We all do it. At the New Year, we make goals. We make plans. We read articles about how to trick our brains into being more successful and then we actually try to do it.
Of course, making New Year’s resolutions is a cliché these days, but that doesn’t mean we shouldn’t do it. Whether or not we’re successful, I believe it’s healthy to take some time each year to reevaluate, to look at where we are and to formally readjust our course to meet our current circumstances. Sometimes, the only functional result of these goals is to remind us of a problem, to keep it on our radar, even if we can’t get around to it right away.
For example, like many people, I usually resolve to lose some weight every year and though it frequently doesn’t happen, I like having the opportunity to acknowledge the problem and consider what I can do about it.
This process of taking stock of where we are is important professionally as well. Certainly, it’s a good time to reflect on our careers, but it’s also a good time to look at our businesses and make some goals. We can even evaluate specific pieces of our business, like (you guessed it) our disaster recovery plans.
On the StorageCraft Recovery Zone blog, we offer some tips about revising your plan, but here are three additional New Year’s resolutions you can make to solidify your plan and protect your business.
1. Figure out your cost of downtime
Maybe you had downtime last year. Maybe you didn’t. If you live anywhere on the East coast, you probably did and if so, you probably got a feeling for how expensive it can be, but do you know for sure? Understanding the actual cost of downtime is an essential part of disaster recovery planning. And when I say “cost,” I don’t mean just money. Downtime hits everything from revenue to employee productivity to customer perception.
The first step is to understand how downtime is affecting you. Then, sit down and do the math. It might be helpful to evaluate the cost of downtime for each server you’re working with, but it’s definitely important to understand the overall impact. Downtime can come from anywhere and if you didn’t have any last year, don’t make any bets about it this year. Make sure you understand what it’s costing you.
2. Set your RTOs and RPOs
Once you know the cost of downtime, the next step is to figure out how much downtime you can actually tolerate. This will allow you to objectively measure your solution to make sure it’s really meeting your needs (see step 3).
Recovery time objectives (RTO) and recovery point objectives (RPO) are ways of measuring your tolerance for downtime and data loss. Your RTO is simply the amount of downtime you can handle without serious impact on your business. If, after assessing your cost of downtime, you realize that you can only afford four hours without access to your servers, then that’s your RTO. You need a solution that can get you up and running in less than four hours.
RPO works similarly, though in the other direction. Your RPO lets you know at what point in the past you need to recover to. In other words, how much data are you willing to sacrifice to the disaster gods. As with RTO, your RPO helps you make informed decisions about your recovery solutions, thus:
3. Evaluate your current solutions
Once you know your cost of downtime and have established your RTO and RPO, the last step is to figure out if your current solution and disaster recovery plan meet your needs. Can you meet your RTO and RPO with what you have in place?
Remember that cost of downtime, RTO, and RPO are not static numbers. They change as your business changes, so even if you’ve figured these things out before, it doesn’t hurt to go through the process again. By taking the time to make and keep these three resolutions every year, you’re making sure you’re ready for whatever comes.
Mat Rayback is Marketing Content Writer at StorageCraft, which works closely with MSPs. Monthly guest blogs such as this one are part of MSPmentor’s annual platinum sponsorship. Read all of StorageCraft’s guest blogs here.
Discuss this Blog Entry 2
I think #1 is likely the single most important consideration. Most organizations likely haven't even approached the process from this angle. Oh.. everybody knows they need a DR plan, most push it onto the back burner because they think they're low-risk for a disaster, some don't even consider all of the possible disaster scenarios (who ever thought Manhattan would be under a dozen feet of water?).
But none of that would matter by simply enumerating the downtime caused by any given server loss -- forget whether it was caused by a disaster, or just a power supply failure in the chassis.
In a recent survey of 230 IT Pros (http://bit.ly/WsiDeA) conducted by Network World and Solarwinds, we (I work for SolarWinds) discovered some interesting, and scary, statistics:
- 25% of respondents admitted their companies don't have a disaster preparedness and response plan in place
- 27% said they've been unable to go into the office because of a disaster of some kind, and of those, 34% missed a week or more of work because of the incident. (Losing a week of work from an IT Pro ought to be a great starting place for 'downtime losses'!)
The other important point is that disasters aren't always disasters in the sense that we typically think of disasters, for example:
- an electrical surge caused [the] UPS to shut down, taking down [the] data center
- lost connectivity in [the] office for a week after a backhoe cut through the building's phone lines and fiber.
The survey results indicated that IT Pros believe the problem is lack of awareness or lack of concern with business management. Related to that is this closing thought... Deloitte just published a study of UK technology, media, and telecommunications companies and found that 88% "did not believe they were vulnerable to an external cyber threat."
Lawrence: Thanks for your views and for the SolarWinds disclosure. Hurricane Sandy knocked my home office, cell phone, broadband and power offline for 3 weeks. Now, multiply that by a few hundred thousand New Yorkers at the time...
... The best solution for me was to leave the blackout zone and get on the road. It's getting similar with IT. Best solution is to get your data replicated far, far away from your office. The restore? Now that's a deeper discussion...
-jp
