Be Prepared How Small/ Mid Size Companies Can Protect Their Business By Sean W. O Donnell, President, Datacor, Inc. Introduction Recent disasters have brought the need for organizations to focus on business continuity plans. Although, many businesses recognize the need for a disaster recovery program, they don't always know where to begin or who to turn to for expertise. The key is to prepare a strategy before a disaster happens so that you have a program in place when calamity occurs. As Duke Basketball Coach Mike Krzyzewski tells it in his new book, Beyond Basketball: Coach K s Keywords for Success, If you plan to manage a crisis when the time comes, it is already too late to establish the communication and trust that should already exist among members of your team. Most people tend to think of disasters in terms of major catastrophic events such as hurricanes, floods, or terrorist attacks but many smaller events can interrupt your business and be equally as devastating. We characterize a disaster as any event that causes destruction or distress of any kind to your business. In this white paper, we will focus on the impact of these disasters on your technological infrastructure. We will detail the steps you should consider to ensure your business is prepared and secure in case of a disaster.
Planning How do we successfully prepare for a disaster? Smart companies recover quickly from disasters because they plan for them before they happen. Effective recovery focuses on business continuity planning or how do I keep making money and running my business when events interfere with my normal operations? A couple of the fundamental functions that you need to do are: take orders, enter them into your computer system, pick them, print Bills of Lading, put the products on the trucks, and invoice customers. Key Considerations: 1. What do you do when your entire network and system goes down because your server is failing? 2. How do you minimize the time between recognition of the problem and either fixing it or deploying an alternative option? 3. What are the types of disasters that cause these problems? Disasters come in two different categories: ones that are out of our control and others that are self-inflicted. Disasters such as hurricanes, terrorist attacks, or faulty equipment are beyond our control. Our recovery plan involves responding to the disaster so that we get our business up and running quickly. Disasters such as viruses are self-inflicted; we bring them on ourselves by not installing virus and spy ware filters. These kinds of disasters can be anticipated and prevented through advance planning. In devising a disaster plan, five factors should be used in your evaluation: type, probability, impact, risk and cost. Determining the type of disaster influences your response. Localized disasters that only impact one person or department are considered minor. While disasters that impact the entire organization are major. Spilling water on your laptop is a minor type problem while a network or application outage or computer virus can cause a major disruption to your business affecting profitability and customer satisfaction. A disaster s probability should also be considered. Many of the likely occurrences, such as a hard drive failing, have a high probability, while major catastrophes such entire network failures occur less frequently. Understanding how the disaster will impact your ability to continue your operations and make money is critical. If your e-mail system goes down for a few hours, it is an inconvenience. On the other hand, if your communications and applications are down, the impact is more severe. Be sure to assign a priority level on business processes that are mission critical, important or minor in devising your plan. Another key factor is the amount of risk you are willing to absorb and the amount of money you are willing to pay to offset this risk. The goal is to create a plan where your business is reasonably protected without overspending. Perform a cost-risk analysis on every possible disaster-recovery scenario. You need to reach an equilibrium level between the risk and cost/benefit of each solution.
Possible Targets and Solutions The next task is to identify specific areas within your business with disaster potential and focus on possible solutions. Some examples include: stealth data breaches, parts malfunction/machine failure, and destruction of environment. 1. Stealth breaches occur when data is stolen, destroyed, or altered, and include events such as worms, viruses, and spy ware. These types of disasters can be prevented and have a range of low-cost solutions including installation of anti-virus and anti-spy ware software. While stealth disasters can be caused by external intruders, most attacks on security originate from within the network. Stolen data is a major concern for companies and the trend is growing. More than 75 percent of hacking is perpetrated from inside, and for this reason, internal security should be tight and up-to-date. Tactics such as forced password changes, user identity, limited server access, and network restrictions, are inexpensive solutions. Other inexpensive solutions to breaches are firewalls, to protect you from hackers, and spam filters to prevent clogged email and servers. 2. Parts malfunction and machine failure should also be addressed because computer disk drives contain moving parts and carry a high probability of failure. A variety of solutions are available with a range of associated costs. The low-cost answer is backing up data using tapes, CDs, or other hard drives, while a medium-priced solution is mirrored drives where data is written to two drives simultaneously. If one drive fails, then you can continue to operate. You can change the failed hard drive without taking down the server. Disk space is relatively cheap. Another medium cost possibility is a third party back up service. Your data will be backed up by a third party every 15 minutes. It transfers only the data that has changed in the last 15 minutes reducing the amount of data going across the wire. For about $100 per month, you get five gigs of storage space and your hard drive is backed up frequently by an off-site third party. The high cost option is to have replication to another machine either within your local network or remotely to another machine giving you complete redundancy.
Possible Targets and Solutions 3. Another potential disaster is destruction of your business environment. Though the probability is low, the impact is enormous. About 93 percent of companies who lose their data center access for ten days or more file bankruptcy within a year. Resurrecting your data center and continuing your operations is paramount to your company s survival. Many solutions to this problem are available: you need to decide how much risk you are willing to absorb and how much you can afford to spend. Off-site storage of both data and applications and a plan to procure machines is the least costly plan. The medium priced solution involves utilizing spare machines combined with third party back up of data and applications. The medium-high priced solution is the realtime replication of applications and data where the network is duplicated across sites. The most expensive option is a third-party hot site. This scenario replicates your environment allowing you to cut over to their site if your site goes down. Other Critical Issues Many disaster recovery plans focus on the data center and fail to consider remote sites, sales force computers, email servers, and people. Make sure that your plan is comprehensive and not restricted to only one segment of your business. For instance, people are our most treasured resource. When disaster strikes, you should have a plan in place to get in touch with employees, make sure your staff is safe, and ensure personnel return to work. Outline the responsibilities of each person during the disaster and ascertain that they have the knowledge and the proper security to bring your system back in operation. A common mistake is putting all responsibility and knowledge about your network in the hands of one person. As owners of the company, make sure that your id and password have administrative rights.
Implementation How do you go about implementing your company s disaster recovery plan? 1. Review your infrastructure and network for possible weaknesses. 2. Perform an accurate inventory of your equipment and versions of your software. Since most companies use a variety of software products and depend on them all working together, version accuracy can make or break the recovery. 3. Identify possible disasters, and analyze type, probability, impact, risk, and cost. Use common sense to create a plan for each disaster. If you have a plan that is reasonable, you will be able to sleep at night. As Coach K points out, Luck favors those who have spent their preparation time building effective systems. ABOUT THE AUTHOR This article was written by Sean W. O Donnell, President of Datacor, Inc., a company specializing in software, services, and business solutions for the chemical industry since 1981. Using more than 26 years of experience, Datacor has developed a range of software products, including Chempax, echempax, Traveler, and Labelpax, to meet the unique requirements that exist within the chemical industry arena. The company s CTS division services customer infrastructure requirements such as hardware, networking, and disaster recovery. Visit www.datacor.com, phone 973-822-1551, or email swodonnell@datacor.com for more details.