The benefits of planning to fail to avoid failing
We go through how to create and deliver on a solid DR strategy so that neither your business – nor your customers – have to suffer
Data is the lifeblood of any business. It offers a competitive advantage and provides a rich tapestry of knowledge that employees can use to work with colleagues, serve customers and drive increased business value.
While the day-to-day cogs of business are turning, data comes in and out of your business and all is well. Customers are in the main happy and employees are able to do their jobs and add value to your bottom line.
But what if something happens. Something that you were aware of but hoped wasn't headed for you, or even something that occurs that's completely leftfield? Are you prepared?
"Data protection is essential for every business and its importance cannot be underestimated for DR and prevention of data loss as a result of more day to day incidents. Yet even after several decades of effort, backup and recovery functions often resemble less of a science and more a dark art in many organisations," said Tony Lock from analyst firm Freeform Dynamics.
"Why? Well from a practical perspective, Freeform Dynamics research has consistently shown how difficult it can be to protect data that is increasingly spread and replicated across many locations, including the cloud, departmental servers and user devices. It also illustrates how hard it can be to get hold of budget to improve the situation."
Business seatbelt
In consumer and business life we don't generally prepare for the worst. We prefer to be positive and hope the worst won't happen. However, SMBs cannot afford to adopt and continue this attitude. A lack of preparedness for bad things is akin to SMB kryptonite
While enterprises live or die by their reputation and customer loyalty, they are often big enough to absorb the effects of and survive a blip. SMBs are not so fortunate so there is much more at stake that needs to be fiercely protected.
Financial and human resources are in short supply for the average small business, however, backup and DR are areas where you really do need to invest. You may think of it as money you'll never see a return on, however, if you plan properly, the measure of success will be just that never needing to see a return as you'll be protected.
It's a bit like buying car insurance. You purchase it in case you ever have a crash. But who would put their hands up as wanting to crash their car if they could avoid it? Similarly, some people hate seatbelts. They can be annoying and restrict movement. However, they could also save your life
Forewarned is forearmed is a term often used and it rings true for SMBs when it comes to backup and DR. If you've already got some plans in place, now is a good time to take stock and review them (as you'll see later on, a solid DR strategy does not sit on a shelf gathering dust. It evolves as your business and the threat landscape changes). If you don't have one at all, now is the time you must sit up, listen to good advice and take action. If you don't, you'll only have yourself to blame should the worst happen
Planning to fail vs failing to plan
Is it better to have a plan that doesn't quite work out as planned or have no plan at all and head, full pelt, into panic mode? It doesn't take a genius to work out the answer to that one, does it?
So let's apply the same common sense and logic to business.
"The value of data makes it even more critical for businesses to protect," Lisa Person, director of CompTIA's Managed Services Community, in a blog post
CompTIA has introduced a tool to help SMBs assess the negative value of any downtime to help crystallise exactly what's at stake. SolarWinds also offers similar tools to ensure small businesses become risk intelligent' rather than risk ignorant' or risk averse.'
"SMB customers don't seem to always understand the cost of their systems being down, which is specifically why this tool was created. You fill in the information about the company and you can calculate the overhead cost per hour. Add in the data related to your recovery process, and you can calculate the cost for every hour you're down," Person added.
"You don't want to be down for more than an hour. A lot of people don't know this, but overhead cost per hour tends to be about half of what the wages are."
Recognising what's at stake
So we know what's at risk, so how do we get that much-needed plan in place?
Firstly, it's a case of going back to basics and assessing and re-assessing where your business-critical priorities like and where your business would be most hurt should something go wrong.
Once you have that list in place, you can go about setting up sub contingency plans that cater to each area of the business. DR is never a one-size-fits-all solution and that applies as equally to different sectors and business sizes as it does to different areas of the same business.
David Norfolk, from Bloor Research, recently offered this very valid viewpoint.
"It is not unknown for a company to recover all its IT and data after a disaster, only to find that the business still can't operate, because key people or communications links aren't available (of course, this is less likely if you actually test your business continuity plans regularly). I'd also note that customer communication is important, if customers might be impacted by an incident (or hear about it on Twitter) - letting your customers know that you are still around and in control of the situation (especially after a visible or newsworthy disaster) is probably even more important than getting a broken database back on-line," he said.
Norfolk added: "I also think that business continuity (or disaster recovery and so on) is one area where a company might not (I hope) have a lot of internal practical experience to call on. Engaging with a third party specialist may make economic sense, not least because a third party can "speak truth unto power". Telling the CEO that his demand for 0% downtime, and 100% security at zero additional cost is unrealistic may be seen as "negative thinking" and will probably be career limiting.
Nevertheless, business continuity is well worth investing in - I believe that a significant number of companies suffering a major and visible outage go out of business further down the line, without necessarily realising that (whatever the immediate cause), their problems started when customers lost trust in the company, and started looking at the competition, back when a major outage was mishandled."
Sage advice indeed. And advice SMBs would do well to do more than pay lip service to.
SolarWinds MSP's Nick Cavalancia recently offered some great advice on the company blog
"I've been in IT for over 25 years and spend much of my time rubbing elbows with IT pros that specialise in certain parts of the industry. So, when I talk a lot (and I do) about backups, there's sort of an assumption that the IT pro I'm interacting with has the basics down," he wrote.
"But, as those of you in SMBs know, it's never that easy. You have so many hats (including backup) to wear, that you often need a little push in the right direction so that you don't need to try and reinvent the wheel as it were.
So, what's the right way to plan out your backup strategy for small business?"
First, you need to be asking (and then answering the right questions), Cavalancia advises.
Why do you need a backup at all? Would perhaps be the most obvious one, but one that is often overlooked or responded to with action without really thinking it through.
A backup is essential, for the following key reasons cited by Cavalancia:
- Revenue stops in a certain area when part of your business is down.
- It doesn't matter that you're an SMB running your business on your own with just family assistance, customers expect 24/7/365 operation.
- No backup means rebuilding. And that takes way more time that reinstating.
Once you've got your head around the fact backup is an SMB necessity, you need to decide how to do it. You have the choice of on-premise, in the cloud or the best of both worlds through a hybrid mix of the two. For many, the latter is the best option as it offers greater certainty in the face of disasters of the natural kind.
The next question after why is what? What needs to be backed up?
"In a word? Everything," said Cavalancia.
"The whole point of disaster recovery for a small business is to provide an ability to recover regardless of the loss incurred. One of the simplest ways to accomplish this is to perform image-level backups, where the entire system (whether physical or virtual) is backed up as a single data set (more on this later).
"Given, you may be reading this because you don't have your backups in proper order, you should at very least be considering the backup of critical servers and services that you know your business can't be without for very long."
The basics are now in place, but they need to become fact rather than theory. And that requires testing. You don't want to wait until the worst happens to check that your DR and backup plans actually pass muster, do you? Would you do the same with a fire drill at work? Same principle, right?
"This both the hardest part (because who has the time and resources to mock up a disaster and then test recovery?) as well as the most critical (because without testing, your plan isn't worth the paper it's written on)," Cavalancia advises.
"Testing, at a minimum, can be a table-top session with those involved with the recovery process where you walk through the steps together discussing what may go wrong and what to do about it. At a maximum, you'd perform an actual recovery to an alternate server, location, etc. testing out the backups you have, ensuring an ability to recover."
Want to know more about disaster recovery? Click here to download the whitepaper.
This is an independent article written by IT Pro, sponsored by SolarWinds MSP to celebrate thought leadership in IT. Learn more about SolarWinds MSP's Backup & Recovery and enjoy a free 30-day trial by clicking here.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Maggie has been a journalist since 1999, starting her career as an editorial assistant on then-weekly magazine Computing, before working her way up to senior reporter level. In 2006, just weeks before ITPro was launched, Maggie joined Dennis Publishing as a reporter. Having worked her way up to editor of ITPro, she was appointed group editor of CloudPro and ITPro in April 2012. She became the editorial director and took responsibility for ChannelPro, in 2016.
Her areas of particular interest, aside from cloud, include management and C-level issues, the business value of technology, green and environmental issues and careers to name but a few.