Why Companies Need A Next-Gen Approach To Business Continuity

During the pandemic, many organisations embraced a hybrid environment, allowing employees to work from home or anywhere else. On top of this, many have adopted or are now implementing infrastructure-modernisation initiatives and digital-transformation programs.

These significant changes bring various challenges, including increased complexity, potential vulnerabilities, and the burning question of how to keep operations running smoothly during a natural, hardware, human or cyber disaster.

To solve those challenges, IT teams must reevaluate their approach to business continuity. The IT metrics to measure business continuity remain the same: uptime, the availability of data and apps, and backup and recovery. But the widespread transition to remote work and digital technologies demands a new approach to business continuity that acknowledges IT's growing responsibility to enable a hybrid workplace and keep all digital systems up and always running.

This approach applies to every company that relies on technology to do business. For example, the French restaurant down the street that uses cloud-based software allows customers to order and pay on their phones. If there is a disruption, if customers place orders that don't go through, the restaurant loses not only the orders but the trust of those customers.

For every connected company, continuity is now an absolute requirement, whether that company is in the business of high tech or haute cuisine.

As they get increasingly digital, there is greater pressure than ever on organizations to achieve 24/7 uptime. An independent global study commissioned by Arcserve showed that 83% of IT decision-makers believe 12 hours is the maximum acceptable downtime for critical systems before a measurable negative impact on business.
And, for many businesses, even this is too long. Indeed, according to a 2021 study from IBM, just one hour of downtime for a single server can cost firms $100,000. So, for an organization with 1,000 servers, that comes to $10 million per hour.

To minimise downtime, today's organisations must take a next-gen approach to business continuity. Here's how they can do it.

Create A Plan

Every organisation should have a business continuity plan. It is a step-by-step plan that will guide your response to a disruption, a time when speed and clear thinking are of the essence. Your plan should encompass any contingency - natural disaster, electrical outage, or cyber attack - so you can address the cause, minimise downtime, and control damage to your revenue and reputation.

Your plan should be comprehensive. It should list the resources needed in a crisis, such as data backups and storage locations. It should also include workers' steps to properly alert company leaders, maintain customer communication, and sustain productivity.

Companies should test the plan regularly to ensure it will work when needed. Testing will help you identify and address weak points before being exposed to a crisis. With a robust and regularly tested plan, you can move forward with confidence that you'll be able to safeguard your data and restore it if necessary when a cyberattack or natural disaster strikes.

Make Data Backups Front Of Mind

Most companies will suffer a data-loss event at some point. In the recent survey commissioned by Arcserve, 74% of midsize companies said they had experienced data loss in the past five years, and 52% of respondents said they could not recover all their data after a loss.

Businesses should adopt a 3-2-1-1 data-backup strategy to prevent data loss. It means three backup copies of your data on two different media (disk and tape, for example), with one copy stored offsite for disaster recovery. The final 1 is immutable backup storage. Immutable backups are the key to successful disaster recovery and business continuity. They convert your data to a write once, read many times format that can't be altered, deleted, or encrypted.

Establish Your RPO And RTO  

A solid business continuity plan should also include recovery point objectives (RPO) and recovery time objectives (RTO), along with steps to achieve them.

RPO is the amount of data your business can tolerate losing in a disruption before the company experiences serious harm. It's the benchmark you use to decide how often you should back up your data and determine the infrastructure you need to enable that backup schedule. Companies can set different RPOs for different functions of the business. For example, dynamic files like financial transactions need a short RPO. Due to the number of variables involved, the recreation of such files is often not possible if they're lost. Static files like employee records can have a longer RPO.

RTO is the maximum amount of time after a disruption before your operations should be up and running normally again. Once you've established your RTO, you can make informed decisions about your data resilience plan. So, if you decide that your organisation can tolerate only one hour of downtime, you'll know you need to build a recovery program that enables you to be back up and running within an hour.

Final Takeaway

In the old days, companies waited for disruptions to occur, and if they did, they learned, adjusted, and moved on. Nowadays, with the threat of disruptions frequent and the damage done by data loss potentially fatal, companies need a next-gen approach to business continuity.

They need a solid and regularly tested plan. Organisations with such a plan will withstand the threats coming at them fast and furious, from natural disasters to cyber attacks. Organisations that don't have such a plan will find themselves in the rearview mirror.

Florian Malecki is Executive Vice President of Marketing at Arcserve

You Might Also Read: 

Containers Are Temporary, But Container Data Is Not:

 

« Securing The Future Of Open Finance
Lessons From The Cyber Front Line »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

PT Prima Cyber Solusi

PT Prima Cyber Solusi

PT Prima Cyber Solusi is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

SafeBase

SafeBase

Safebase provide the infrastructure for Trust Communication. Our Trust Center enables Security and Sales teams to share and automate access to security, compliance, and privacy information.