Some organisations – especially big firms or those in highly regulated industries – have exemplary disaster recovery set-ups.
At the other end of the scale, an alarming number of small and medium organisations have little or nothing in place, either not having ‘got around to it’ yet or simply hoping a crisis will never strike them – a high stakes gamble.
Many others have put some measures in place, but are operating under a false sense of security and are not nearly as well-protected as they believe.
I’ll look in subsequent blog posts at ways to create an effective disaster recovery (DR) strategy and what to look for in suitable DR facilities. But first, I’ll focus on the basic matter of why we need to have one at all.
Fundamentally, of course, it’s all about business continuity. You need to ensure that, if a crisis should strike, you can continue operating with as little interruption as possible.
Any significant disruption, even for a relatively short period, could well mean lost orders and therefore lost revenue and profits.
Depending on when it strikes, just a few hours’ downtime could mean your staff and suppliers don’t get paid or customers invoiced. It could cause internal chaos that takes you a while to bounce back from – even when the external crisis is over. This could affect staff morale and distract you from your core business at a critical time.
It could mean a blow to your reputation if you’ve let customers down – and the harsh reality is that reputations are far easier and quicker to damage than to repair.
If the disruption lasts a significant period or entails a loss of business-critical data, it could be devastating – even fatal – for your organisation.
While the exact statistics vary, there’s general agreement that most businesses will experience data loss at some point. And, in cases of major loss, a great many of these organisations aren’t in business two years later.
The good news is that a comprehensive DR strategy can protect you from all of this, whatever the nature of your organisation. While some upheaval in a time of crisis is probably inevitable, it should mean you can continue to operate with minimal impact on your customers, staff, processes and reputation.
So, given this, why don’t all organisations have a solid solution in place?
I think part of the answer, aside from blind optimism, is that many organisations don’t take proper account of the full range of risks that face them.
You might think of the most obvious disasters, such as a fire or terrorist bomb at your premises, and conclude that the risks – because, perhaps, of where you’re based or your fire protection systems – are slim.
But the reality is that disasters come in many shapes and sizes and are often far less predictable than this.
The other reason I believe many organisations are not well enough protected is the false sense of security which comes from having a partial solution in place – typically some kind of cloud data back-up.
If you’ve chosen a cloud route, do you truly know exactly where and how your data is being stored? How well is it protected there? How easy will it be to retrieve in an emergency?
What level of support will your cloud provider give you in a time of crisis? Have you practised under realistic crisis conditions to stress-test the service and ensure you can get back up and running in a smooth, reliable process?
It may be that the disaster recovery solution you have in place is exactly what you need. But it might not. And with no less than your organisation’s survival at stake, it’s too important a matter to leave to chance.
In a later post, I’ll look at how to devise the most effective DR strategy for your organisation.