In our daily lives we try to protect ourselves from the worst. We buy insurance for our cars, homes and health and we safeguard personal information. Shouldn't business owners and IT managers treat their networks and critical infrastructure the same way?
According to Gartner, the majority of small and midsize businesses (SMB) under-invest in business continuity and disaster recovery planning. Gartner estimates only 35 percent of SMBs have a comprehensive disaster-recovery plan and fewer than 10% have crisis management, contingency, business recovery and business resumption plans.
For SMBs, it is critical to implement a disaster-recovery plan. According to Gartner, two out of five businesses that experience a disaster go out of business within five years. Moreover, disasters happen more frequently than you think because 80 percent of application downtime is caused by people or processes failures not disasters or technology failure.
Establish a downtime threshold
When building a disaster-recovery plan, the first objective should be to decide the recovery point objective (RPO) and recovery time objective (RTO). The RPO dictates the allowable data loss, while the RTO is the amount of time applications can afford to be down -- the maximum tolerable outage.
If a disaster occurs, how much time can your business afford to lose? An hour? A day? A week? An organization that requires immediate recovery will need to budget significantly more funds for disaster recovery than an organization that can afford to be down for a few days. In the same fashion, a tight RPO is expensive, but SMBs must weigh preventative expenditures against the potentially exorbitant cost of significant data loss. Identifying the RPO and RTO will help you allocate the appropriate resources.
If a business has difficulty establishing the RPO and RTO, a business impact analysis (BIA) can help. The basic assumption behind a BIA is that every element of the organization relies upon the continued operation of every other element, but some elements are more crucial than others. The BIA prioritizes mission-critical data and systems and helps organizations allocate the appropriate resources for each component in case of a cataclysmic event. The BIA can also show IT managers and SMB owners alike how much money they could lose by not implementing a disaster-recovery plan.