Protecting your business

From a business perspective, how do you define a disaster? From the CEO's view point this would be the inability to trade. In the vast majority of cases this would be correct. If a company cannot manufacture components, then they cannot sell them so they would not survive in business for very long.

 

Remember the value to the Business is not the hardware or networks that enable the Business to operate. These are purely the glue that holds everything together. The real value to the Business is the data. Without the data the Business will suffer. This is the asset that needs to be protected at all costs. Loss of data could mean loss of business.

 

With the ever growing reliance on IT to enable businesses to operate, the importance for the underlying hardware, software and infrastructure components to be resilient is paramount. Resilience is typically achieved by having at least 2 of everything; dual power supplies, multiple routes to the same data, dual data centres to name but a few.

 

Disasters, by their very nature, cannot be predicted, in their intensity, timing, or effects. However, all businesses can and should prepare for whatever might happen in order to protect themselves against loss of data or, worse, their entire business. It is too late to start preparing after a disaster occurs.

 

To mitigate the effects of a disaster, careful planning needs to be undertaken. Every Business should develop a Business Continuity Plan (BCP). The BCP describes the processes and procedures a business should put in place to ensure that essential functions can continue during and after a disaster. The BCP seeks to prevent interruption of mission-critical services, and to re-establish full functioning as swiftly and smoothly as possible.

 

Disaster Recovery Planning is a logical subset of the BCP process, which focuses on continuity of IT operations.

 

From an IT-centric perspective, outages are classified as planned or unplanned disruptions to operations. Planned outages would equate to typical operations such as backups, software and hardware upgrades. However unplanned outages could be caused by a failure in the software, hardware or infrastructure. Many DR recovery plans focus mainly on the risks within the Data Centre (DC), however it should be recognised that many issues can arise beyond the DC. These may include network failures, software errors, natural disasters, power cuts, malicious attacks etc.

 

Business continuity is achieved through rigorous planning, strategy, and process development. Part of the BCP planning stage quantifies the critical business processes, the cost of downtime, and the risks a business could face. The risks help to justify the means by which a business builds availability, disaster tolerance, and disaster recovery capability into the IT infrastructure. The supporting IT infrastructure is closely associated with the Disaster Recovery Planning process.

 

The enterprise cost of downtime varies from industry to industry, but in general the costs can be staggering. Understanding the risks and the associated cost of downtime for your business is a critical element of the planning process. Lost revenue is only one portion of the comprehensive loss which could be sustained during an unplanned outage. Consider further items such as Service Level Agreement penalties, idle employees or contractors, lost business as companies go elsewhere, damage to you brand image. These are but a few of the items that could affect a business.

 

Due to the ever developing nature of Businesses, a Business Continuity Plan needs to be fluid in nature, and should be regularly tested and refined in order that it achieves the ability to recover a Business in the event of a disaster.

 

It doesn’t take a business analyst to realise that the costs associated with creating and assuring availability for the business rise dramatically as you approach the requirement for 100% availability. The real challenge is defining the balance between the relative cost of downtime and the cost of maintaining availability for critical business processes.