Hit or Myth: 5 Common Misconceptions About IT/disaster recovery

One definition of a myth is something you know for sure that happens to be untrue. Today we’re going to look at five commonly held myths about IT/disaster recovery. These are things many people believe in their bones but which are contradicted by the facts.

Related on MHA Consulting: 5 Myths of Contemporary Crisis Management

I was recently asked what are some of the most common myths that people are hanging onto in IT/disaster recovery right now. 

In thinking about it, I narrowed the criteria for selection down to three points:

  • The idea had to be widely held by rank-and-file IT/DR professionals.
  • The idea had to be untrue.
  • Belief in the false myth had to have the potential to have a serious negative impact on the organization.

After thinking about it for a day or two, I came up with five IT/DR myths that are commonly believed, incorrect, and potentially harmful.

IT/Disaster Recovery Myths

Are the following widely accepted IT/DR beliefs “hits” or “myths”? They’re all myths. 

Here’s the list:

1. If you can recover successfully during exercises, you have nothing to worry about.

Sometimes IT/DR exercises give a false sense of security. The conclusions that can be drawn from even a successful exercise can be limited. This is true, for example, if the exercise is narrow in scope, the organization performs the same exercise all the time, or extensive modifications are imposed on the environment to protect production (this is a necessity) or make sure the exercise succeeds. Exercises are like standardized tests for which you can study in advance. Real-life events are like pop quizzes. Just because you do well on a standardized test, it doesn’t mean you will excel at every pop quiz.

2. IT/DR is synonymous with data center recovery.

There are many other pieces to the puzzle than recovering the DC: laptops, phones, other equipment used at various locations. All of these devices can have issues. As an example, cyberattacks can strike any type of device, not just servers at the DC. IT/DR should protect and be capable of restoring the whole environment.

3. An IT/DR team that is good at day-to-day troubleshooting doesn’t need to bother with creating plans and conducting exercises.

This myth is based on a false assumption. The assumption is that day-to-day troubleshooting is essentially the same as—and provides adequate preparation for—dealing with a large-scale disaster. It isn’t, and it doesn’t. In day-to-day troubleshooting, it’s usually one component that goes down and needs restoring. In a disaster, multiple applications might need to be recovered. The degree of difficulty is many times greater.

4. You can extrapolate how long a full recovery will take based on how long it requires to restore a portion of the system in an exercise.

People often underestimate how long it will take to recover. They frequently make this mistake based on extrapolating how long it took them to recover a limited number of applications in an exercise. They’ll say, “I got 10 apps done in two hours, so I can do all 100 in less than 24.” But the more apps one has to recover, the more chances there are for significant issues and delays. Estimates of recovery time based on extrapolation from exercises are almost always overly optimistic.

5. It’s enough to know how to recover the most critically time-sensitive apps.

This myth is based on the false assumption that events and disasters will only last for a few hours or at most a couple of days. But disasters requiring major recovery can last weeks. It’s also erroneous to assume the organization can get by without the higher-tiered environments. Over time the lack of such apps can have a growing negative impact across the organization. For example, it might be easy to go without a data warehouse for a couple of days. Longer than that and the inability to access integrated data reports can begin having a significant impact on the ability to make operational and business decisions.

These are the five IT/disaster recovery myths I have been encountering most often in the field lately.

More Hits and Fewer Myths

The ideas laid out above are common beliefs that in many cases seem to have common sense behind them. But they are false. And all of these false beliefs have the potential to cause substantial impacts to an organization.

If you want your organization to be better protected—and your IT/DR program to have more “hits” and fewer “myths”—study the ideas described above and conduct yourself as though the opposite were true.

Further Reading

For more information on business continuity myths, IT/disaster recovery and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS:

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
tabletop exercisessample threat and risk assessment