All too frequently, fires, local flooding, and human error threaten computer systems, communications, and the ability of a business of any size to sustain continuous operations. Small and medium sized businesses, accustomed to protecting inventory or paper records, are expected to invest more in "resilience and backup" in 2008 according to cio-midmarket.com. "Most are on the edge where a couple of bad events could shut down business," says Gary Chen an analyst at YankeeGroup.
But before investing in some of the new backup and storage options, all businesses need to create a disaster recovery plan that encompasses the entire range of business risk in order to maintain their operations during a disaster or even through an outage lasting days. And companies with disaster recovery plans already in place need to test their plans as changes occur in their internal technology and human environments.
The time and effort involved in creating the plan can be reduced by using readily available disaster recovery templates or working with consultants, but the starting point for every company is a risk analysis, according to the Disaster Recovery Planning Forum, identifying and assessing the potential that the loss of business functions, processes, and records could have on the operation of the business.
When writing a disaster recovery plan, you can find recommendations on the Forum, including the following:
Identify and define the company's mission critical business processes and systems. Review them for vulnerabilities and identifying steps required for restoration and recovery.
Make sure data is backed up to secure and separate locations.
Evaluate various storage solutions including storage area networks, data replication systems, new virtualization systems, network attached storage devices, and managed storage.
Pay significant attention also to . . . telecommunications providers to ensure they have built diversity and redundancy into their networks and have well developed and tested contingency plans.
Members of the forum suggest that employees should be invested in the plan and fully informed about their responsibilities in a disaster. The disaster recovery plan should detail how business managers will communicate with their employees.
With the overload on cell phone communication that occurred during the September 11th, 2001 disaster in mind, some specialists are recommending options such as contracting with a third party service for backup e-mail domains or using text messaging services. Managers also need to consider the impact of staff using the more affordable smart phones that can support business functions. As these devices come into use, IT staff must set up procedures to secure data, according to Chen.
Implementing any plan will require selecting backup technology and storage and establishing procedures. Tape backup systems require that someone be able to physically remove them from a damaged office. Online options which have increased dramatically in recent years, including software packages available for small businesses, have the advantage of providing offsite storage as well as backup
Prices for online services are all over the map, so it pays to shop around. For example, two products recommended by PC Magazine are SOS online backup, which costs $74.50 per year for 1GB; $237 per year for 10GB, and Mozy Remote Backup, which costs only $39.95 a year for 20 GBs.
Third party services usually charge monthly rates for back up and storage of files and servers. Laura DuBois, an analyst at International Data Corp., believes many of these services are good enough in terms of general protections, according to internetnews.com. But the service provider should be a true partner to function well in disaster recovery.
Attila Kozma, president of Earth to Stars of Glendale, CA, the company offering ThetaBackup.com, suggested several tips to help business owners select an appropriate vendor internet news.com reports:
The transferred data need to be encrypted and compressed before transmission;
The online backup and data recovery practices of the online backup company should be verified to determine if they store SMB data securely;
Recovery times must be rapid;
On-site professional help should be available whenever requested at an affordable rate;
Open files should be backed up;
Many versions of files should be saved online, as opposed to only the last saved version; and
The online backup client software should verify the sent data for its correctness.
Iron Mountain Digital is the world's largest provider of data backup-recovery and archiving software as a service. Iron Mountain offers a range of services for small and medium sized businesses, the company's web site says. Peachtree Online Backup partners with Iron Mountain for PC backup. .
Disaster recovery infrastructures for small and medium businesses have become more affordable in the past year with disk-to-disk backup and server virtualization, techtarget.com reports. Other technologies that are available are storage networks and data deduplication technology, which automatically removes duplicate records. Microsoft, Intel Corp., and Advanced Micro Devices are building virtualization into their infrastructures and, "It's now relatively easy to implement for an SMB without huge depth of knowledge of virtualization," says Carmi Levy of Info-Tech Research Group Inc. in London, Ontario, according to cio-midmarket.com.
Testing the disaster recovery plan is critical. Access to the company's system should be restored and the data should be retrieved from off site storage. Changes to the IT environment can affect the recovery, so testing every six months or every year will be needed to ensure that the recovery plan functions in the current environment. Managers and staff should be fully involved in testing.