Disaster recovery is important for every business, large or small. But how can small businesses with limited resources protect themselves? Especially as a ‘disaster’ doesn’t have to be caused by a major incident, especially in IT. Simple flooding or a malicious ransomware attack can bring systems to a standstill. And with daily business ever-more dependent on IT, the need for business continuity capability is clear. But have things changed much in the ten years since we carried out a study looking at Enabling Rapid and Effective IT Recovery in small and midsize businesses?
In fact, this week we’re looking back to a 2011 study many of whose results still hold true today. A significant finding was that, contrary to many assumptions, most small businesses do have disaster recovery (DR) plans in place, although their completeness, and the degree of formality with which they are recorded, can be variable.
In terms of IT recovery plans, the research indicated there were often significant worries around the completeness of the protection. This was clearly shown in the numbers who were concerned about how quickly they could get going again, not least because many had issues with their ability to cost-effectively test their recovery capabilities.
Better technology doesn’t always translate to fewer DR worries
You might hope – given advances in IT technology, such as sophisticated data protection solutions, data copy capabilities along with the widespread availability of cloud resources, IT automation and the development of virtualisation solutions – that the worries would be fewer now. However, conversations I have nowadays show that this may be wishful thinking.
The big challenges in 2011 are still major issues today, especially the lack of funding and the scarcity of human resources and good practice. IT DR must always battle for funding against other important projects. It seems as if many budget approvers must think, consciously or subconsciously, “Yes DR is very important, but it’s unlikely to be something we will have to use, so let’s spend the money available on something else.”
While the reluctance to spend on something often viewed merely as ‘insurance’ remains an obstacle, analysis of the survey results did identify seven key enablers that organisations with effective IT DR capabilities were more likely to have in place. In no particular order these were:
• Inclusive planning that takes business-IT dependencies into account
• Effective IT DR must have executive commitment and funding
• The use of up-to-date storage platforms (in 2011 this meant using disk as the backup target, rather than tape)
• Using remote facilities to store backup/DR data wherever possible
• Employing hosted facilities and cloud both for backup data storage and recovery
• Using virtual servers where possible to simplify protection and recovery operations
• Modern technology and automation to improve the speed, reliability and comprehensiveness of recovery processes
Back in 2011 many of these ideas were relatively new. Today they are not, and the DR technologies now available even to small organisations should allow far broader IT DR capabilities to be put in place. There are even DR-as-a-Service offerings now.
Be Prepared – but that requires budget
But without budget, and especially without testing, the potential risks to the business are bigger than ever. It’s time for small and midsize businesses to look at IT DR with a new focus. There is no magic bullet, but a little investment of time and money could keep the business running when disaster strikes. Remember the advice of the Hitchhiker’s Guide to the Galaxy – “Expect the unexpected”. In 2021, that requires no great leap of faith.
If you would like to see how prepared for disaster small business IT was in 2011, please take a look at the original report here.
Tony is an IT operations guru. As an ex-IT manager with an insatiable thirst for knowledge, his extensive vendor briefing agenda makes him one of the most well informed analysts in the industry, particularly on the diversity of solutions and approaches available to tackle key operational requirements. If you are a vendor talking about a new offering, be very careful about describing it to Tony as ‘unique’, because if it isn’t, he’ll probably know.