Now that Canadian businesses must not only access their data, but continuously protect it, they are increasingly turning to full-service managed IT services providers (MSPs) like XBASE Technologies to provide disaster recovery plans that guarantee service continuity.
A disaster recovery plan (DRP) is an IT-focused set of processes or procedures that allow quick resumption of data-reliant business functions in case of a disruptive event, like a power outage. eCommerce websites, for example, rely on servers to deliver their data, and may go down for minutes or hours at a time, making them lose precious customers. To prevent this, a DRP can include uninterruptible power supply (UPS) devices and natural gas generators, letting business run as usual while waiting for power to return.
It’s easy to recognize the need for a DRP, but sometimes false notions prevent decision makers from embracing it with urgency. With that in mind, let’s learn more about five of the most common disaster recovery myths that may put your business at risk if you follow them.
#1 – Creating a disaster recovery plan begins - and ends - with IT Systems
While evaluating availability risks of your IT Systems seems like the obvious first step in making a disaster recovery plan, it is not. This is because operational disruptions can be caused by so many things that have little to do with IT systems.Plotting out recovery from only IT failures will lead to many gaps in your plan to deal with business continuity issues.
Instead, a disaster recovery plan must be seen as part of a much larger business continuity plan, which begins with a business impact analysis (BIA). Managers are given BIA questionnaires that require them to pinpoint the possible impacts interruptions may have on the business processes they’re in charge of, including delayed sales income, contractual penalties, lack of invoicing/AR, and loss of brand reputation.
Related article: Every business needs a disaster recovery plan
The surveys are then collated into a report that 1) documents the potential financial impacts; 2) compares such costs against the costs of recovery strategy options; and 3) sets the sequence of events for restoring the business, giving priority to processes with the largest financial and operational impacts. THEN we can start to talk about IT System recovery as they support the recovery of the business functions.
IT disaster recovery planning must therefore be in line with the priorities of business restoration that were set during the BIA. Reputable service providers will define risk according to business impact, so if an MSP insists on beginning a BCP consultation by talking about buying UPS devices and shuffling tapes… call someone else.
#2 – An organization that already backs up its own data doesn’t need DR services
Having internal backups of your data is nice, but their usefulness is determined by both their recency and their recovery time. Data contained in a backup created today might no longer be relevant a week from now. To assure data recovery in the event of a disaster, internal and external backups must be made at a frequency and cost that even large corporations might not be able to sustain.
What’s more, backups are only one part of a DRP. You’ll also have to consider how long it will take you to recover to an acceptable point in time (known as Recovery Time Objective and Recovery Point Objective) once an incident occurs, as well as the steps you’ll take once the crisis is over.
Outside of MSPs, it’s rare for a firm to be able to implement a DRP without outside help.
Related article: Every business needs a disaster recovery plan
#3 – DRPs are primarily meant to address natural disasters
This may be the most persistent myth because of the term “disaster recovery.” When we mention “disaster,” we immediately think of earthquakes, volcanic eruptions, or flash floods. Indeed, these lead to operational disruptions, but there are far more common occurrences that interrupt businesses. Among these are cyberattacks, power outages, hardware and/or software failures, and human error.
In creating a DRP, executives, together with their MSP, must factor in ordinary causes of disruptions, and perhaps even give them greater weight than the rarer ones.
#4 – Regular operations don’t have to factor in DRPs
This couldn’t be farther from the truth. The whole point of having a DRP is so that a firm can continue to operate as if it was like any other uneventful day. Much like how earthquake and fire drills are implemented so that staff quickly transition from normal to emergency mode, teams must also be trained in disaster recovery procedures so that they know what to do once a catastrophe happens.
With proper guidelines in place and sufficient training hours spent, your staff can meet your Recovery Point Objective (i.e., the amount of time that can pass before too much data is lost) and Recovery Time Objective (i.e., your time limit for getting your systems back up and running again upon declaring an emergency).
#5 – All providers of cloud services or managed IT services are automatically and exclusively responsible for disaster recovery
While cloud service providers and MSPs have a responsibility to keep your data secure, it is dangerous to assume that they’ll also handle disaster recovery for you.
Firstly, a service provider might not have the operational capability or subject matter expertise to deliver such a service. Secondly, even if they are capable, disaster recovery plans may not be explicitly included in your services agreement with them. Thirdly, business models vary wildly from company to company, so a “standard” or automatic Disaster Recovery service offering/DRP may not be right for your firm. Finally, you also have a share in the responsibility of disaster recovery in terms of employee training and DRP testing.
However, a full-service MSP such as XBASE Technologies will be there with you every step of the way, helping you to scope, define, implement, and test a Business Continuity/Disaster Recovery plan, and explicitly detailing and costing the service in writing within your service agreement.
Drop us a line to learn more about how a disaster recovery plan can ensure service continuity for your business. You can rely on our expert consultants at XBASE to identify and address your needs.
Related article: Every business needs a disaster recovery plan