Organisations of all sizes continue to struggle with fundamental disaster recovery capabilities, which along with affecting productivity and profitability are also hindering strategic initiatives like digital transformation.
The bulk of this burden rests on the shoulders of CIOs, but the good news is that there are a few tools you can use to create a more effective DR strategy – and one that the whole company is on board with.
First things first, you need to step back and take an honest look at your current environment. Start by making a long list of the disasters, failures or faults your systems or datasets might face.
Cataloguing and rating the threats to your company’s survivability will demystify them, making them more approachable and resolvable. Most things are scarier when your back is turned, so having this kind of knowledge will empower you and ensure you make better decisions. And remember, you don’t have to address everything all at once; prioritising potential vulnerabilities will help you to save time and money.
Don’t assume that this audit stops at your organisation’s borders. If you outsource or host data or applications with external vendors, review your SLAs so you know exactly where you stand with them in the case of an outage or downtime.
This is where you should consider conducting a Business Impact Analysis (BIA), to get an idea of how much downtime your organisation can handle. This doesn’t have to be a depressing exercise – you might find that you have a higher fault tolerance than you think!
The point of a DR strategy is to ensure you can recover quickly from a disaster should one occur, but you want to do everything in your power to avoid this situation from happening in the first place!
The trick to facing the brave new world of cyber threats, breakdowns, data corruptions and downtime is to be predictive rather than reactive. Panicking and throwing money and people at a problem when it happens is not only going to take them away from duties they should be applied to, it's going to cost more to mitigate than the money you would have spent protecting yourself against it in advance.
If a DR strategy and all its elements are not tested regularly, you’ll never know if you’re truly ready for a disaster. You need to identify the vulnerabilities in your software environment early on to prevent any unwanted surprises down the track.
This is where a sandbox environment comes in; having your own DR testing capabilities will enable you to see the point at which critical applications might fail. In turn, you’ll be able to develop informed response policies and contingency plans.
You can have the most robust, well-documented plan in the world, but if it’s not communicated effectively to the rest of the business, it’s useless. Successful implementation of a DR strategy depends on people as much as it does processes, and this is where your non-technical, ‘soft’ skills come into play.
The human element is one of the biggest sources of information security risk identified, as well as one of the most difficult to control. According to a recent Deloitte survey, 70% of organisations rate their employees’ lack of security awareness as an ‘average’ or ‘high’ vulnerability.
Employees without sufficient awareness of security issues can unwittingly put the organisation at risk by accessing the corporate network from unauthorised devices, downloading malware propagated via email, responding to phishing scams, or saving corporate data to personal cloud services such as Dropbox.
Situations like these can be avoided by educating employees around the potential risks and making DR part of an ongoing conversation. It’s up to CIOs to open the lines of communication between functions and foster a security conscious culture whereby every employee is informed, aware, and accountable for their actions.
In this way, the focus is on securing information from the inside out, rather than protecting information from the outside in.
As organisations embrace the cloud and other digital technologies, the pressure is on CIOs to modernise IT systems whilst keeping them available for critical business operations.
A DR strategy aims to relieve this stress, but sometimes a lack of planning, resources, testing, and poor execution can render it inadequate. However, with a proper audit of threats, a sandbox environment to play around in, and two-way communication between IT and the business, this can all change!
You may also enjoy Lessons from a Cyclone: how fixed wireless networks can save your business in a natural disaster and Disaster Recovery in the cloud: which model best supports digital transformation?