DR as a Service: The Case for New Zealand Companies

Written by Antony Bridle, Director, Sempre

 

 

Why are most New Zealand companies surprisingly unprepared for a disaster?

Here are 2 things we know for sure. New Zealand is prone to natural disasters and data is the lifeblood of any business.

Most of us can remember seeing TV footage of people leaving damaged corporate buildings in Christchurch, not with stock under their arms, but with computers.

Yet most of our companies fail to prepare sufficiently for the impact of a natural disaster on their business. The problem is now compounded with more businesses suffering from insider threats and cyber attacks.

I think a fundamental cause is that many management teams do not appreciate the difference between data backups and disaster recovery. They think they are the same, when they are clearly not. They also assume that IT has it covered, when very often they don’t. IT will often have less confidence, but get overridden by management, usually on the basis of cost.

From the perspective of the IT group, it’s the common problem of limited resources and just too many competing priorities. There is no budget to hire and continuously train specialist staff and they are generally too busy with the job at hand, to dedicate the time to validating and testing backups and disaster recovery.

Companies get away with it day after day, which lulls everyone into a false sense of security, until “the day”, when the awful truth is revealed.

 

How to quickly determine if your current data protection measures are sufficient

There are a few steps you can take to quickly determine whether your current data protection measures are sufficient.

First, you can start a debate at board/management level to discuss the difference between a data backup and the replication of part or all of your IT environment, offsite. This debate will reveal the current level of management understanding. They will often by surprised to learn that while they may be “fully backed up”, they will still be “out of business” for several weeks.

Next, you need to review the documentation from the last quarter’s backup or DR tests. If this documentation is non-existent, then you can be fairly certain that your backup or DR strategy will not see you through the next disaster. If the documentation does exist, examine it carefully for any red flags. How long did it take to recover the data? What was the failure rate? Was remediation necessary? How many undocumented changes did you encounter in your IT environment?

 

Invoking the DR process

The 80:20 rule applies to successful DR. 80% of the success is dependent on your preparation before “zero hour” and only 20% dependent on what you do at “zero hour.”
When the time comes, the first decision is “should you invoke the DR Now?”

Sometimes this is obvious, like if the building is falling down. But sometimes it is not so obvious. Is it “just a power failure” or something more sinister? You need to establish a committee to take responsibility for making this decision, when the circumstances arise. Have you got one?
The second decision is “how should you invoke DR?”

DRs are complex. Trust me. The order in which you invoke the DR is critical. What order is the right order for you? It needs to be written down.

Does your organisation currently have a written policy? Can you physically locate the policy right now or in an emergency?

In an emergency, you’re inevitably going to need to call upon external suppliers for assistance. This is another example of the importance of the 80:20 rule. Not only do you need to know who to call and have all their contact information, but they also need to be expecting your call and prioritizing your requirements at a time when others could also be competing for their attention.

 

Why you should consider DR as a Service from Sempre

There are 4 reasons why you might want to consider DR as a Service from Sempre:

  1. Experience and Expertise
    Sempre are the New Zealand market leaders in data protection. We have over 120 years of combined experience in this field alone. We have been there at “zero hour” and we know what to do. We also have the economies of scale to hire specialist staff and keep their skills up to date.
  2. Systematic validation, testing and monitoring
    I can’t stress enough how important validation is when it comes to DR. If you contract Sempre to do your validation, we to do it and document it. This is rarely the case with internal IT. It’s either being done in your organisation or it is not. Most likely not.
  3. Proven technologies
    We use technologies that we know inside out and that have been “battle-tested”. We use DELL-EMC Avamar/NetWorker for backups, and Recover Point for DR. These technologies have been proven to perform in times of high stress, such as a natural or man-made disaster.
  4. Cost
    You simply cannot afford a business disaster, when a natural or man-made disaster strikes.
    Consider this statistic. 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident.

 

What to do next

The first step it to talk about it. I’d recommend that you set up a call with one of our technical consultants who can assess your DR strategy and discuss implementing an approach that will protect your business, when the next “big one” strikes.

Click here to Setup a Call