Mark Wass, Director, Sungard Availability Services looks at some of the key challenges facing small businesses when it comes to continuity planning.
It’s no secret that today’s fast-paced world is driving demand for ‘always-on’ services amongst businesses and consumers alike. However, in addition to being ‘always-on’ and keeping things running in the present, businesses of all sizes must be prepared for unexpected future disruption. From the technological to the economic or logistical, businesses face a variety of threats of disruption, each of which must be incorporated into the business’ contingency planning – otherwise known as Business Continuity (BC).
Don’t let size determine BC priorities
Small and medium sized enterprises (SMEs) often deem Disaster Recovery (DR) solutions – such as datacentre co-location or server and networking back-ups – too expensive to core operations to fully invest in. Instead, they often settle for what is perceived to be a cheaper, DIY cloud-based platform approach and then assign responsibility for its management to a single individual.
However, an organisation’s core IT infrastructure will be and hugely complex regardless of the size. Even the smallest businesses will find the consequences of disruption become compounded when seemingly esoteric questions are left unanswered: Where are the independencies in the network map? Which applications are hosted in private and public cloud environments? Is the data stored in the cloud protected from corruption or from being blocked by a malicious third party?
Formerly the remit of IT teams alone, knowing the answers to these complex technical questions is now a strategic business imperative. The responsibility for the continuity of core IT must therefore be readily available and proactively shared amongst a number of key stakeholders within the organisation, benefitting both the business and the teams that it comprises with a faster and more accessible route to recovery.
Common DR/BC misconceptions
SMEs may think that, by sheer balance of probability, organisations with a larger IT footprint have a greater chance of one of their systems failing. In reality, an organisation’s scale should never be conflated with its vulnerability to disruption, with a recent report finding that medium-sized datacentres will experience over three downtime events each year, with each lasting over 3.5 hours on average.
There is also the belief that, if the office and/or core IT is hit by disruption, workers can simply log on from home or other remote locations via the organisation’s cloud environment. However, this creates two problems. Firstly, how can staff work remotely if laptops and/or other resources are left in an office which is no-longer accessible? Secondly, if staff either have their work laptops or can work from their own personal computers, how can the security of data be effectively ensured when using devices or networks separate from core IT?
The most effective way to reduce the impact of a workplace office loss is to instantaneously pick up the whole thing – people, information, management, support structure etc. – and transplant it somewhere else that is equally easy to get to and has the same feel and culture as the original. By taking a holistic stance and incorporating point business continuity solutions such as workplace and IT disaster recovery into a larger resilience strategy, organisations can ensure that the loss of a workplace becomes a minor operational blip as opposed to a full-blown disaster.
Combatting disruption in 2020
Ultimately, SMEs need to be aware of the cross-over between the resilience of IT systems and the resilience of the business overall. With the right combination of having the right DR tools, planning for a diverse set of contingencies, and sharing the burden of knowledge relating to the ins and out of IT infrastructure, SMEs can take the first steps toward ensuring overall resilience and availability of their products, services and operations.
A comprehensive business risk assessment conducted at regular intervals is key to gaining access to the information organisations need to reduce downtime during periods of disruption. Assessments help identify needle-in-a-haystack components which can quietly take down entire systems, calculate recovery time, and outline the method and objectives of recovery efforts. At the end of the day, regularly testing these small but vital aspects of business operations can be a far cheaper alternative to ad-hoc recovery efforts, which may not succeed in the first place.