Why you can’t let disaster recovery slide off your IT budget in 2017

(c)iStock.com/olm26250

As we welcome in the New Year, we are already seeing multiple blogs prognosticating 2017 trends, setting priorities and suggesting resolutions. We are also rapidly approaching the 2017 budget cycle. I am sure you will read many articles concerning new plans or resolutions for the coming year, but this one will be about an old resolution: IT disaster recovery (DR).

When disaster strikes, organisations need to be able to recover IT systems as quickly as possible. Not having a disaster recovery plan in place can put the business at risk of high financial costs, reputation loss and even greater risks for its clients, customers and employees. Despite this, each year business continuity gets cut from the budget and companies continue to fail to invest in DR.

Here are five common objections that continue to dominate the disaster recovery budget discussion and why IT leaders need to refute them:

“It’s going to cost a fortune”

Business leaders often assume that disaster recovery is going to break the bank. When thinking about a robust disaster recovery plan, secondary data centres complete with HVAC, as well as second copies of all servers, storage and networks comes to mind. Furthermore, there is a general misconception that systems are sitting idle, just waiting for disaster to strike, and all this is before even considering the maintenance costs involved.

However, having a robust disaster recovery plan in place doesn’t have to mean investing in a secondary data centre. Technology has developed massively in the last few years and there are now a number of different options that enable organisations to minimise the cost of DR without sacrificing the recoverability of IT systems. Cloud-based disaster recovery, often termed Disaster-Recovery-as-a-Service (DRaaS) enables failover of virtual machines to secure cloud locations. Often billed by VM or by TB of storage, DRaaS provides the flexibility to only pay for what you need. Having an on-demand pricing model means the costs are therefore remarkably low. With DRaaS, organisations do not have to sacrifice the ability to fail over in a time of need and are also gaining the benefits of security and compliance within the cloud platform. In most cases, it has now become a lot more cost effective for organisations to invest in DRaaS rather than building and managing a secondary data centre.

“But I have backup down the hall”

Some businesses may argue they are covered in case of disaster because they have a robust backup system in the form of an on-site server. If you back up each day to this, then surely you do not need DRaaS?

However, backup ‘down the hall’ is not immune from a localised disaster and additionally, should disaster strike, restoring data from back up takes hours, if not days. DRaaS is about minimising downtime. With DRaaS organisations can restore operations quickly (often in minutes or even seconds) and in a highly automated fashion. It can also be tested in advance so that if and when an issue does arise the infrastructure can be recovered at the push of a button as the failover system has been fully tested and proven.

The difference between back up and DR is significant and both can co-exist happily in a secure and compliant business continuity strategy.

“We don’t get bad weather!” 

With headlines focusing on big natural disasters, many believe that if they live in a region with generally good weather, they are exempt from the danger of an outage. This is a false sense of security, however, as the ‘disaster’ in disaster recovery doesn’t just refer to natural disasters caused by weather events.

Outages are increasingly more likely to be the result of human error or malicious attacks – just look at the increase in ransomware attacks we’ve seen on businesses over the past year. Organisations are also susceptible to power outages, upgrade problems or bad coding.

Incidents such as these are completely out of an IT team’s control. It is therefore vital that there is a robust disaster recovery plan in place to be able to recover when the inevitable happens.

“We don’t have outages” 

This objection is for the most part unrealistic. Generally, people do not like talking about outages. Usually it is not a case of an organisation not experiencing outages, it is more likely that these outages do not get fed back to senior leadership.

Whilst some smaller outages may go unnoticed and leave a business moderately unscathed, over the course of a week, a month or a year downtime adds up and ultimately becomes expensive, having an unplanned effect on revenue. In addition to this, downtime can impact reputation, customer loyalty and employee productivity.

When it comes to outages organisations need to be more transparent in their approach; utilise the data on outages, attacks, maintenance windows, patch and upgrade problems that exist in your IT department to implement a reliable and effective DR strategy.

“We can handle a little downtime” 

The final objection is ‘we don’t need a robust DR plan because we can deal with a few minutes of downtime’. Businesses may question how much downtime will really impact the business and argue that since all their systems are not customer facing, it isn’t the end of the world.

However, downtime can actually have a very significant impact on revenue. In the last decade, our expectations as consumers and IT end users have changed. We expect everything instantly and business is increasingly conducted online. As a result, people are more sensitive to an interruption in service and having even a few minutes downtime could have a massive impact on customer loyalty, not to mention bottom line revenue.  

The impact of downtime is tremendous. A 2016 survey conducted by Opinion Matters on behalf of iland showed that, for 69% of respondents, downtime of only minutes would have highly disruptive or catastrophic business impact. Additionally, Gartner has reported that 72% of firms had to use their IT disaster recovery plans, in its 2015 Business Continuity Management survey, and estimates in their 2016 Magic Quadrant for Disaster Recovery as a Service that the DRaaS market will nearly triple in the next three years to a revenue point of $3.4 billion by 2019.

A robust disaster recovery strategy is vital to running a successful and secure business. If any of these five objections have influenced your decision to invest in a business continuity plan, it may be time to reconsider. Without an IT disaster recovery plan, you run the risk of incurring serious business losses through outages, hours of downtime, lost data, and negative impact on reputation. Make 2017 the year that DR is put firmly back in the IT budget.