Académique Documents
Professionnel Documents
Culture Documents
BUSINESS CONTINUITY
AND
DISASTER RECOVERY
PRESENTED BY:
CARLO RODRIGUEZ
Executive Summary
Executive are becoming more involved in the planning of business continuity and disaster
recovery. Why is this? This is because statistics show that 93% that reported a lost of data for
ten or more days also filed for bankruptcy within a year, and another 60% lost their business
within six months (Velnte 2018). With this information, executives should bare the
responsibility of ensuring a business continuity and disaster plan is implemented ASAP.
Introduction
Most companies fail to take in to consideration what a Business Continuity(BC) and Disaster
Recovery (DR) plans are. BC/DC should be thoroughly planned by any business that wants to
survive a devastating event. A devastating event is one that has the potential to take a
company from being fully operational to not functioning at all. These events can be virus attack,
theft from inside company, or a natural disaster. The main focus of this research is to identify
what a BC and DR plan is and its importance.
The scope of this study is on business continuity and disaster recovery from businesses, not
consumers. However, the same methods should apply but on a lower scale. I researched this
topic by looking at articles online and collaborating with my peers on what a a good BC/DR plan
would be and why it’s important.
Disaster Recovery Plan: A disaster recovery plan (DRP) is a documented, structured approach
which includes how to respond to unplanned incidents
Both business continuity plans and Disaster Recovery plan should be designed and implemented
at the same time. Disaster recovery focuses on getting all the important components of your
infrastructure up and running after a major crisis. This should be the key elements that you need
to do business, not necessarily every part of your infrastructure.
Business continuity focuses on getting your company back to the stage it was at when it was
doing business. This is, in simple terms, getting back to production.
Why It’s Important
Once you become aware of how vulnerable IT systems can be, you will feel compelled to to
ensure your systems are backed up and you have a plan. It doesn’t matter if you keep your data
in a co-location or not, you need to make sure the data is safe.
IMPORTANCE OF BUSINESS CONTINUITY AND DISASTER RECOVERY
Figure 1 shows data center down-time’s cause and effect. Notice that UPS system failure is the
fastest causes of datacenter outages. However cyber crime is the catching up and on pace to be
the most disruptive (Bradford 2017).
93% that reported a lost of data for ten or more days also filed for bankruptcy within a year, and
another 60% lost their business within six months (Velente 2018). With these grave statistics, it
is imperative to come of with a plan to keep your business alive. It's even more grave for small
business that lose their operations. 40-60% of them likely lose their business forever.
Although the failure stats are high for those without a plan; those with a plan see far better
numbers.
96% of those with a plan are able to survive ransomware attacks (Chris 2018). Some would
think that it simply won't happen to them, but your odds are terribly against you. 50% of
companies reported that they experienced downtime in the past 5 years that lasted more than a
day. Knowing that the 96% of companies that have a BC/DR plan can survive, makes you think
more companies would implement this into their DNA.
Responsibility
IMPORTANCE OF BUSINESS CONTINUITY AND DISASTER RECOVERY
This process can be very daunting but lucky for any executive, there are plenty of vendors that
offer this as a service and your IT department knows how to do this. The main problem is the IT
department or vendor does not know your goals as far as what’s important to you. Importance
falls on the stateholders; the IT department must take this information and come with a solution.
Keep in mind, the more you want, the more expensive your solution will be.
First Steps: Establishing Recovery Point Objective and Recovery Time Objective
Example, let's say that your company does backups every day . Let’s Assume that your
company was hit by a virus that wiped out all of your systems and your systems were up and
running in 5 minutes. Great! But what if your data that you recovered from was from 5 days
ago? Not so Great! A Recovery Point Objective is an objective set by the stakeholders saying
“how many hours of data are we ok with losing?” In your plan, you need to establish what this
point is. If you say your RPO is 8 hours, then you need to be doing backups in 8 hour
increments so your at any given you can recover to a point in time 8 hours ago.
This is important to think about because the two objectives go hand in hand. And different
scenarios warrant a different realistic objective.
IMPORTANCE OF BUSINESS CONTINUITY AND DISASTER RECOVERY
For example, lets say your system went down at 12p from a virus attack, and you want to be up
and running at 12:01. Assuming that you have to recover from a backup because you have no
antidote to the virus, you have to ask, “where are we getting this clean data from at 12:01?”
If your RPO say it will do backups every 8 hours, you may restore instantly, but the backup will
be 8 hours ago,and you all lose 8 hours of work. If you, the stakeholder, is ok with that, then
fine. But some stakes holder think that the RPO should be inline with the RTO somewhat. So if
you have a RTO of 5 minutes, then shouldn't your clean data be at least 3 hours ago? Or
sooner. Why have an objective to restore extremely fast if you have to make up for 8 hours of
lost work?
Figure 2
Regardless of the decision, this is up to the stakeholders to relay to the vendor/IT department.
There are tools offered to calculate this cost but this is best done by those experts in the
profession. Datto, offers a great tool to get an understanding of what some cost might be to
implement a solution you want. You can use the online tool here http://tools.datto.com/rto/ .
Summary
In summary, a business continuity plan and disaster recovery plan if an important aspect of any
company that wants to survive a disastrous incident. You must remember that the responsibility
must fall on the stakeholders so they can identify their recovery time objectives and recovery
point objectives. Once this is doen, you can proceed in determining a solution that fits your
needs. The higher frequencies of backups and the faster recovery time will increase the cost of
your solution.
IMPORTANCE OF BUSINESS CONTINUITY AND DISASTER RECOVERY
Work Cited:
Allen, Chris. “21 Disaster Recovery Statistics That Will Shock Business Owners.” PhoenixNAP
Global IT Systems, PhoenixNAP Global IT Systems, 21 Nov. 2018,
phoenixnap.com/blog/disaster-recovery-statistics.
Kavur, Jennifer. “Symantec Releases Disaster-Recovery Statistics.” CIO, CIO, 6 July 2009,
www.cio.com/article/2426645/security0/symantec-releases-disaster-recovery-statistics.html.
Velente, Nancey. “Business Continuity and Disaster Recovery - Which Comes First?”
CIOReview, disaster-recovery.cioreview.com/cxoinsight/business-continuity-and-disaster-
recovery-which-comes-first-nid-26892-cid-106.html.
Charts:
RPO/RTO : https://www.cloudberrylab.com/resources/blog/recovery-time-objective-rto-
explained/