Business continuity (BC) and disaster recovery (DR) processes have been around since the 1970s, when IT managers suddenly realized that their IT systems and data were no longer a luxury, but rather a critical necessity for running their businesses. Most large IT organizations have some sort of BC/DR plan. Shockingly, most small and medium businesses (SMB) do not. The primary SMB rationale is that they perceive a high cost versus a relative risk. Many incorrectly assume their file backup, snapshot, or image-replication technologies are adequate.* The SMB attitude toward BC/DR can be summed up as “It’s a cost center” or “It’s pricey insurance.”
Large IT organizations also see BC/DR as a cost center or insurance. However, because of the myriad supported systems, IT has to respond to and recover more frequent system outages, failures, and disasters. IT veterans know that BC/DR plans and processes are not simply a costly indulgence, but rather an essential job requirement. They must constantly balance cost and the ability to operate in the event of all kinds of disasters, and they realize that failure to prepare is a recipe for catastrophe.
They prepare hoping they never have to exercise their plans. That hope generally springs from a deep-seated anxiety and fear that their BC/DR processes will not work when they need them most. This anxiety’s root cause is directly correlated to incomplete BC/DR testing, nonexistent periodic BC/DR systematic testing, or BC/DR test failures. It’s also from IT pros’ experience with Murphy’s Law, or more specifically, from a corollary of Murphy’s Law: “Whatever can go wrong will go wrong at the worst possible time, causing the most possible damage.”
Why? How complicated can it be? IT professionals have been solving more difficult and convoluted problems for decades. Why do BC/DR processes continue to vex so many IT organizations, especially when there is a wide breadth of new technologies and services — such as “backup as a service” (BaaS) and “disaster recovery as a service” (DRaaS) — that make BC/DR so much simpler? That is what this paper investigates, explaining the ins and outs of BC/DR issues and detailing the methodologies that are proving they can cure this problem.
* Note: data protection is only part of an effective BC/DR plan, which also includes facilities, people, networks, equipment, access, etc.)