You may have the pieces in place to recover from a ransomware attack or environmental disaster. If you’re like a lot of today’s businesses, though, you probably have little, if any, clue as to how you would actually perform that recovery or how it would impact your business. What kind of downtime are you looking at? How many partners are involved? How many users are impacted? How much will it cost? Answers to these questions are critical to a complete disaster recovery plan. Find out how to get those answers in today’s post from your friends at Vermont Panurgy.
In the IT Security world, we recommend all businesses have not only the components in place to recover from a disaster, but also what’s called a BCDR Plan, which stands for Business Continuity and Disaster Recovery. Basically, this plan lays out in detail the processes and timelines by which data and access would be restored in the event of a disruption or disaster. It gives a business perspective on how long it would take, what costs there would be, and what other expectations to hold when responding to a critical service or resource outage.
The first and most crucial part starts with a risk analysis, which helps the business and the security provider creating the document to understand the internal and external risks facing the business, and the likelihood they will occur. In tandem with a business impact analysis (BIA), your partner can quickly determine the level of risk your business faces, and how devastating it would be to your company.
With an understanding of risk and impact, you are then able to begin planning out how to respond when these issues occur. Each business is going to have a different BCDR Plan, because the amount of downtime, the impact of that downtime and the potential losses resulting from the downtime will be unique for each business. A children’s book author or artist collective, for example, is going to have a very different perspective on downtime from a 24-hour manufacturing plant or public utility.
To better understand the BCDR Plan, we can break it down into the two primary components: “Business Continuity” and “Disaster Recovery”. Business Continuity refers to the plan for how the business is going to continue to function during the recovery period. Whether this means breaking out the notepads and pens, rolling a filing cabinet up from storage and breaking out the adding machines, or having an entire parallel cloud infrastructure to quickly spin up a virtual replica of your existing network at a moment’s notice (also known as a failover), Business Continuity can mean many different things to different companies, and all depends on the impact of downtime on the business’s ability to continue functioning.
Once a plan is formed to keep the lights on, the second part, Disaster Recovery, determines how the business gets back to fully functional operation. Different disasters are going to require different types of recovery, so the risk analysis is important to help prioritize and identify the most likely disasters to occur. An attack by ransomware may not require hardware replacement (wiping the drives and restoring a backup usually does the trick), but a dead server may not necessarily require a lengthy data restoration process if the drives in the server are still good.
The interrelated nature of the two components also effects data recovery plans for each business and their existing configuration. A business with a high need for a quick Continuity plan (like the 24-hour manufacturing plant) may be able to continue functioning indefinitely under their contingency plan, thereby reducing the need for a quick-turnaround recovery plan. Business owners who don’t mind going back to the stone age for a bit, or whose budget is unable to maintain a robust failover infrastructure, on the other hand, may prefer to focus on a speedy recovery. It’s all a question of priority.
As you can see, BCDR plans depend not just on tangibles such as technology, warranties and failovers, they also depend very much on both the physical environments the business operates in as well as the intangible personal preferences and business needs of the company and its constituents. This is why BCDR Plans tend to be so expensive. It takes a lot of conversation and reflection to truly understand the needs of a business to the point where an appropriate and effective BCDR Plan can be created. If you encounter a company that purports to offer cheap or quick BCDR Plans, run away fast. These plans most likely will be very generic and not specific to your business or even industry, likely will contain unrealistic timelines and may even include technologies that your business doesn’t even have.
If budget is a concern (as it is to most businesses these days), I would encourage you to at least start with a Risk Analysis and BIA. This will help you understand how important a BCDR Plan would be in the event of a disaster and will help determine priority for future budgeting. Contact Vermont Panurgy today to discuss how we can help you make sure your business is safe from disaster.