Disaster recovery – didn’t that go out with the mainframe computer? Unfortunately, one of the primary jobs of an IT professional is still to evaluate and manage risk as well as plan for contingencies. There is the everyday risk of judging if an upgrade or configuration change will result in an outage, and what to do in the event of that outage. Even in the best of times, it’s hard to get business units, managers, and especially budget holders to pay attention to the need for disaster recovery and business continuity.
Disaster recovery is treated as a secondary concern
Often these vital processes are treated as just secondary concerns. In many companies, disaster recovery plans sit idle, only updated every few years and never tested. The onset of the cloud era has exacerbated the problem. This is due to false assumptions and marketing about the unfailing nature of cloud services and managed services in general.
It’s easy to understand why. Cloud and managed service companies make a big deal about their reliability. They include it in nearly every piece of marketing they make, second only to the ease of use portions. It’s hard to think about organisations as large as AWS or Google having any problems. Especially if we use any other portions of a provider’s service. Amazon and your Gmail are always there, right? Most outages on those platforms end users don’t notice.
Business continuity can be at risk
It’s easy to assume that everything is always available all the time. From a statistical standpoint, it is. All the major cloud firms and the vast majority of managed service providers can show you proof-positive of their stellar uptime. So, what’s all the fuss about? Well, disaster recovery and business continuity are about those margins, those times when the unthinkable or the improbable happens. Then you need clear plans and procedures on how to bring your business back to at least minimal functionality.
Making it personal works
The easiest way to get co-workers, stake-holders, and most importantly budget holders to pay attention is to get right down to the heart of the matter. Do you want to be asked about why you denied time, money, or attention to Business Continuity/Disaster Recovery (BC/DR) if there is an outage that knocks our company out of service? Making it personal may seem underhand. However, personal consequence motivation is usually in greater supply than altruism, especially when we are talking about planning for events that have a low probability of occurring.
For the C-suite, it’s about lawsuits and jail. For everyone else it’s about your industry reputation and losing your job. Especially for budget holders who won’t pay for additional fail-over domains in cloud services.
The heart of BC/DR for companies is documented procedures and realistic plans for restoring the company to a money-making state. This will need a cross-business team and it needs to be taken seriously and if possible, driven by a directive from the C-suite. It’s not hard to find companies that have had huge money losing and PR disasters over their inability to recover from disaster, be it man-made, security, or cloud. Don’t let your company be among them. Or at least have the documentation to prove you tried to avoid it.