IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Your business continuity plan may be costing you
Thu, 10th Sep 2015
FYI, this story is more than a year old

An effective business continuity strategy can be challenging, due to an array of factors that have the potential to disrupt operations in a business.

According to CenturyLInk, it is important organisations have a business continuity plan in place because it mitigates the impact on a business when critical business functions are interrupted.

Business continuity encompasses three core elements: resilience in how business functions and infrastructure are designed, recovery to restore systems that fail, and contingency to cope with incidents and disasters that occur.

“Organisations that don't have a business continuity plan in place are at enormous risk of failure,” Stuart Mills, regional director, ANZ, CenturyLink, says. “The strategy they choose affects their downtime, which in turn impacts the bottom line and whether or not they remain in business.

By carefully identifying and implementing a mix of existing internally-managed infrastructure and outsourced technology with the help of a managed hybrid IT provider, Mills says enterprises can develop a company-wide business continuity strategy.

Mills says there are several ways business continuity can cost a business

Evaluating what service-level agreements (SLAs) really mean “Many organisations assume that if they have 99.999% uptime they're covered,” says Mills. “But in reality, true uptime is a little more complicated.

“Let's say business requires a 100% SLA for its data center. It assembles a variety of point-only SLA providers that guarantee the five 9s (99.999%) of expected availability for the server that sits in the data center.

“However, there is other infrastructure associated with a server too, like the IT backbone that connects the server to end users, or the managed network routers and switches that support the backbone and delivery of services,” he says.

“Most organisations assume these don't need the five 9s because the most mission-critical element is the actual data center.

“However, if the data center has five 9s, but the IT backbone has four 9s and the managed network routers and switches have three 9s, then the actual availability of an application called up by an end user is far less than the five 9s of the data center. “

Redundancy in the data center Mills says the fundamental challenge of business continuity is that it's all unknown. “How can you possibly foresee the outcome of an unidentified risk in a location you don't know at a time you can't predict,” he says.

“What you can do is put some hard thought into the planning behind your infrastructure.

“First, where is your data center? It's important to check whether it's in a location that's susceptible to natural disasters, such as a geological fault, cyclone zone, or flood plain.

“Next, make sure you have the right level of redundancy. The natural thinking is that the more you have, the safer you are.

Mills says too many data centers lead to data center sprawl, which can make it much harder to ensure that a business continuity plan is cohesive.

Refreshing and testing business continuity plans Business continuity isn't just about putting a plan in place; it's about putting a plan in place and then making sure it still meets the organisation's needs over time, Mills explains.

“If you're not thinking about business continuity as a continual process, then your strategy could be outdated,” he says.

“And if you're not building validation into your disaster recovery strategy, you're not nearly as protected as you think. “

Vendor assessment Mills saysconducting third-party vendor evaluations is a critical component of validating a business continuity plan.

“It starts when you sign up with a vendor, and it continues whenever you assess your strategy,” he says. “Ask questions and, every time you validate, ask these questions again.

“Conduct regular audits and pay special attention to the business continuity plans of your Software-as-a-Service (SaaS) and cloud providers,” Mills says. “If they're running operations in a data center that don't conform to standards, you're shouldering the risk.

Balancing cost “It can be hard to make a case for business continuity because the only real way to measure return on investment is after your systems have gone down,” Mills says. “Everyone says they want the five 9s, but the reality is that it's expensive.

“And at the end of the day, not every workload is absolutely mission-critical. An effective business continuity strategy balances cost and risk, and determines which workloads must operate continuously and which don't need to.

Human error “Humans make mistakes,” Mills says. “You may have a highly resilient data center from a technical perspective but if the appropriate operating procedures aren't in place, you may not meet your actual resiliency requirements.

Mills says organisations need to always verify that their vendors follow correct procedures.

“Actively seek out service providers with a demonstrated commitment to quality, which can be shown through certification through organisations like the Uptime Institute, Six Sigma and ISO.

“But true business resiliency isn't just about your data centers,” he says. “It also has to do with making sure your data isn't compromised.

“Employees often open the doors wide to data breach, whether it's a malicious act or because organisations either don't have security policies in place or don't enforce them,” Mills says.