Thriving in the Face of Disasters

By Stephen E. Flynn, Ph.D., Founding Director,...

Thriving in the Face of Disasters

Critical Infrastructure Cyber Protection: Stronger Deterrence Helps but Isolation and Mitigation are Essential

By Bruce J. Heiman, Partner - Public Policy and...

Critical Infrastructure Cyber...

Policy Administration Automation

By Chris Madsen, Head of Global Underwriting...

Policy Administration Automation

How AI is Transforming Healthcare

By David Hogan, Sr. Director Enterprise, NVIDIA

How AI is Transforming Healthcare

Silence is Not Golden

By Michael R. Galin, Director - Risk Management, Telus

Silence is Not GoldenMichael R. Galin, Director - Risk Management, Telus

Full disclosure–I am not a DR expert. However, I have practiced risk management and business continuity in large organizations for over 20 years, including the management of DR functions. In that time I have seen some very effective DR programs run by some exceptionally competent DR professionals. I have also seen some very competent DR professionals struggle to manage in some very challenging environments.

These are some of the reoccurring themes behind those challenges.

1. The Wrong People are Making Risk Acceptance Decisions

When it comes to IT Disaster Recovery (DR) decisions, start by asking one simple question–“Who’s risk is it anyway?”. Risk acceptance decisions need to be made by the appropriate risk owners within the business. Yet, all too often it is the IT people alone making decisions about DR solutions, investments, and priorities.

The results of a business impact analysis or some other form of objective analysis should be the basis for DR decisions

2. Too Much is Recovered Too Soon

Business IT exists only to support business processes, so your IT recovery must be tied to business objectives and support the business recovery. The recovery time objectives of the business processes should be used to determine what gets recovered and when. Too much is invested in the speedy recovery of things that could wait if the business had done some effective business continuity planning.

3. Lack of Objective Data to Support DR Decisions

I have asked many DR Managers how they decide which applications, systems, databases, etc., to protect and recover. The answer is often, “We just know”. Perhaps they do, but, “We just know” is an opinion. Good luck getting funding based solely on an opinion not backed by data. The results of a business impact analysis or some other form of objective analysis should be the basis for DR decisions.

4. The IT Department Doesn’t Fully Understand How (and Why) The Business Uses its Services

What they use may not be as important as how and why they use it. People may tell you that they need “email” recovered immediately, but you actually need to know how email is used.

If they simply need to communicate non-restricted information about who is where and what they are doing, maybe they could use Gmail, text messaging, or another free service as a backup strategy while the regular email platform is restored over a longer (more affordable) timeframe. Also, if they lose their PCs, laptops, or mobile devices, you need to know if you can replace them with basic machines containing the standard corporate image, as opposed to custom setups with licensing considerations or longer lead times.

5. Lack of Policy to Drive DR Objectives

DR decisions are often made in isolation. That is to say they are made on a case-by-case basis, without a policy to govern consistent, standardized support levels. DR targets and objectives should be predetermined so that support levels can be measured against an agreed-to standard.

6. The Business Assumes a Much Quicker it Recovery than is Actually Possible

For whatever reasons, many leaders in your organization probably assume that “everything” will be up and running within 24 to 72 hours of any disruption, including in a smoking-hole scenario. The business is likely unaware of the deltas between what they need for recovery and what is actually possible. In some organizations that is the elephant in the room that nobody wants to talk about. Start the conversation.

What's Needed to Bring More Digital Retailing Solutions to Life

By Jennifer "Jenn" Reid, Vice President -...

What's Needed to Bring More Digital...

Build a Cyber Security Ecosystem to Reduce Risk in the Public Sector

By Jonathan Behnke, CIO, City of San Diego

Build a Cyber Security Ecosystem to...

Challenges with Fire & Airflow Containment in Mission-Critical Facilities: Data Center Focus

By Chris Kusel, CFPS, CDT, Director of...

Challenges with Fire & Airflow...

Alternative Ways of Approaching Incident Command System

By Jeffrey Potter, SVP, Chief Technology Officer,...

Alternative Ways of Approaching...

follow on linkedin follow on twitter Copyright © 2019 All Rights Reserved | Privacy Policy