Hurricane Katrina's devastation of the U.S. Gulf Coast in 2005 impacted countless businesses, from retail stores and hotels to major corporations. Those with disaster recovery plans in place fared much better than those without such contingency plans.
For small and medium-sized businesses (SMBs), the impacts of a disaster can result in loss of or lack of access to data, applications, and work facilities. Hurricane Katrina's devastation of the U.S. Gulf Coast in 2005 impacted countless businesses, from retail stores and hotels to major corporations. Those with disaster recovery plans in place fared much better than those without such contingency plans.
More SMBs Beginning to Plan for Disasters
While the business impacts of disasters—such as the loss of data and communications infrastructure, leaving a business unable to function—are widely understood, SMB have been slower to develop disaster recovery plans as compared to larger organizations. But that appears to be changing. According to the Yankee Group's 2006 U.S. Small and Medium Business IT Survey, after security the other major concerns of SMBs are now backup and restore and then application and data availability. Globally, spending on data protection and recovery management among all businesses will surge from $58 million in 2006 to more than $200 million by 2011, according to research from IDC.
Yankee Group analyst Gary Chen found that among SMBs, "Most are on the edge, where a couple of bad events could shut down business. They need regular backup, either traditional scheduled file-based or continuous. And they need to have it off-site and tested, to ensure they can bring up critical applications and data if headquarters is wiped out."
People, processes, training, and planning are also part of effective disaster preparedness. Here are five key steps to consider when implementing a program for your company:
Understand what data and systems are critical to business continuity
Many governments have mandated the remote replication and storage of financial, medical, and certain other kinds of data. Businesses have realized that their data and applications are their life blood. Make sure you know where all of your company's critical data and applications are located and that they can be integrated into a remote backup solution.
Identify and fix single points of failure in your network, business processes, and people
In network design, redundancy eliminates single points of failure. Make sure that network elements — including switches, routers, and other components — are redundant and enabled with software failover features. Review business processes and job responsibilities to ensure that there are similar "failover," should a process or employee become adversely affected in a disaster.
Create a workforce continuity plan
If employees can't get to their offices for days, weeks, or longer, it is important to understand what kinds of remote access solutions they need to continue being productive, based on their individual job requirements. For example:
Back office workers need access to applications and data and can probably use e-mail or instant messaging to communicate.
Other categories of employees whose jobs require a lot of collaboration may need high-availability voice-over-IP (VoIP) services along with access to corporate data and applications. The benefit of IP and Ethernet in a disaster is that they are so pervasive compared to other technologies that devices are truly plug and play.
Executives and employees who must interact with customers, partners, or the press may need remote communications solutions with guaranteed quality of service (QoS), a VoIP phone with guaranteed toll-quality service, and collaborative software applications which allows audio- and videoconferencing.
Create a disaster recovery plan
A formal plan should be initiated and endorsed by senior management and should involve all levels of personnel in your company. An inclusive process of gathering information and drafting the plan will create the necessary sense of everyone's ownership in and responsibility for disaster recovery. Every company's plan is unique, but common elements include:
Risk and threat analysis
Leadership and succession plan
Emergency response plan
Internal and external communications requirements
Human resources responsibilities
Availability of information and communications technology
Cooperation with first responders, public officials, vendors, partners, and customers
Train your staff on disaster response
Training and practicing facilities evacuation and other emergency responsibilities for certain types of disasters relevant to your business could have dramatic consequences related to personnel safety, business continuity, data confidentiality, and asset security in the event of a real disaster.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.