As we begin a new year, many will review where they would like to improve or change. Fitness clubs will be full and we will try to eat better in January. And then the clubs will be back to normal, and I will be eating ice cream and cookies for dessert in February. As we look at our business continuity and disaster recovery programs, what areas need improvement or change? As you consider those areas, there are some trends and items we see for 2017. We hope this list will assist in your program and recovery planning.
- Manual Workarounds Are Not Viable – Business processes are highly dependent on data and IT services. Hardcopies of information or reports are either not available or not usable. The high volume of transactions limits the ability to handle or support the process manually. The lean nature of organizations means there are not enough people to perform manual tasks. We have reduced the workforce due to the efficiencies IT services provide.
- Shorter Recovery Time and Recovery Point Objectives (RTO/RPO) – See #1 above. Due to the lack of manual workarounds, functionality stops until systems are available. Also, the volume of and dependence on data leads to the shortening of RPO requirements. More and more, there is no way to recreate lost data, especially for online or customer service type functions.
- Alternate Data Center/Colocation – This remains an important part of a disaster recovery strategy. However, it no longer needs to be the entire solution – cloud and third party (SaaS) solutions have reduced the capacity requirement. Given the importance of legacy systems, it is unlikely that all types of colo or alternate locations will be completely removed, but the size and cost can often be reduced. We see these options being used for both highly critical and for less important systems and applications. Think of high availability needs and reporting, or longer recovery time systems based on physical hardware that cannot be virtualized.
- Cloud for Disaster Recovery – This is now used in many organizations; however, it is not as widely adopted as had been predicted. It is a viable solution for many organizations, but the legacy systems in place, or the remaining physical infrastructure, will make for a more complex implementation. We see this as a part of an overall recovery strategy and not a replacement for an alternate data center.
- Virtualization – This is one of the single greatest improvements realized by our industry. The use of this technology is now found in the majority of the computing environments. It reduces the data center footprint and provides for more recovery options than internally performed options, based on replication and automated recovery tools provided by vendor or third parties. Virtualization lessens the need for lengthy recovery plans, shortens recovery times dramatically, and most importantly, permits repeated, successful recoveries.
- Data Replication – Due to the decrease in RTO and RPO requirements, data replication for both highly available and even backup/restore solutions is the most viable solution. Very few organizations rely on tape (except for archival purposes). Data replication is often a cheaper and more efficient solution, even if its speed for recovery is currently not required. Being ahead of the need can provide many benefits.
- Increasing Dependence on Third-Party Providers – This may be a trend that will continue for several years. Organizations are moving non-critical and/or non-core competency functions to third parties. This can be both Software as a Service (SaaS), such as CRM and email, or outsourced solutions, such as payroll or customer service. Another significant type of third party provider is infrastructure as a service (IaaS) – providers used for development environments, web hosting, or even production needs. The use of these providers helps to reduce internal disaster recovery needs, but adds issues in that potentially critical processing may be running outside an organization’s control and the only contractual restitution for missed SLAs is a bill credit.
Along with these trends, we see a need for an overall DR program ensuring all the components are in place including documentation, testing, and integration between the Business Continuity team and non-IT departments to ensure the requirements and current capacities are understood. While the need has not changed, the tools and strategies are different from even five years ago. We look forward to a successful 2017.