Few small and medium sized businesses (SMEs) have formal plans to tackle a crisis, research carried out by Freeform Dynamics shows.
This article considers the current status of disaster recovery (DR) in small and mid-size businesses (SMEs) and highlights a few simple steps every organisation can take to ensure it is better able to address such challenges.
Over the past 10 years, IT-based systems have become ever more deeply embedded in the processes of many small organisations, often running applications and services essential for the business to operate effectively.
The importance of such systems is easy to overlook, as the uses to which they are placed have often grown stepwise over long periods of time. Unfortunately, this can also mean that the protection they receive may not have been re-visited for many years.
A glance at the chart on the right illustrates the current situation with regard to "formal" DR planning to deal with incidents experienced by the organisation as a whole or by IT systems in particular.
This does not mean that the SMEs surveyed, and by inference their peers in the wider business community, are not ready to tackle recovery of operations. In fact it is clear that a majority of SMEs do have some notions of how to handle emergencies.
The vast majority of those surveyed depend on the use of back-up to tape solutions that have long been the backbone of IT recovery processes. With the exception of back-up and recovery using disks rather than tape, very few disaster recovery solutions developed in recent years have gained much traction at all in organisations within the size band surveyed (50 to 1,000 employees).
This is despite the fact that significant numbers report having major reservations concerning the robustness, reliability and speed of the "traditional" back-up and recovery systems and processes on which they depend.
Modern disaster recovery solutions
In fact, when questioned more deeply on "modern" DR solutions – such as data replication, point in time snapshots, continuous data protection (CDP) solutions, remote business continuity systems, managed DR services, recovery to hosted and/or cloud systems, etc – very few SMEs have much experience or knowledge of what is available.
A significant number of those surveyed considered such modern solutions to be either unsuited to their requirements, too expensive for them to use, or too complicated for them to manage effectively.
This last point is important as it illustrates that the suppliers of data protection and disaster recovery solutions have much work to do in educating huge numbers of SMEs on the suitability of solutions for their organisations. Equally, those looking after IT systems in SMEs would do well to take a look at some of the tools and techniques available to address the shortcomings they acknowledge exist in their current approaches to DR.
For example, even virtualisation of x86 servers, which can ease and speed both the recovery and DR testing process, has only been embraced by around half of SMEs, despite the remarkable coverage it has enjoyed in recent years.
The research highlighted seven key enablers that were more common among SMEs which are particularly confident in their ability to recover from IT disasters and interruptions compared with their peers. None of the enablers should be beyond the reach of the vast majority of SMEs' IT departments, even if they consist of one person.
The starting point is often going to be putting in place a plan to cover the DR situations that are most likely to be encountered. Clearly this requires time more than budget, so it is something most IT professionals will be able to get into without seeking explicit funding.
From there, there are likely to be areas that the planning will show need to be addressed, which may require some form of investment, although the sums involved may not be large.
Having said this, it is clear that some disaster recovery enablers will already be on the IT agenda to service other needs. For example, using disks as back-up targets rather than tape is already growing rapidly in SMEs for reasons of operational efficiency.
Equally, significant numbers of organisations already employ some form of hosted services, perhaps running their e-mail systems, collaboration services or web presence, and some of the suppliers of these services may be able to extend data protection offerings.
Where more significant investment and effort is likely to be required, again needs other than DR can be served. With this in mind we would particularly highlight that making more use of virtualisation, that may require the allocation of explicit budget and resource, holds the potential to raise availability, improve responsiveness to new business requirements, and drive down overall operational costs.
IT professionals in SMEs have a lot to do keeping their systems operational even when things are going well. Following some of the principals identified here has the potential to make it more straightforward for them to be ready to recover systems quickly if things go disastrously wrong.
Tony Lock is programme Director of Freeform Dynamics.
The research referred to in this article was conducted independently by Freeform Dynamics under the Community Research Programme. A full report entitled “Enabling Rapid and Effective IT Recovery” is available for download here.