The truth about what business continuity looks like today
Here’s the thing about business continuity looks like today: it’s constantly evolving.
Over the last few years alone, newer threats like ransomware have forced organizations to rethink their strategies and deploy new technologies. And in the years ahead, more new risks will come along that will force businesses to shift their continuity resources once again.
But while the continuity landscape is always evolving, the core objective has not changed: to keep your business running in the face of a disruptive event.
Here’s how today’s businesses are protecting themselves.
When disaster strikes, it’s game over
After a major disaster, more than 40% of businesses are dead in the water, according to the Federal Emergency Management Agency. They never reopen their doors. And among those that do stay open, their survival is only temporary: roughly 70% of them close within two years.
This is why every business needs to take disaster planning seriously. Without a plan in place for preventing a disaster, or responding to it, your organization will become just another statistic.
Business continuity vs. disaster recovery
So, what’s the difference between business continuity vs. disaster recovery?
The two terms are often used interchangeably, but there are subtle differences between them. The key thing to remember is that business continuity is a large umbrella term that encompasses virtually everything to do with keeping a business open after a disaster. Prevention, response and recovery are all fundamental parts of that process.
So, “disaster recovery” is technically just one component of business continuity: it’s the steps and systems that a business uses to recover after disaster strikes. Often, the terms are combined into a single acronym, BCDR.
9 crucial parts of what business continuity looks like today
Business continuity today is a multi-pronged approach. Companies that do it correctly are proactively addressing their risks and implementing measures that minimize the chances of a major disruption.
The most crucial parts of business continuity management include:
- Business continuity plan: the written document that outlines a company’s entire approach to continuity, clearly detailing all of the components listed below.
- Recovery team: personnel who are actively involved in the continuity strategy, identifying risks, proposing solutions and carrying out recovery procedures when disaster arrives.
- Risk assessment: a critical determination of a company’s vulnerabilities, its most likely disaster scenarios and the financial impact of those events (often called an impact analysis).
- Response: the protocols and procedures that must be followed after a disaster to minimize its impact and maintain continuity.
- Secondary locations and assets: additional infrastructure, equipment and space that can be utilized when primary resources are made unusable due to disaster.
- Technology: for most businesses, business continuity is rooted in IT systems. Technologies aimed at both prevention and response can include data backup systems, anti-malware/anti-virus software and network firewalls, just to name a few.
- Emergency communication: the methods and procedures for keeping personnel updated throughout a disaster, especially if primary lines of communication have been disrupted.
- Employee training: awareness programs aimed at teaching staff how to respond in an emergency and/or how to prevent certain types of disasters from occurring, i.e. safe Internet practices to prevent malware infections.
- Testing: ongoing assessments of the company’s BC protocols and systems, intended to identify weaknesses; these tests can include everything from mock data recoveries to fire drills.
There are several common misconceptions about business continuity.
As we mentioned above, BC tends to be looked at from an IT perspective, but it is by no means exclusive to IT. It’s not just about data backups, even though that is a critical component for most companies, as we’ll explain below. Good continuity planning looks at every possible disruption to your business, including even things like local transportation stoppages that would prevent your workforce from coming to the office.
Another big misconception is that continuity planning is only for larger businesses. Sorry, no. Virtually every business needs to plan for disaster, and smaller businesses tend to be the most vulnerable. Even from a data protection perspective, it’s critical for small businesses to properly back up their data, especially if they’re storing crucial information on customers, sales or the business itself. Otherwise, a single instance of data loss could devastate the business.
Requirements for continuity
Today’s requirements for business continuity are no joke – each industry has its own risks and standards for averting an operational shut-down. So in many regards, these requirements are unique to every business.
To make sure your own BC planning is up to snuff, here are a few things to consider:
- RTO (Recovery Time Objective): Every organization, regardless of industry, should set an RTO. This is the desired time in which you need to recover operations after a disaster (before things get really bad). Setting and testing your RTO will help dictate your recovery protocols and technology solutions.
- RPO (Recovery Point Objective): RPO is specific to your data backups. It sets a limit for the maximum amount of data you can afford to lose after a disaster, i.e. a recovery point that’s 12 hours old.
- Regulatory compliance: Certain industries, like finance and healthcare, have a unique obligation to protect sensitive customer data and prevent market collapses after a disruptive event. Accordingly, these industries must follow strict compliance regulations for how their data is stored and protected.
- Performance: When looking at BCDR technologies, it’s critical to look at what your business needs to maintain continuity. Businesses must consider the performance of the devices themselves and how it will affect operations. For example, how often can data be backed up? Will it drain server resources? How quickly can data be recovered?
- Scalability: IT managers must think long-term to avoid unnecessary system replacements. Businesses should set requirements for how long their BCDR technologies should last, while also accounting for growth. The ideal system should be easily scalable, so that it can accommodate evolving data needs.
- Risk mitigation: Ultimately, every aspect of business continuity planning should be aimed at mitigating the risks of a disruptive event—not just the disaster itself, but also the response. You could deploy the best BC technologies in the world, but if your recovery teams don’t execute the protocols properly, or there’s a breakdown in communication, then none of it will matter.
When to use consultants
Let’s face it. Continuity planning is complex, time-consuming, tedious and a drain on internal resources. Not to mention, if you get it wrong, it could literally sink the business.
Hiring a business continuity consultant can be a smart decision, especially for organizations that don’t have the time, resources or knowledge to manage it in-house.
Here are some questions you’ll want to consider:
- Would it be more cost-effective to hire a BC consultancy vs. using in-house staff?
- Are in-house personnel educated on the latest requirements and technologies?
- Does it make more sense to hire a professional with extensive experience in risk assessments and impact analysis?
- Can your accounting personnel assist with the complex cost projections of various disaster scenarios and how they dictate RTO?
- Did you already experience a disruptive event that proved your existing approach to BCP risk management is inadequate?
Many organizations find that using a skilled consultancy is both more cost-effective and provides greater assurance that the company will be prepared for disaster.
Technology for continuity
We’ve already hinted at some of the most important technologies for business continuity, but it’s worth repeating: every business must have a dependable solution for backing up data.
A good backup and disaster recovery appliance (BDR) is a last-resort defense against data loss caused by a wide range of disasters: ransomware, hardware failure, natural disasters, human error and so on.
We live in an increasingly data-centric world, holding increasingly large amounts of valuable data. Medical records, sales/order information, sensitive customer data, files that run your business-critical applications, financial transactions, emails – the list goes on and on.
If you’re not adequately backing up your data (or using a system that makes it near-instantly recoverable), then you’re creating an enormous risk for the business.
On top of corporate backup systems, today’s organizations must deploy solutions that make their infrastructure as impenetrable to attack as possible: anti-malware software, firewall appliances, email spam filtering technologies and so on.
2018-2019 trends to watch
As mentioned above, the BC landscape is constantly changing. So, where are the 2018 business continuity trends you need to keep an eye on? Here are just a few:
- Cyberattack prevention & response: Ransomware has been the hot topic for the last few years, and major attacks will likely continue for the foreseeable future. Look for new, innovative technology solutions, beyond just data backups, aimed at preventing these and other sophisticated cyberattacks.
- Network continuity: Remember the days when an Internet outage was merely a nuisance? Today, even just a few minutes of network downtime can create a huge loss in productivity and can seriously disrupt operations. Over the next few years, look for more businesses (not just the big guys) to deploy always-connected technology like cellular backups to ensure Internet is always available.
- Virtualized backups: While the technology isn’t necessarily new, more companies are shifting away from conventional backups to image-based backups that are fully bootable virtual machines. This results in far faster recoveries and allows personnel to continue accessing their business-critical data and apps via a virtualized environment.
Remember: threats are constantly evolving, and thus new trends in BC solutions will continue to come along. But the underlying goal of business continuity does not change. To reduce risk and impact, today’s businesses must apply a 360-degree approach for preventing downtime and recovering promptly after a disruption.
Get more information on today’s best solutions for business continuity and data backup. Request a free demo or contact our specialists at Invenio IT by calling (646) 395-1170 or by emailing [email protected].