A Business Continuity Plan Needs To Be In Your IT Budget
So, the time has come again (or maybe it’s your first time) to do your IT budgeting for your business. With business computing’s rapidly evolving landscape, it’s not surprising that the task of planning and implementing IT budgets has recently gotten to be more of a headache. IT budgets need to account for much more than simple hardware and support costs. You now have to account for the plethora of cloud services your employees may use, as well as for the many layers of security components you now need to safely do business in the midst of emerging cyberthreats. Modern-day IT budgets demand that your financial team be more acquainted with technological specifics than in the past. As the president of an IT consulting firm, of course I would be remiss if I failed to mention the importance of involving an IT expert (whether it be your own IT staff or outsourced expertise like my company provides) to assist in the process. But, regardless of whether you seek expert help or choose to face the challenge on your own, there is one crucial item that should not be overlooked. In fact, it should absolutely be at the top slot of your IT budgeting list: Business Continuity.
Backup vs. Disaster Recovery – What’s the difference?
There are a lot of terms thrown around in the IT world as they relate to both protecting your company’s data and decreasing your overall downtime. In the beginning, there was just the term “backup,” which meant a copy of your files and data that was stored on hardware or media other than your file server (usually backup tapes or floppies in the old days). Ideally, you stored them offsite, but most small businesses neglected to do this. In fact, even with the advent of cheap USB external hard drives and simple backup programs, businesses embraced the low costs but neglected the importance of keeping copies or extra drives offsite. Even worse is the fact that hard drives fail more often than tape media did. Some companies now use inexpensive cloud backup services like Mozy or Carbonite, which is an improvement over swapping tapes or drives when it comes to offsite backup storage. However, even cloud-based backup services are nothing more than a second copy of your files stored in a separate location. Cloud backup products are not the same thing as disaster recovery, and they certainly don’t encompass a full business continuity solution.
How a backup routine differs from disaster recovery is this: backups do not guarantee that your business will be up and running when disaster strikes; they only give you a copy of your files. And, your backup is only as good as your last restore attempt, meaning that, unless your backup media or service is tested regularly, you won’t know if the files are usable when you really need them. By comparison, a true disaster recovery solution addresses not only backup copies of files, but also both the integrity of those files and the recovery time objective. Inexpensive backup schemes don’t guarantee that a backup file isn’t corrupt or unreadable, and backup hard drives can fail without notice. Online backup services don’t often check the integrity of their cloud backups either. Even worse, if your business were to sustain a catastrophic loss of data, such as multiple drive failures in your server, or a flood or fire, it could take days or even weeks to get your business up and running again. You would need to buy new server hardware and possibly find a temporary office location with internet access, and then you would have to restore all of your files via the cloud. Depending on the speed of your connection and the amount of data, this step alone could take days.
So, if you plan to stick with your cheap backup routine to keep your expenditures low, know this – your backup is not disaster recovery; it’s only a part of a comprehensive DR solution, and depending on the type of backup, it may not even be a suitable component. You are saving on expenditures in the short run, with the potential of incurring huge financial losses in in terms of remediation costs, downtime and lost productivity should a disaster strike. You need to ask yourself if short-term savings is worth the risk of permanently damaging your reputation with your customers, and possibly shutting your doors for good.
How About Disaster Recovery vs. A Business Continuity Plan?
As we’ve seen, a simple backup routine, whether it be on-site or in the cloud, is wholly insufficient to be considered a full disaster recovery plan in and of itself. But, what about business continuity? It’s probably the newest term of the three, and it may seem rather generic. But, business continuity encompasses not only disaster recovery (which, in turn, can include several type of backup routines), but also includes methods and solutions designed not only to withstand disasters and downtime but to effectively avoid and eliminate downtime altogether. A proper business continuity plan includes several components:
- Both on-site and off-site backup repositories
- Technology to enable business operations from another location in the event of catastrophic disasters (e.g. fire, flood, extended power outages and other “Acts of God”)
- Technology to resume operations quickly after localized disasters (e.g. ransomware, hardware failure, user error)
- Power conditioning and battery backup systems to maintain power during brief outages
- High availability for mission-critical applications (e.g. cloud-hosted email and applications)
- Failover internet connectivity in locations where access is mission-critical
- Documented policies and procedures for disaster recovery management
- Scheduled DR testing and “dry run” scenarios
- Training for employees not only in disaster scenarios, but also malware avoidance and security best practices (this is probably the most overlooked, yet arguably most important component)
As you can see, a business continuity plan is a lot more than just protecting files from accidental deletion. An effective business continuity plan covers several layers of technology, but also addresses policies, procedures, and even employee training concerns. Once you start to dig into the many aspects of IT budgeting as it relates to business continuity, it becomes clear just how intimately your business technology interacts with every aspect of your day-to-day operations. So, investing wisely in a business continuity plan is creating an overall insurance policy for your productivity and your assets, as well as enabling a kind of disaster avoidance mechanism to reduce the chances you will ever need to lean on that insurance policy. To use an analogy, automobile insurance is a very good idea (in fact, it’s required!) but the combination of a good insurance policy, a defensive driving course and a driver with good judgment and reflexes is far superior to the insurance alone.