As a business continuity (BC) specialist, you know how crucial a BC plan is to an organization’s continued livelihood during the event of a disaster. You also know that simply having a BC plan in place isn’t enough to mitigate the risks of downtime because BC plans demand continuous attention and iteration – a process many organizations call the “business continuity lifecycle.”
To embed a process of BC within an organization, employees must anticipate new threats and react quickly to changes. According to the BC consulting firm, Preparis, there are four areas of impact at stake during any crisis: loss of facility operations, loss of information, loss of personnel, and loss of reputation. But protecting each of these aspects can be difficult when changes in technology often catch businesses off guard. Since operations have become so reliant on technology, this makes slow recovery of IT systems a hindrance to recover other business functions.
For this reason, many companies are finding value in pairing BC plans with IT disaster recovery (DR) plans. Given that BC takes a holistic approach to continuity and should include the technology aspects of recovery, you might be thinking, “Do I even need DR?” You may not be alone in thinking this – but here’s why you do.
Wade Tucker, Chief Sales Officer of Preparis, emphasizes the important relationship between BC and DR, saying, “Preparis strongly believes that this all-hazards approach is best when writing a BC plan, but there needs to be additional, more in-depth documentation on how exactly IT operations would be recovered in the event of loss of information technology. Combining both of these types of plans will ensure less down time and quicker recovery for any company.”
Having a BC lifecycle may be sufficient for most business units, but to account for the full resiliency of IT operations, companies must give an increased focus on the technology components of recovery. A BC plan may not examine or plan for some important technology dependencies, whereas a DR plan gives monumental attention to these aspects. DR plans communicate details back to the business for a more realistic uptime goal, which ensures the rest of the BC plan can be executed successfully.
DR and BC are therefore inextricably linked. The problem, however, is that some IT teams may not approach the DR process with an eye toward BC connectedness – they may overlook key stakeholders outside the IT department. Worse, the time-consuming responsibilities to monitor, test and iterate a DR plan may overwhelm an already-busy IT department focused on bimodal transformation. For example, a recent ALM survey found that 40% of respondents rated “overwhelmed IT teams” among the top three biggest challenges to continued IT operations. When organizations don’t have adequate resources for DR, you risk a less-than-perfect data recovery solution – which, as you can guess, puts a strain on a company’s overall BC strategy.
Disaster Recovery-as-a-Service (DRaaS) emerged as a way to mitigate these pain points, adding resources to stretched IT teams for proper attention to DR dependencies. Similar to BC plans, DRaaS takes a careful approach to ensure continuity. Keep in mind, however, that DRaaS has various delivery models, which need to be tailored to meet the needs of your company characteristics. This makes the selection of a DRaaS provider an important business decision.
The DRaaS process at Bluelock is similar to the BC lifecycle process you use today. We approach recovery so that BC and DR work in conjunction with each other, recognizing the unique demands of each business. As you know, a one-size-fits-all approach is not often the best choice for continuity. DRaaS needs constant nurturing and adjustments to ensure successful recovery, which may require a hands-on approach to check that systems are secure, data is being replicated, etc. A managed DRaaS provider like Bluelock can assist in these responsibilities, acting as an extension of your IT team.
In our DRaaS lifecycle, we validate, identify, develop and test continuously to ensure the DR process matches the recovery goals of your BC plan. Good DRaaS will start with an understanding of business impact to your business, or a Business Impact Understanding (BIU). Information from this exercise then allows detailed project scope and definition to be completed. If you need assistance, Bluelock has a set of common questions, which helps to prompt business units for accurate answers.
Once you’ve assessed how technology impacts your business, we work with your organization to design an environment to address a wide variety of events. To architect a solution around the most crucial aspects of continuity, our solution architects and network engineers use their experience to understand your organizations’ goals and the risks you are trying to mitigate during the design phase to create a solution consistent with your BC plan. Within this process lies the ability to develop a runbook and testing environment for tabletop exercises. During the implementation of recovery solutions, companies work with a project manager and onboarding consultant to check off milestones.
As you’re talking with IT teams and the concept of DRaaS comes up, make sure that their third-party provider shares the same passion for proper process planning as you do. To find the right solution for your business, encourage discussions around business impact, project scope and definition, implementation process, tabletop testing and runbook development. Because of the close ties between BC and DR for IT organizations, the livelihood of your organization could very well be at stake if these two plans are not aligned.
Going to DRJ Spring? Plan now to the attend Bluelock’s presentation on Sunday, March 26, 2017 at 4:00 – 5:00 p.m. During this session, a COO of a Chicago law firm will join us and discuss how her firm evaluated effective disaster recovery practices to protect their business.