Tag Archives: Business Continuity

Business Continuity2017 will see greater demand for security products than ever before. Backup and recovery are predicted to be big business for security channel partners!

Security predictions for 2017 are coming thick and fast – and there’s little for businesses to be cheery about.

“A major bank will fall as a result of cyber-attack,” the BBC relates in this article, whilst, at the other end of the scale, a solicitor has found itself embroiled in an email fraud scam that has, to date, left a homeowner £67,000 out of pocket.

But it’s perhaps ransomware, explored in a previous post, that will see the most noticeable growth in 2017, and it’s a major factor driving businesses’ and security partners’ interest in business continuity solutions like backup and recovery.

After all, if a business can reinstate critical backed-up data at will, ransomware loses much of its bite, and therefore its attractiveness to those who perpetrate it!

So what does an effective business continuity solution look like?

Business continuity solutions – what to look for

True business continuity is about more than just security applications – there’s a whole host of cultural and organisational requirements too, as this basic guide from CSO Online explains.

But from the solutions point of view, business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery.

Two metrics are critical, here: Recovery Point Objective (RPO) and Recovery Time Objective (RTO).

The former dictates how much data a business could afford to lose before it caused any real and lasting damage – and therefore reflects considerations like how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.

The latter dictates how rapidly that backed-up data can not only be accessed (hint: off-site tapes just don’t cut it any more!) but actually redeployed in a form that the business’s hungry systems can once again get to work on – not just files and folders, but settings, too - to get the business back on its feet post-incident.

Between them, these two metrics hinge on a host of solution capabilities that can be problematic.

For example, one oft-cited issue is that when backup and recovery data is being streamed back into a stricken business, the data can’t be accessed or used until the recovery process is complete – and that can take many precious hours, days, or even longer. Unhelpful.

Reliance on recovery via hardware is also a sticking point, since it may be impaired by the very hack that caused the data incident in the first place (ransomware is a very good example of this!)

What’s the appetite for business continuity solutions in 2017?

Nonetheless, business continuity has been a problem crying out for a solution for a long time before 2017; ransomware has simply put an especially shrill edge on it!

Scary statistics abound; did you know, for example, that according to a study by Onyx Group, 71% of UK SMEs only ever manage to back up part of their data?

Or that 75% of SMBs have no disaster recovery plans in place at all?

But even more terrifying, when considered in the light of the ransomware issue, is that, according to one estimate, 58% of small businesses could not withstand any amount of data loss whatsoever!

Think about that for a moment. It means the hackers’ job is made much, much easier. Even holding the slightest amount of a business’s data to ransom could easily provoke a payout. Minimum effort, maximum return – which means more hackers getting involved in this kind of activity in the future, of course!

Not for nothing is the Business Continuity Institute’s agenda focused “overwhelmingly” on cyber-resilience in 2017.

(And in case you’re wondering, the disaster recovery-as-a-service market, in which backup will play a key role, is estimated to be worth $11.11 billion - £8.83 billion - by 2021. Ripe for the picking!)

Where can I check out the latest business continuity solutions?

Clearly, what we’ve said above also means that the competitive landscape for security partners in this space is going to become challenging.

But for an insight into how one backup and recovery solution is evolving to deliver both strengthened protection to end-users and a more compelling proposition to the security partners who sell to them, take a look at this data backup and recovery features update.

And keep watching this series of blogs – we’ll be looking at a whole range of security solutions for 2017, covering email, web, cloud, data centre, and Office 365.

Why Backup is not Business ContinuityBusiness runs on data, but how many businesses have acted to actually protect their lifeblood if and when disaster strikes?

Only about 35% of businesses have data backup in place, and at the SMB end of the market, some 75% of SMBs have no disaster recovery plan at all.

This is playing with fire. According to this article, 58% of small businesses couldn’t withstand any amount of data loss whatsoever.

It’s a revealing statistic, because it hints that the challenge is not only in backing up the data somewhere safe, but also in reinstating it to enable the business to “withstand” the outage, and get the wheels turning again.

That, in a nutshell, is the difference between data backup and disaster recovery (often termed, somewhat loosely, business continuity, as I’ll explain later) – and here’s what SMBs should be focusing on to get their data disaster ducks in a row!

Speccing the Backup Process: Recovery Point Objective (RPO)

How much data can an SMB afford to lose before it starts to damage their business?

This is the critical question SMBs need to answer, because it is this RPO (Recovery Point Objective) calculation, explained in more detail here, that informs all elements of the data backup process.

How often do backups need to be performed? (Every hour? Every minute?) What volumes and formats of data need to be involved, and what kind of data backup system or service partner can achieve this?

Evidence suggests this is where smaller businesses really struggle, as 71% of UK SMBs, according to research from Onyx Group in this article, only manage to back up part of their data.

It seems that limited bandwidth, mixed IT environments (Windows/Unix/Linux) and disparate file formats conspire to reduce the scope of the RPO, and so dilute its effectiveness as a measure of true backup capability.

The value of the RPO is also diminished by the realities of where the data is being backed up to.

Locally? The fire that took out the core systems just took out the backups, too!

The cloud? Data backup is just as vulnerable to the potential limitations of the cloud as any other service is. How will the data centre be powered in the event of its own outage, and for how long? Is it covered by EU data regulations, and certified to industry-recognised standards like ISO 9001 and ISO 27001? And how secure are the data centres it “mirrors” to, to back up the backups?

Tape? Inherently RPO-unfriendly (you can’t very well create and send off a new tape every hour!), it is also cumbersome and expensive, often funded by an insurance policy and requiring a full-time employee just to manage it. (Read this article, written by one SMB owner, explaining how he improved his disaster recovery capability by getting away from tape!)

The process of deciding on the RPO can expose far greater backup shortfall than the SMB has thus far been forced to confront!

Getting back to business: Recovery Time Objective (RTO)

But the most demanding RPO in the world will only ever address one side of the business continuity equation – the need to back the data up.

The other, equally crucial side of the equation is being able to get to that backed-up data, reinstate it into the organisation, and rapidly rebuild any of the infrastructure that is needed to make it work.

The speed with which this can be achieved is called the Recovery Time Objective (RTO), and is usually set by working backwards from how much a data loss would cost the company (by adding up the average per-hour wage and overheads of the employees who need to work with the data, and the per-hour revenue).

Hardware, physical media and software issues can all mess with the RTO. Imagine you’re an SMB, and all your data is backed up to a physical tape at an offsite location somewhere, that has to be manually shipped back to you before you can reinstate it. #RTOfail

Or imagine you’ve successfully saved all your critical files to your backup service, but you haven’t saved any system images – so the accompanying settings and system data that you need to make the files quickly work again are missing. #RTOfail

Or imagine you’re doing all your backup locally and the hardware that does the backup breaks down, so you first have to repair or replace the machine(s) before you can get to the data – if indeed you then can at all! #RTOfail

What’s emerging here is that no one approach necessarily delivers maximally RTO-friendly use of backed-up data. Instead, a combined strategy can often work better, to minimise the risk in each component of the approach, and deliver:

  • Local, image-based backup that is complete and rapid to recover
  • Rapid replication to and from the cloud through bandwidth-efficient streaming that only transmits changes, not entire datasets
  • Instant local and cloud virtualisation, to vastly reduce the risk posed by fault-prone hardware and cumbersome, inaccessible physical media.

SMB backup and recovery budgets are often meagre. So when the chips are down, the data’s gone, and it’s time to pull business continuity out of thin air, the ability to recover, say, a 70Gb SQL server in a few seconds flat, in return for a modest monthly fee, is a big shout in favour of the cloud.

Summary: Disaster Recovery vs. Business Continuity

Of course, it’s not just using the right tools to meet the commitments of RPO and RTO that will help ensure business continuity. It takes a much longer-term view than that, embracing succession planning, recruitment, supply chain management, and a whole host of human skills to which technology is only peripheral, as this piece explains.

But the facts stand. Backing up data “somewhere safe” is useless unless it’s achieved at sufficient frequency, with sufficient comprehensiveness (system images and data formats), sufficient ease and speed of reinstatement, and with a high degree of freedom from the weaknesses of hardware and physical media dependencies.

There’s a marketable SMB cloud solution in there, somewhere…