT infrastructure, let alone built a comprehensive disaster recovery plan.

In fact, more than 95 percent of the SME customers that my colleagues have worked with over the last 20 years had never contemplated the impact that a fire, flood, or even the more mundane threat of employee sabotage might have on their businesses. And when confronted with the costs and time impact of implementing a disaster recovery plan — along with the associated processes of dry runs on recovery, staff training, hardware investment, and redundant systems — their willingness to leave it to luck only increased.

Of course, as our colleagues at our sister company Acronis have said, there are only two kinds of people in the world — those who have lost data and those who are about to.

The good news is that with the technologies available to you today and the significantly lower costs associated with implementing those technologies, disaster recovery and disaster planning are much easier. At Acumatica, the systems that host our customers’ data in our software-as-a-service (SaaS) deployment and licensing model are hosted in the cloud and have regular snapshot backups and sit on fault-tolerant servers with redundant power, network infrastructure and storage systems in bomb-proof, earthquake-proof, physically secure, flood-proof, and fire-proof environments. All this protection is provided at a fraction of what it would cost for a customer to provision and deploy those solutions.

But even if you have chosen to deploy critical systems such as your enterprise resource planning (ERP) software and data in such an environment, there are still other components that you need to consider. For example, how do you manage all your document storage, security infrastructure, and access control, such as the systems provided in your on-premise server deployment?

Stop for a second and consider what would happen if you lost access to all your correspondence with customers and suppliers — not just the financial data but all the letters, emails, and general information that gets exchanged in the course of day to day transacting.

Imagine if someone decided to maliciously damage a server, either physically or via some kind of computer-based mechanism. How long would the business be out of action, and what would be the cost in terms of lost business and also reputational damage? That’s one thing that can take years to recover from, and for many small businesses it can be insurmountable.

recovery-cloud

So how do you start to plan for this, and what do you need to consider? The first two areas are your recovery time objective, or RTO, and your recovery point objective, or RPO. These are two new three-letter acronyms for you to learn and impress people with at parties.

The recovery time objective is the amount of time and the service level to which a business process must be restored after a disaster (or disruption) to avoid unacceptable consequences associated with a break in business operations. As an example, if a disaster occurs at 10:00 a.m. and the RTO is 8 hours, the DR process would ensure recovery to the acceptable service level by 6:00 p.m.

The recovery point objective is the acceptable amount of data loss measured in time. For example, if the RPO was two hours, after the system was recovered, it would contain all data up to a point in time that is prior to 8:00 a.m. because the disaster occurred at 10:00 a.m.

You need to decide an acceptable RTO and RPO based on the financial impact to the business when your systems are out of commission and plan accordingly. And not just plan accordingly but budget accordingly on what you are willing to spend to achieve that recovery time objective.

To build a truly fault-tolerant system you need to think about the following:

  • Facilities to house the required infrastructure, including redundant power and cooling
  • Security to ensure the physical protection of assets from fire, theft, flood, or malicious attack
  • Suitable capacity to scale the environment to effectively replicate your systems to an acceptable service level
  • Support for repairing, replacing, and refreshing the infrastructure
  • Agreements with one or more Internet Service Providers (ISPs) to provide redundant Internet connectivity that can sustain bandwidth utilization for the environment under the expected load
  • Network infrastructure such as firewalls, routers, switches, and load balancers
  • Enough server capacity to run the business-critical services, including storage, for the supporting data and servers to run the core applications and network infrastructure services such as user authentication, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), monitoring, and alerting.

It’s enough to make your head spin. Of course with your data safely housed inside the Acumatica SaaS platforms, you won’t have to give those systems running your ERP software another thought, but it’s well worth thinking about the other mission-critical components of your business infrastructure, including your Internet infrastructure. In a SaaS environment, this can be as simple as ensuring you have a wireless 4G router to provide backup Internet service and a couple of Chromebooks in case you need to relocate your team to run the operations in the event of an emergency.

Our sister company Acronis specializes in providing software that can help you protect your data and have a broad range of solutions for the home and small business right through to the large enterprise.

By Richard Duffy

Richard is a Cloud ERP Evangelist and VP Partner Strategy and Enablement at Acumatica. He has more than 20 years of experience in the ERP business, including SAP, Microsoft, and Dynamics GP.

David Dymko
Working with virtual machines and or Kubernetes A conversation with David Dymko, Director of Engineering for Cloud Native Development at Vultr.com If you work with virtual machines and or Kubernetes, and if you have some ...
Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Derrek Schutman
Implementing Digital Capabilities Successfully Building robust digital capabilities can deliver huge benefits to Digital Service Providers (DSPs). A recent TMForum survey shows that building digital capabilities (including digitization of customer experience and operations), is the ...
Dan Teichman
Cloud-Native Communications Historically, Communication Service Providers (CSPs) networks ran on purpose-built hardware. However, in the early 2000s organizations started to update their infrastructure, moving to virtualization. Now, providers are looking to take the next step, ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.