By Sungard AS
Business continuity and disaster recovery (BC/DR) solutions are many and varied. Which one is right for your company? Your Board of Directors is demanding a complete BC/DR program, your CEO wants it done yesterday, service providers are promoting their services and calling on you all hours of the day, your different lines of business only care about their IT needs, the media is full of news about the latest and greatest cloud recovery technologies … and the list goes on. So how do you even begin to move forward when a hundred voices are clamoring for your attention, your money, and your resources?
Let’s start by cutting out the noise. Forget the hype, the pressure, the latest and greatest. Here are the four secrets you need to pick the right BC/DR solution for your company.
I always encourage clients to take a “top down” approach to understanding BC/DR business requirements. Here’s why. Suppose you have an IT guy sitting in the bowels of the company. He has responsibility for a particular application cluster. If you call a meeting of your IT staff and say, “What are our business requirements for availability and DR? What do we need to focus on?” this guy is going to say, “My application cluster is critical – it should be one of our priorities.” After all, it’s his baby and to him, that cluster is mission critical.
But is this guy’s application actually mission critical? Maybe, maybe not. To avoid the disconnect that can occur between the IT group and those who run the business at the highest level, you have to start at the top and work your way down. Gather the executives from the different divisions or lines of business and ask, “What must be recovered immediately if an outage or disaster strikes? What are the absolutes that we cannot function without?” This approach is going to get an entirely different set of answers than the IT team, working alone, would come up with.
Once you have gathered the full set of business requirements, you’re going to have to engage in some ruthless prioritizing. I say “ruthless,” because people are very protective of the business applications they support. Just like the IT guy we talked about before, people are often biased in favor of their own backyard; that’s just human nature.
But the fact is, you can’t recover everything at once, in no time flat. You have to be very firm on that point. Some applications do need a Recovery Point Objective (RPO) and Recovery Time Objective (RTO) of near zero. They’ve got to be up and accessible all the time, no matter what… but there are other applications that can tolerate recovery times of 1, 2, or even 3 days before they are back to normal. We call this prioritization process “tiering.”
In other words, we decide which applications are more critical than others, and we come up with a plan to recover them in order of priority. By doing this, we can put them into “buckets” of technology, with each bucket providing a pre-planned recovery time and point objective meant to meet the business requirements.
Having established what is going on in your IT enterprise and how important it is to the business, you have another question to ask: “What else have we got coming down the pike?” You want to be aware – right from the start – of any changes in the future IT landscape: changes such as application migrations, network enhancements, or even new cloud platform deployments. It’s also critical to be aware of any major changes to the business such as acquisitions or divestitures.
All of these things could cause a major shift in the requirements, and the last thing you want is to start the process of deploying a major BC/DR project and have to switch gears halfway into it because you failed to consider known changes. That will cost you and your company a lot of money, and it could very well cost you your job.
There is one more important thing you’ll want to undertake upfront: mapping your critical business processes to the underlying IT infrastructure and documenting any interdependencies that exist between them.
You never want to be caught by surprise in a business continuity or disaster recovery situation because you didn’t account for application and data interdependencies. For example, if Process A can’t run without Application B, it isn’t going to do any good to have Process A placed in Tier 1 if Application B is in Tier 3! Application B has to be at least as high a BC/DR priority as Process A, and possibly even higher – otherwise, Process A won’t get back online. Mapping processes to the IT infrastructure will reveal hidden interdependencies, ensuring that you identify all the truly mission critical components of the business.
So there you have it: 4 secrets to picking the right BC/DR solution for your company! Once you’ve nailed these down, you’ll have the foundation necessary to arrive at a business continuity and disaster recovery solution that works for you.
Find out how to vet business continuity vendors
Related Business Solution: Find out about our Business Continuity Management service