Not many people read IT Disaster Recovery plans for pleasure but these documents are often far more insightful than the organisation’s Annual Report. That’s because the quality and scope of the DR plan instantly reveals the company’s relative priorities, levels of resource investment and commitment to business continuity planning.
At the very least, a robust, up-to-date and proportionate IT disaster plan shows not only that somebody cares enough to try and keep the wheels of industry turning but has also put adequate measures in place to minimise the risks of unexpected IT failure.
Of course, the interpretation of ‘adequate measures’ will always vary from organisation to organisation, according to local needs and resources, because there is no cookie-cutter model (one size fits all) for disaster recovery.
Nevertheless some fundamental principles do apply, regardless of organisation size and scale, which means that Small and Mid-Sized Businesses (SMBs) face very similar DR challenges to those of their larger counterparts. Even the smallest SMB needs to take some steps to protect the integrity of its business systems when things go wrong.
A Freeform Dynamics’ study focused on organisations with between 50 and 1000 employees shows that SMBs generally care about IT disaster recovery and proactively establish DR measures, even if they don’t always describe them in such terms. However, the research also highlights some gaps and shortfalls in disaster recovery capability, which respondents readily acknowledge. Having said this, only 20% of SMBs indicated that investing in DR improvements would be considered as high priority spending:
The chart above is one of a number from the aforementioned research which tell us that a good proportion of SMBs are well aware of their DR challenges but most can’t afford to throw money at the problem areas, particularly in a difficult economic climate.
But that shouldn’t stop them taking a fresh look at their disaster recovery plans, not only to see if there are any affordable opportunities for incremental improvements in key areas, but also to check that any previous plans remain properly aligned with their systems portfolio and infrastructure. Chances are that some re-alignment may be necessary, particularly if business systems, IT infrastructure or services have been changed or introduced since the last DR review. It’s also vital to pay specific attention to any changes in business priorities, working practices (such as growth of remote/mobile working), service delivery models or service providers, because these will all directly affect the business continuity and disaster recovery requirements.
Likewise a previously suitable mix of DR tools, techniques and technologies might now benefit from a rethink. SMBs may find that the falling cost of storage, the mainstream readiness of virtualisation technology and the maturation of third-party hosting services (including Cloud) offer real benefits of cost and timeliness, in terms of better IT resilience and recovery, when compared with a ‘traditional’ DR approach, such as offsite tape backup and recovery.
Perhaps, though, the biggest challenge for a smaller business is in knowing what ‘effective’ DR and good business continuity planning looks like in practice. This is where awareness of what works well elsewhere can be invaluable.
In an attempt to flush out some of the ‘best practices’ for SMB disaster recovery, our analysis of the research sample divided the interview respondents into two groups: a) those with comprehensive/ good IT DR, and b) those with inadequate/ poor IT DR capabilities.
On comparison of the two groups we saw some significant differences, with seven specific characteristics, or behaviours, that appear to stand out as ‘enablers’ of better DR performance.
Some of these enablers, such as inclusive planning (i.e. ensuring that IT disaster recovery planning is fully co-ordinated with general business continuity plans for people and process) and the prioritisation/ funding of DR investments, are hardly surprising because they represent the fundamental points of entry to effective DR anyway.
However, other enablers identified in the research may be less obvious to an SMB hoping to improve IT disaster recovery capability. These include the use of alternative storage media and advanced DR solutions, such as Continuous Data Protection (CDP) which facilitates rollback or recovery to a particular point in time – extremely useful if a key data store has become compromised, or otherwise invalidated by application or user error.
For a full discussion of the effective DR enablers and more information on this topic, you can download the full research report here.