[BreachExchange] Why you can’t let disaster recovery slide off your IT budget in 2017

Inga Goddijn inga at riskbasedsecurity.com
Wed Jan 4 18:33:18 EST 2017


http://www.cloudcomputing-news.net/news/2017/jan/04/why-you-cant-let-disaster-recovery-slide-your-it-budget-2017/

As we welcome in the New Year, we are already seeing multiple blogs
prognosticating 2017 trends, setting priorities and suggesting resolutions.
We are also rapidly approaching the 2017 budget cycle. I am sure you will
read many articles concerning new plans or resolutions for the coming year,
but this one will be about an old resolution: IT disaster recovery (DR).

When disaster strikes, organisations need to be able to recover IT systems
as quickly as possible. Not having a disaster recovery plan in place can
put the business at risk of high financial costs, reputation loss and even
greater risks for its clients, customers and employees. Despite this, each
year business continuity gets cut from the budget and companies continue to
fail to invest in DR.

Here are five common objections that continue to dominate the disaster
recovery budget discussion and why IT leaders need to refute them:
*"It's going to cost a fortune"*

Business leaders often assume that disaster recovery is going to break the
bank. When thinking about a robust disaster recovery plan, secondary data
centres complete with HVAC, as well as second copies of all servers,
storage and networks comes to mind. Furthermore, there is a general
misconception that systems are sitting idle, just waiting for disaster to
strike, and all this is before even considering the maintenance costs
involved.

However, having a robust disaster recovery plan in place doesn’t have to
mean investing in a secondary data centre. Technology has developed
massively in the last few years and there are now a number of different
options that enable organisations to minimise the cost of DR without
sacrificing the recoverability of IT systems. Cloud-based disaster
recovery, often termed Disaster-Recovery-as-a-Service (DRaaS) enables
failover of virtual machines to secure cloud locations. Often billed by VM
or by TB of storage, DRaaS provides the flexibility to only pay for what
you need. Having an on-demand pricing model means the costs are therefore
remarkably low. With DRaaS, organisations do not have to sacrifice the
ability to fail over in a time of need and are also gaining the benefits of
security and compliance within the cloud platform. In most cases, it has
now become a lot more cost effective for organisations to invest in DRaaS
rather than building and managing a secondary data centre.
*"But I have backup down the hall"*

Some businesses may argue they are covered in case of disaster because they
have a robust backup system in the form of an on-site server. If you back
up each day to this, then surely you do not need DRaaS?

*(c)iStock.com/olm26250*

As we welcome in the New Year, we are already seeing multiple blogs
prognosticating 2017 trends, setting priorities and suggesting resolutions.
We are also rapidly approaching the 2017 budget cycle. I am sure you will
read many articles concerning new plans or resolutions for the coming year,
but this one will be about an old resolution: IT disaster recovery (DR).

When disaster strikes, organisations need to be able to recover IT systems
as quickly as possible. Not having a disaster recovery plan in place can
put the business at risk of high financial costs, reputation loss and even
greater risks for its clients, customers and employees. Despite this, each
year business continuity gets cut from the budget and companies continue to
fail to invest in DR.

Here are five common objections that continue to dominate the disaster
recovery budget discussion and why IT leaders need to refute them:
*"It's going to cost a fortune"*

Business leaders often assume that disaster recovery is going to break the
bank. When thinking about a robust disaster recovery plan, secondary data
centres complete with HVAC, as well as second copies of all servers,
storage and networks comes to mind. Furthermore, there is a general
misconception that systems are sitting idle, just waiting for disaster to
strike, and all this is before even considering the maintenance costs
involved.

However, having a robust disaster recovery plan in place doesn’t have to
mean investing in a secondary data centre. Technology has developed
massively in the last few years and there are now a number of different
options that enable organisations to minimise the cost of DR without
sacrificing the recoverability of IT systems. Cloud-based disaster
recovery, often termed Disaster-Recovery-as-a-Service (DRaaS) enables
failover of virtual machines to secure cloud locations. Often billed by VM
or by TB of storage, DRaaS provides the flexibility to only pay for what
you need. Having an on-demand pricing model means the costs are therefore
remarkably low. With DRaaS, organisations do not have to sacrifice the
ability to fail over in a time of need and are also gaining the benefits of
security and compliance within the cloud platform. In most cases, it has
now become a lot more cost effective for organisations to invest in DRaaS
rather than building and managing a secondary data centre.
*"But I have backup down the hall"*

Some businesses may argue they are covered in case of disaster because they
have a robust backup system in the form of an on-site server. If you back
up each day to this, then surely you do not need DRaaS?

However, backup ‘down the hall’ is not immune from a localised disaster and
additionally, should disaster strike, restoring data from back up takes
hours, if not days. DRaaS is about minimising downtime. With DRaaS
organisations can restore operations quickly (often in minutes or even
seconds) and in a highly automated fashion. It can also be tested in
advance so that if and when an issue does arise the infrastructure can be
recovered at the push of a button as the failover system has been fully
tested and proven.

The difference between back up and DR is significant and both can co-exist
happily in a secure and compliant business continuity strategy.
*"We don't get bad weather!"*

With headlines focusing on big natural disasters, many believe that if they
live in a region with generally good weather, they are exempt from the
danger of an outage. This is a false sense of security, however, as the
‘disaster’ in disaster recovery doesn’t just refer to natural disasters
caused by weather events.

Outages are increasingly more likely to be the result of human error or
malicious attacks – just look at the increase in ransomware attacks we’ve
seen on businesses over the past year. Organisations are also susceptible
to power outages, upgrade problems or bad coding.

Incidents such as these are completely out of an IT team’s control. It is
therefore vital that there is a robust disaster recovery plan in place to
be able to recover when the inevitable happens.
*"We don't have outages"*

This objection is for the most part unrealistic. Generally, people do not
like talking about outages. Usually it is not a case of an organisation not
experiencing outages, it is more likely that these outages do not get fed
back to senior leadership.

Whilst some smaller outages may go unnoticed and leave a business
moderately unscathed, over the course of a week, a month or a year downtime
adds up and ultimately becomes expensive, having an unplanned effect on
revenue. In addition to this, downtime can impact reputation, customer
loyalty and employee productivity.

When it comes to outages organisations need to be more transparent in their
approach; utilise the data on outages, attacks, maintenance windows, patch
and upgrade problems that exist in your IT department to implement a
reliable and effective DR strategy.
*"We can handle a little downtime"*

The final objection is ‘we don’t need a robust DR plan because we can deal
with a few minutes of downtime’. Businesses may question how much downtime
will really impact the business and argue that since all their systems are
not customer facing, it isn’t the end of the world.

However, downtime can actually have a very significant impact on revenue.
In the last decade, our expectations as consumers and IT end users have
changed. We expect everything instantly and business is increasingly
conducted online. As a result, people are more sensitive to an interruption
in service and having even a few minutes downtime could have a massive
impact on customer loyalty, not to mention bottom line revenue.

The impact of downtime is tremendous. A 2016 survey conducted by Opinion
Matters on behalf of iland showed that, for 69% of respondents, downtime
<http://info.iland.com/uk-draas-survey-report> of only minutes would have
highly disruptive or catastrophic business impact. Additionally, Gartner
has reported that 72% of firms had to use their IT disaster recovery plans,
in its 2015 Business Continuity Management survey, and estimates in their 2016
Magic Quadrant for Disaster Recovery as a Service
<http://info.iland.com/gartner-draas-mq> that the DRaaS market will nearly
triple in the next three years to a revenue point of $3.4 billion by 2019.

A robust disaster recovery strategy is vital to running a successful and
secure business. If any of these five objections have influenced your
decision to invest in a business continuity plan, it may be time to
reconsider. Without an IT disaster recovery plan, you run the risk of
incurring serious business losses through outages, hours of downtime, lost
data, and negative impact on reputation. Make 2017 the year that DR is put
firmly back in the IT budget.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170104/425b9ae2/attachment.html>


More information about the BreachExchange mailing list