When disaster strikes: The Impact to a Business of Not Having a Disaster Recovery Plan

Posted by Graham Shimmin on Jun 19, 2015 9:15:35 AM

Could an unexpected event put your business out of business?


It started with a faulty fuel gauge and ended up in an explosion that blew out windows five miles away.

The 2005 Buncefield depot explosion damaged more than 80 buildings on the industrial estates surrounding it and one affected firm, clothing retailer ASOS, had to suspend trading over Christmas and refund orders already placed. ASOS would be hit again a few years later. In 2014, its Barnsley distribution centre went up in flames, destroying 20% of the company’s stock - but this time it was back to business as usual in just 48 hours later. The difference? Disaster recovery planning.

We tend to think of disasters as acts of God, natural events such as hurricanes or earthquakes. But there are plenty of man-made disasters that can affect businesses, from customer data breaches to denial of service attacks, unexpected server downtime and deliberate sabotage.

That means businesses need to do two things. They need to analyse the risks and take steps to reduce them - and they need to have a plan in place in case disaster does strike.

Think of it as insurance. You hope you’ll never need it, but if something goes wrong you’ll be glad of it.

When you’re planning for disaster, everything begins with the bottom line: how much downtime can your business afford? Many organisations believe that they can’t afford any downtime at all, and it’s common to talk of the so-called “five nines” of availability, which means that the company’s systems are fully operational 99.999% of the time. That allows for just five minutes of downtime - planned or unplanned - during the entire year.

Disaster recovery planning is all about delivering the desired uptime, so for example if your goal is the five nines then you need to have a great deal of redundant capacity in place so that the failure of a server, the failure of communications links, malicious activity or something as simple as a power cut doesn’t interrupt your operations. Even achieving four nines or three requires significant investment.

That investment is expensive, of course, but there are ways to get the same guarantees without incurring the huge costs inherent in duplicating entire IT systems. One of those ways is to use virtualisation, which is when virtual servers and their applications and data can be deployed when the real servers become unavailable. Such virtualisation can be done in-house or it can be outsourced to a service provider, and you can start small by identifying your most critical applications - email, perhaps, or bespoke business applications - and virtualising those systems first.

Whichever option you choose, virtualisation dramatically increases the speed of recovery: virtual machines can be activated instantly, and even large-scale systems can be restored very quickly. For example, where tape-based recovery can take days to fully restore systems and data, virtualisation can achieve the same results in a few hours. There’s another benefit too: you can use your virtual machines to perform optimisation and testing without affecting any live systems.

For IT, virtualisation can be a win-win scenario: it reduces the number of devices you need and the power they consume while making your organisation more resilient and able to recover more quickly from even the most severe disasters.

Make sure you have a robust disaster recovery plan. Download you free eGuide, Risky Business: the 10 biggest threats to your business data

Risky Business: the 10 biggest threats to your business data