Modern business is hard to imagine without information technology. It is a powerful economic driver yet at the same time a source of risk. The business processes' continuity directly depends on IT services. Their failure could lead to downtime, financial losses, reputation risks, and in the worst-case scenario, even shutter a business. In the article, we observe the ways to ensure information security and business continuity.
Why are BC/DR important?
With so many companies today offering cloud services, having a reliable IT infrastructure matters more than ever. The more business depends on IT, the greater the need for business continuity. This is true for banks and other financial organizations, telecommunications companies, retail, and e-commerce, etc.
According to Gartner's research, the average cost of IT downtime is $5,600 per minute. Depending upon the size of an organization, the real hourly cost of downtime can range between $140,000 and $540,000.
The degree of risk is determined by the consequences of a failure in IT services. For example, for banks, even a short interruption in business is associated with huge financial losses. Suppose an incident occurred in an airline company? In this case not only money would be at risk – there would be a danger to people's lives.
Business continuity (BC) and disaster recovery (DR) plans are closely related practices that help companies to remain operational after an incident such as natural disasters, power outages, and cyberattacks. While these terms are sometimes used interchangeably, they represent two different ways that businesses can respond to disruptive events.
What is the Business Continuity Plan (BCP)?
A business continuity plan is the set of actions that a company undertakes in the event of a disaster. Having a good BCP will keep your business operating during a crisis.
The main components of BCP are as follows:
- Incident Management. This is an operational level. It involves complex internal and external incidents management of high and medium probability such as fraud, human error, equipment failure. The task of incident management is a restoration of minimum functionality in the shortest time possible; it is also the timely identification and classification of incidents.
- Business continuity & disaster recovery management. This is the tactical level. In fact, at this level, you review the processes, prioritize, assess the potential damage, and take measures to prevent them.
- Crisis & emergency management. Describes how to activate plans during a crisis, and make prompt decisions before the end of an emergency.
- Business recovery. Returning to normal operations, the fulfillment of tasks that were postponed during the crisis. Compensation of losses, analysis concerning what happened, preventive measures.
What is a Disaster Recovery Plan (DRP)?
DRP is a plan for disaster recovery with a description of actions to restore infrastructure. DR is a piece of business continuity planning. It is more reactive and involves the specific steps an organization must take to recover operations after an incident. Disaster recovery actions occur after an incident, and response times can range from a few seconds to several days.
Having both plans in place will help your business stay protected in the event of an unexpected interruption.
Disaster Recovery-as-a-service is backing up and restoring IT infrastructure in the cloud. Cloud provider provides a backup site, where customers back up their information systems. And, in the event of a failure or disaster, they can quickly recover it with minimal time loss.
One of the key indicators of the disaster recovery processes is RPO (Recovery Point Objective). It reflects the maximum amount of time in which data can be lost as a result of an incident. For example, if the RPO is thirty minutes, then only what has been done in the last thirty minutes cannot be recovered. Anything that was done before that can be recovered.
The RPO (recovery point objective) is the maximum period the data can be lost due to an incident. For example, you defined the RPO for an information system to be 1 hour. This means that the system will be recovered, but it will lose the last hour of data. This number indicates, how often to back up the system, and what technologies to use to keep this number.
Cloud4Y customers can take advantage of several Disaster Recovery scenarios. They can reserve their virtual IT infrastructure in the cloud or organize both main and backup sites in the cloud based on geographically distributed data centers. Disaster Recovery service is implemented using VMware vCloud Availability solution.
How do a BCP and DRP differ?
Initially, these two plans look similar. The difference lies in when you put each plan into action. A business continuity plan is what you follow to keep your business functioning during problems. A disaster recovery plan is what happens after a crisis when you need to get your business back to normal.