IT Maturity
As an MSP, we see it all the time. Company X experiences a technology outage. Leaders think on-prem backups will restore their data, but a few critical details about their infrastructure got lost in translation. Now, it will be three days until data can be recovered. In fact, some of it was lost.
What if company X is a tax firm and the date is April 14th? Imagine telling your clients that you lost their data on Tax Day. How will team members feel when making up several days of lost work? Suddenly, that minor technology outage has produced major repercussions for your business.
Unfortunately, many business leaders discover their data recovery expectations—versus what their backups are actually capable of—is out of sync.
Don’t assume that just because you’ve moved to the cloud, all your backup needs are being met. Here are 4 ways to get your head out of the cloud:
#1 Know Your RPO and RTO
Every business leaders owes it to themselves to get better acquainted with the specifics of their RPO and RTO.
When talking business continuity, Recovery Point Objective is the IT function that recovers your data up to a certain point in time. RPO answers the question, “how much data can I recover?”
Alternately, Recovery Time Objective refers to the acceptable amount of time your business can endure a disruption of data. RTO answers the question, “how long will I lack access to my data?”
In our experience, there’s a natural tendency towards optimism or naiveite when it comes to recovery objectives. After all, just because you moved to the cloud doesn’t mean you have good backups.
Every business would like to capture all of their data all of the time. However, the cost of doing so is prohibitively expensive. That’s why you must strike a balance between acceptable down time and your own budgetary constraints.
#2 Know Your Customers Both Internally and Externally
Data loss poses a huge risk to companies. One way to assess your risk is to understand who your customers are both internally and externally.
External Customers
In today’s highly competitive market, customers have the luxury of choice, and their expectations run high. This is precisely why your RPO and RTO must take into consideration how much downtime or data loss would be acceptable to your customers.
If you’re a healthcare provider or financial services business owner who at any point was unable to access medical or financial data, this would be considered completely unacceptable. Highly regulated industries like these have compliance requirements that, if violated, can quickly snowball into lasting damage to their reputation.
If you’re the tax firm mentioned earlier, there’s one time of year when you absolutely cannot lose data or suffer downtime.
If you’re a manufacturing company, any IT issue affecting your shipping, production line, or floor, equates to business being lost.
Knowing the expectations of your customers will help tailor your business continuity plan to your needs.
Internal Customers
Your internal customers are your company stakeholders. Put 8-10 of your companies’ key people in a room and ask:
- What files, applications, folders, or elements of IT could you not live without?
- How long could these functions be down? In a scenario-based exercise, is 2 hours or 2 days too long to go without access?
- What happens if you lose access to that data completely?
- How much risk will our company acquire if this asset goes down?
You might be surprised at the answers.
Understanding the needs of your team is paramount to figuring out where to allocate money earmarked for business continuity. Figure out what is appropriate for your business and delegate funds to where you need it most.
#3 Don’t Get Caught in the Rain
Consider scenario-based planning
In order to think through potential disaster scenarios to help get your RPOs and RTOs more precise, conduct table top exercises of your business continuity plan. Infrequent testing makes it difficult to account for changes in your business.
Not all data is created equal
If you’re a financial company who backs up their data once a day, but closes the books on the last day of the month, losing data at that point would be disastrous. Thus, the RPO for that day should capture, store, and replicate pictures of that data by the minute or second.
This kind of complex RPO would be incredibly expensive to achieve 365 days a year, but for certain businesses the cost is worth paying one day a month.
By identifying critical operational elements and events, you will get a better sense of how specific windows of downtime affect your bottom line.
#4 Do What Mature IT Organizations Do
Now that you’ve done your homework and can calculate the monetary repercussions of downtime, it’s time to weigh it against the costs of a solution.
Your goal is to be strategic about your spend and focus your dollars on elements and events that could affect your top line, bottom line, and business reputation if lost.
Mature IT organizations use more than one backup solution to achieve business continuity goals above the 3,2,1 rule. However, many companies try to implement a one-size-fits-all approach that may not have the capacity to address all of their needs. Figure out what your business continuity structure should be first, then look for solutions that will get you there.
Finding a cost-effective backup solution is achievable. It takes doing a deep dive into the goals and processes of your business and using them to make strategic, well-informed decisions.
