If you look back just 30 years, it’s apparent how much technology has shaped the modern business landscape. Odds are that your company is not able to function without Internet, email, cloud, Software-as-a-Service, etc. – and you’re not alone. According to a survey from Hartman Executive Advisors, “97 percent of middle market executives depend on technology for organizational success.”
Once exclusively considered a business efficiency tool, technology has now evolved to become a driver for revenue and competitiveness, a new focus that demands IT systems remain available for use, regardless of the scenario. Organizations have developed an array of plans to guard against downtime risks – business continuity, security incident response, IT disaster recovery (IT-DR) – yet no matter the label and perceived differences, these plans all serve the same goal: keep the company running.
To match this always on demand, IT-DR must be connected to the wider goals of the company to account for every need. This makes the IT department integral to business success and the realm of IT-DR much more than just technology. In fact, there are multiple factors that need to fit together for an IT-DR plan to be successful. In addition to my thoughts on these factors, read on to hear from clients and industry leaders who have successfully implemented IT-DR using a Disaster Recovery-as-a-Service (DRaaS) approach.
What’s the Strategic Outcome?
The first component of a successful IT-DR plan actually takes place before you start your IT-DR plan. This includes opening a dialogue with the business to understand how IT-DR fits into your company’s business continuity plan (BCP), since the goal of IT-DR is to assist the BCP requirements that other business units have outlined. This means posing a series of questions: who cares about what, how long can you reasonably operate without it, to what extent do you need to prove capabilities, etc. These conversations provide IT an opportunity to educate the organization on the interdependencies of technology and that solving IT-DR is bigger than simply adding new, improved DR tools that will spin their applications back up within minutes upon disruption. IT-DR is not just another IT project.
“An important part of successfully implementing DR is managing expectations. It’s easy for those outside of IT to think of it as just another app that requires nothing more than the tap of a button to initiate a successful failover. DR is a complicated process that requires the participation of key people and a carefully constructed and tested playbook that accounts for the unique variables of every organization,” explains Jeremy Langohr, IT manager at Robarts Clinical Trials, Inc.
Assess Your Current Capabilities and Capacity
IT leaders should assess the needs of the organization, the size of their team, and budget to choose the best strategy. Few organizations can suffice with simply doing onsite and/or offsite backups to protect their data. Most need to consider IT-DR that can enable faster recovery, and they must also consider the array of responsibilities that an IT-DR plan entails, from implementation, ongoing monitoring and maintenance, testing and actual recovery declaration.
Backups are a great way to archive data and in some cases they can be used to restore applications, but they are one of the slowest technologies to recover. Depending on your back-up strategy (including off-site vs. on-site) it could take hours or even days or weeks. Earlier in my career I worked for a firm whose back-up strategy was to use tapes and to take those tapes off-site. However, to them “off-site” was the trunk of the system engineer’s car. This was not very secure, and depending on the scenario of the disaster, not very accessible either.
Sherry L. Gini, chief operating officer of Goldberg Kohn, explains her legal firm’s goals by saying, “We wanted assurances that we could be operational within a set amount of time and without hiring additional staff, and we couldn’t offer that guarantee to leadership with an in-house strategy. We also determined through our analysis that we wanted a hybrid solution—so a DRaaS provider made the most sense for our goals.”
Ensure Your Unique Technology Requirements are Met
Every company has unique characteristics and a unique IT architecture, so a one-size-fits-all solution is usually not the best choice. The key is to address your immediate needs and enable flexibility for the future. A great partner in IT-DR will care about your objectives as much as you.
When it comes to choosing the right technology strategy for recovery, do not jump right in without having first tiered your applications into groups of importance. This will ensure your IT-DR plan addresses the dependencies of what needs to be available and what needs to be the fastest versus the slowest based on the priorities of your organization. From there, you can achieve a balanced budget by investing more on top-priority systems and less on those that are not as critical.
Do Not Forget the People and Process Side of IT-DR
A successful IT-DR plan depends upon your IT team understanding its role in managing the strategy. This means knowing the capabilities, expertise, personnel bandwidth, and budget it takes to keep a pulse on the effectiveness of your plan, the testing, and what needs to happen upon a disaster declaration.
This also requires managing expectations between the IT department and the rest of the business. How long will the recovery process take to return everything to normal? Is this target timeline realistic with your IT team’s capabilities? Sometimes an IT department might overlook some key aspects when communicating recovery times to executives. For instance, all applications must undergo quality assurance before they return to end users. With so many applications coming back online at the same time, in what order should each one be processed? If there’s no plan for the quality assurance step, you’ll wind up with a lot of unnecessary scrambling added to the recovery timeline.
Beyond the recovery capabilities and expectations, consider what it will take to manage your IT-DR plan day-to-day. Langohr claims this was the most time-consuming component of IT-DR before he turned to DRaaS, saying, “Setting up replication to a remote repository is easy enough in our cloud-enabled world, but managing the licensing, compliance, testing, validation, patching, and upgrading of the infrastructure is a full-time job with no vacation.”
Documentation Drives Clarity in Disaster Preparedness
To ensure success, IT departments should appoint a dedicated network of professionals to manage their plan’s maintenance and execution. Outline DR responsibilities beforehand, so people know what they are tasked with (and be sure to document these responsibilities for transparency). Since an IT-DR strategy demands constant nurturing, it may be helpful to view your plan as a series of ever-repeating lifecycle stages: analysis, development, implementation, testing, and iteration. Make sure clear responsibilities are outlined at each stage.
Talk with your business about the declaration process and when to declare for specific scenarios. The same event will not strike your business every time, so why would you consistently test the same scenario? Natural and technology disasters can affect a business differently. Those with experience in IT know that disasters will come in different scenarios and magnitudes. Some might be a malicious attack that takes down a specific application. Another scenario could be human error that causes a SAN outage and down go numerous mission-critical applications. Other events are even more catastrophic such as a failure of your UPS system – or even worse, a natural disaster that destroys your datacenter. The point is, your team must be prepared to respond to many types of events, and that response will only be as good as the types of scenarios you have tested for and documented thoroughly.
For this reason, it is essential to build scenarios into your testing and documentation where key individuals are not available. After all, the purpose of testing is to identify gaps in your IT-DR plan, which may also reveal areas to improve your organization’s business continuity strategy. We recommend building out a detailed recovery playbook with clear roles and responsibilities across a variety of scenarios. Disasters do not just happen Monday through Friday from 8-5. They also happen on nights and weekends or when key individuals from your team are on vacation. If a natural disaster affects your data center, it is reasonable to assume it will also affect members of your team’s family and homes as well. Do you think your company’s disaster recovery plan or their family is going to take priority for those team members? Build test plans that will identify the impact missing some members from the recovery team will have and document how to mitigate those gaps. Then, most importantly, ensure multiple team members have access to those playbooks and those plans are stored in a remote location.
This type of work is essential to ensuring IT-DR success and illuminates the need to consider expertise and ongoing process in addition to the right technology.
Ensure Organizational Buy-In
Sometimes it can be difficult to get company-wide buy-in for your IT-DR plan. Socialize the need for effective DR as you go about assessing the needs of the organization, either through a formal process such as a business impact analysis (BIA) or a less formal process with the same objective. Most importantly, ensure consideration for everyone’s most important stakeholders—your customers.
The key is to emphasize the end result, so you and the business can reach a common understanding. Gini emphasizes this point, saying, “DR is an insurance policy for a disaster situation so it can be difficult to convince leadership of the necessity for it. Even when clients require it, it can be challenging to get buy-in, but with the level of sophisticated clients we service, we needed a top-notch solution.”
A failed IT-DR plan can often have massive ripple effects on the rest of the business. Wider business continuity strategies often depend on your IT-DR plan working successfully.
Consider the strategic outcome, the technology capabilities, and the people and process aspects when selecting, implementing, and managing your IT-DR strategy. This will help to ensure revenue-dependent operations remain available for competitiveness. Not to mention, it also encourages innovation and a meaningful perception of your IT department.
Jeff Ton is the executive vice president of product and service development at Bluelock.