The consequences of high-profile cyber attacks and natural disasters we hear about typically involve large companies like Amazon or Google (News - Alert) – yet small businesses face the same escalated cyber attacks and increased frequency and scope of natural disasters as enterprises.
The aftermath of Superstorm Sandy – which pummeled its way through the Northeast last fall, leaving millions without power, cable and phones for days on end – left IT decision makers and other executives seriously considering their business continuity/disaster recovery (BC/DR) strategies. Since disaster recovery is more about preparation than recovery, a BC/DR strategy, even for small businesses that do not have a dedicated IT staff, is critical.
First, it’s important to differentiate between business continuity planning, which is focused on supporting business processes and services; and IT Disaster Recovery planning (DR), which focuses on IT service continuity.
“Hurricane Sandy was a big wake-up call for everyone, especially for those organizations on the east coast. As a result, many organizations are looking at their level of preparedness, both from a business as well as IT continuity perspective,” according to Alberto Jimenez, principal at Datalink.
Cloud-based DR is an option for consideration and is popular for many reasons, he explains.
“First and foremost, it is viewed as being cost effective and relatively easy to implement. The real benefits of DR in the cloud, depend greatly on the individual needs of each organization, and on the type of cloud (public, private, hybrid),” says Jimenez. “In general, however, the benefits of cloud-based DR often includes rapid provisioning, faster recovery, lower data loss and scalability.”
The cloud is an obvious solution for BC/DR strategies due to its geographically diverse nature and is becoming increasingly popular because costs are low, specialized skills and equipment are “built in” to the solution, and DR testing, customization and performance are all included, according to Ron Offer, CEO of managed service provider Integrity Virtual IT.
“The only issues that restricted cloud BC/DR in the past were cost and availability of bandwidth at the primary business site, neither of which remain an issue in today's market,” says Offer.
It seems like overnight the so-called Recovery as a Service marketplace has created hundreds of technology vendors, solution providers and options for the small to medium-sized business (SMB) market, which makes selecting the right provider a difficult undertaking.
“Enterprises lean on mature procurement teams to identify and manage vendors that best fit their needs. SMBs, for the most part, rely on a more tactical buying practice, based on relationships. A good tactical approach is to look for providers that can prove their capabilities. So, ask for references,” advises Jimenez. “In addition, organizations should also be able to ‘try before they buy.’ Select an application and run a proof of concept (POC) to get a good feel for how easy or difficult is going to be to provision and use these type of solutions.
That said, before running a POC, IT leaders need to take a step back and clearly determine their needs for availability and continuity, as well as a host of other things. Keep in mind that most DR as a Service (DRaaS) solutions are supported via public cloud environments. This may raise some security and/or compliance concerns.
The Path to BC/DR for SMBs
Enterprise solutions, which were once only available to the Fortune 500 market through two to three solution providers, are now available to the masses. Today, more CFOs from all sized organizations are choosing cloud-based BC/DR solutions to protect business critical applications such as ERP, CRM, payroll and e-mail, while historically, BC/DR solutions have been designed for large enterprises.
“In the past, it has mainly been larger enterprises adopting cloud-based BC/DR solutions,” explains Offer. “However, Zerto Virtual Replication has made it feasible for the SMB market by reducing the three-year TCO from a minimum of $1 million to 2 million to $250,000 to $450,000.”
Most organization are already using some type of cloud-based solution for non-strategic functions like email, CRM, payroll, etc., Jimenez adds.
“Organization that were early adopters of cloud-based DR already have mature capabilities – they understand their business needs, as well as their link to IT services; and they’ve developed and validated their BC and DR capabilities,” he explains. “For organizations that are still developing their IT continuity capabilities, they often take one of two paths. The paths include DRaaS for non-business critical systems or internal, cloud-based DR for business critical systems. Regardless of the path, it is important to validate what can run in the cloud.”
When it comes to IT service continuity or DR, some companies are looking to lower the cost of DR, while others care more about lowering their recovery times, and yet others want to build scalable solutions, according to Jimenez.
“For organizations that do their homework, understand their needs, define realistic objectives and design the right cloud-based solutions, they are more likely to see the benefits,” he explains. “However, for those organization that are taking shortcuts, cloud-based DR solutions may not deliver much value, and what’s even worst, may create a false sense of security.”
In the case of Integrity Virtual IT customers, they were able to shift operations from Virginia to Chicago to avoid risk from Sandy.
“It worked flawlessly and shifted back to the primary site after the event. They were operational through the storm, while many of their competitors both larger and smaller were incapacitated,” says Offer.
BC/DR Best Practices
The key to implementing a solid BC/DR plan is to start by understanding the organization’s business needs and strategy, and priorities – then align these needs with IT services, and look for solutions that best fit these requirements, including both internal and external cloud-based solutions.
“Each of them have significant value as well as risk drivers. When evaluating DRaaS services; make sure to understand the terms of implementation, testing and use at time of need,” says Jimenez. “Many of these services are offered on ‘first come, first serve’ basis. Also, make sure to understand SLAs, as well as vendor security and compliance capabilities.
Like any other IT transformation efforts, implementation of cloud-based IT service continuity is not without risks. Some key considerations include, technical feasibility, change management and performance concerns. In addition, organizational culture is a big consideration.
“That said, cloud-based solutions offer great possibilities for improving continuity capabilities and generating more value than their cost,” Jimenez adds. “The best way to learn is by doing, so look for opportunities to experiment and try before you buy. Start small and build from your learning.”
Edited by Stefania Viscusi