For businesses that run on IT — and what business doesn’t today? — disaster recovery is a critical focus.
When Trimont Real Estate Advisors moved its headquarters not long ago, Managing Director of IT and Security Raquel Brown posed a question to her team: “From a redundancy perspective, do we want to try to build out a data center and put the funds into that? Or do we want to put our money where, from a business perspective, it could really grow the business instead of trying to build out a data center?”
Commercial real estate clients around the world rely on Trimont to provide asset management, servicing, due diligence and customized advisory services, so the company chose the latter, tapping a colocation center that mirrors its original IT infrastructure. That made the transition nearly seamless, and strengthened its overall business continuity strategy.
“Not only did we firm up our disaster recovery solution by design, we also upped our data center’s redundancy and availability by moving it to a true data center colocation site,” Brown says. But she and her team also understood that backing up data wasn’t enough. Continuity of operations, which a colocation provider offers, needed to be part of the DR discussion.
And it’s a move one analyst says more businesses need to consider.
“The greatest mistake organizations make is focusing on DR instead of continuity of operations,” says Susan Snedaker, director of IT infrastructure and operations for Tucson Medical Center. When continuity of operations is the primary focus, it can be more easily incorporated into daily IT operations, she says.
SOURCE: Gartner, "Magic Quadrant for Data Center Backup and Recovery Software," June 2016
“Once part of the daily processes, continuity and disaster recovery become less of a one-off activity and more of a way of doing business. That shift in thinking protects your organization more fully than any plan alone can,” says Snedaker, who also wrote a book on the topic, Business Continuity and Disaster Recovery for IT Professionals.
What else is important for a true continuity of operations plan? Brush up with BizTech’s checklist to ensure a fully baked plan backs your business’s mission-critical IT.
1. Catalog and Prioritize Data, IT
IT can’t manage what isn’t measured, and nowhere is that more true than in disaster recovery. IT staff simply can’t recover data or information they don’t know is there.
As shadow IT — that is, employees using technology and solutions without explicit organizational approval — becomes more commonplace, figuring out what employees prefer for productivity also becomes more important.
Begin the IT assessment by cataloging all IT resources. Once you know what you have, spend time prioritizing data and applications, says Bruce Harpham, the founder of Project Management Hacks.
“That part is a bit more challenging, but it’s crucial. You need to assess what data and tools are essential, and what you could live without for a week,” he says.
That requires speaking with department heads and users to gain a better understanding of what they use on a day-to-day basis and what they simply can’t live without to get their jobs done.
2. Involve the Appropriate People and Teams
Every business, no matter how large or small, should form a business continuity team to help inform IT of exactly what needs to be up and running and what’s most important. The team should be involved in the assessment as well, and can help to reveal rogue IT or other applications and services running outside of the confines of the office. Enlist representatives from every line of business, Trimont’s Brown says.
“Our team includes high-level individuals covering all facets of the company: accounting, loan servicing, HR — a little bit of everything. Obviously, it has an IT presence as well, and the application development team is also involved,” she says.
3. Back Up Data and Invest in Offsite Resources
Every bit of important data should be backed up daily — if not more frequently — and IT should ensure that when there is a problem, a second location is available for failover.
For example, Trimont has its main data center within the colocation facility for expedient redundancy and then fails over via the cloud to a site in another region of the country. The DRaaS solution replicates Trimont production systems and provides best-of-breed failover capabilities, Brown says.
Star Kay White, a food flavoring manufacturer, separates fiber-optic connections running to its three buildings, ensuring that when one goes down, the organization can maintain internet connectivity, IT Director Mikko Peltoniemi says.
“We also invested in a cloud backup system and can spin off the virtual machines in the backup device whenever we need to from the cloud,” Peltoniemi says. “We also went with a cloud-based email system, which is a huge improvement in redundancy and availability.”
For these same reasons, Brown adds, Trimont also has migrated to cloud-based email services.
4. Make Recovery Automatic
Trimont’s disaster recovery processes have been in place for more than 15 years, and from the start they were manual and intensive, explains Director of IT Chris Collins. All of that has now changed, he says. Backups can be performed more regularly and automatically thanks to a third-party cloud solution, which has also freed up IT staffers to do what they do best: help the business innovate and enable growth.
“In the past, we’d have to take the engineering team and allocate them for extended periods of time to just focus on DR,” he says. “We’ve seen good results from the cloud provider.”
5. Document the Process
Once you’ve gone through all the steps and created a disaster recovery and business continuity plan, you’ll need to document it for yourself, and for anyone else who is affected by it, Star Kay White’s Peltoniemi says.
“What I have done is update policies and disaster planning scenarios — actually writing it all down, including the steps to take,” he says. “It’s good to have them written down because it means that I’m not the only one who knows what to do. Now, if anything happens to me, everyone knows who to call, who is responsible for what. That’s just so important.”