Revue des articles sur les méthodologies de pilotage de projets et de la gouvernance des systèmes d'information.
techniques de gestion de projets IT et informatiques,
stratégie et tactiques pour les SI.
The IT Watcher.
What will it take for businesses to get it? "It" being the importance of implementing solid disaster recovery and business-continuity plans. After witnessing the devastating effects of events such as 9/11, Hurricane Sandy, and countless other earthquakes and hurricanes around the world, too many businesses still have a lackadaisical attitude about disaster recovery planning.
It may be that too many of the disasters happened too far away, to other people. And there's no denying that we've all become a bit jaded about anything we see on television. Furthermore, far too few news programs cover the long-term aftermath of disasters, in which businesses struggle (and all too often, fail) to get themselves back on their feet. That is not, however, to say that sobering—even bleak—information on the reality of the challenges of disaster recovery isn't available.
Here are some troubling statistics:
96 percent of all business workstations are not being backed up (Contingency Planning and Strategic Research Corporation),
30 percent of small business will experience a natural disaster (National Federation of Independent Businesses),
60 percent of companies that lose their data will shut down within six months of the disaster (National Archives & Records Administration in Washington), and
93 percent of companies that lost their data center for ten or more days due to a disaster filed for bankruptcy within one year of the disaster. (National Archives & Records Administration in Washington).
It's also worth noting that we're not just talking about mom-and-pop businesses here. One of Samsung's backup data centers caught on fire and prevented users from accessing apps from their Samsung devices. Apparently, there was some oversight at Samsung—a global enterprise—about the ramifications of a disaster at this location.
This is not to pick on Samsung but rather to make a point: Having a contingency plan is a critical part of being a responsible business, whether you're one of the top tech businesses in the world or one of the thousands and thousands of SMBs that make up the backbone of the economy. There's no business that can safely avoid planning for the worst.
What's the Worst That Could Happen? Luckily, with a slew of technologies, including cloud services, mobile devices, and virtualization, small businesses have an abundance of tools and options to create and deploy adequate emergency preparedness policies and plans. Unfortunately businesses owners are bombarded with ads and pitches for disaster recovery wares to the point where they may become overwhelmed. There are many capable and affordable solutions out there, but some may be overkill for SMBs. And some of the pitches seem calculated to sell by spreading fear.
The first order of business is to stay calm and assess your needs. Take the time to thoroughly assess the types of disaster scenarios you need to plan for, so that you can understand what solution is right for you. Some key questions follow.
Which disasters are most likely to strike? This does not mean you should not have an overall contingency plan. Rather it means that you should also understand local threats. A business in California will, of course, have to worry more about earthquakes than a business based in New York. Likewise, a business at sea level in New York should probably consider flooding as a likely problem.
What data, hardware, and software are of the utmost importance? This can help you rein in costs of deploying a disaster recovery solution. For example, many cloud-storage solutions charge by the Gigabit. That database containing all of your customers' information is important. That folder containing years and years of images from all the past office holiday parties is not.
What data can be accessed offsite without violating security or corporate compliance regulations? Depending on the nature of your business, you may have critical compliance issues to consider as part of your planning.
Which employees, partners, and customers must have access in an emergency? Most people now have company-issued or personal mobile devices. Include them in a contingency access plan. Consider VPN and the many other remote access services that are available, too.
Keep Calm and Plan for the Worst After a preliminary assessment of your businesses' disaster recovery needs, there are a series of steps you can take next to put your disaster recovery solution and strategy into place.
Document your disaster recovery plan. This critical document should detail every conceivable emergency that could reasonably befall your organization, pinpoint mission-critical applications and systems, and be signed off by all key figures in your organization. This includes executive management, human resources, and those responsible for facility management. For specific details on this step, read Disaster Preparedness: Creating a Plan. Make sure that this document is easily accessible by everyone concerned during a disaster. It's no good to anyone if it's only stored on a server in a flooded basement.
Put your plan into execution. This is the legwork phase when you need to choose and implement the tools and technology needed to put a disaster preparedness plan into action. Read Disaster Preparedness: Executing the Plan for more suggestions.
Train, train, train. Having a solid disaster recovery plan doesn't help your business if your employees don't know it inside and out. Once you've decided on the equipment and services required to keep the lights on (even if it is at a remote location), it's time to start training staff and holding emergency drills. These can be as simple as fire drills and as complex as operating from a remote site for a day or two, just to make sure it can done. I cover this all in more detail in Disaster Preparedness: Training.
Keep your plan up to date. It's important to evaluate and tweak your contingency plans on a regular basis. Disaster recovery technology is evolving quickly, and we hear about more efficient solutions for all kinds of businesses every day. Disaster recovery-as-a-service (DRaaS), for example, is a rapidly growing new sector.
If you run any sort of business of any size, it's your business to keep an eye on the disaster recovery industry. But there's no one-size-fits-all solution to disaster recovery. If you follow the guidelines above, however, you'll have made a good start on creating a disaster recovery plan that that fits the needs of your business.