printer friendly version

Understanding business continuity

The endemic lack of understanding of what constitutes proper business continuity and disaster recovery is putting entire industries in South Africa at risk, says James Beaumont, CEO at iSquared.

“Many companies confuse equipment – such as tape backup devices – with business continuity (BC), without understanding the real business requirements of BC. And when disaster strikes, they are woefully unprepared; often with crippling consequences.”

A recent survey of 250 local IT professionals commissioned by EMC highlighted a lack of understanding of business continuity. 74% of those surveyed are not very confident they can fully recover from a disaster, with 52% saying they had suffered from lost data or system downtime in the past year, and 38% reporting a loss of revenue as a consequence. Worryingly, 39% reported an increase in spending on backup and recovery following a recent disruption, bringing the confusion over the respective roles of backup, archiving and business continuity into stark relief.

Beaumont puts it into context: “Backup is when a user works on a file, spills his coffee on the console and the file becomes corrupted. He needs to go back to an earlier version of the file – a backup.

“Archiving is chiefly a compliance issue. SARS, the Financial Services Board, FAIS, and legislation such as POPI, all require some form of regulatory compliance relating to specific aspects of data storage. For example, companies in the health and safety industries need to store data for an infinite period of time. This data needs to live somewhere; hence, archiving.”

Business continuity, however, is more complex and far more business-critical. “If I’m a factory owner running a manufacturing resource planning and enterprise resource planning system and the system fails, my factory stops functioning. You need business and IT systems custom-built, designed and tested to fully restore your operations; this is business continuity.”

According to Beaumont, companies need to start by determining two things: how much data they can afford to lose in case of a disaster – the recovery point objective (RPO) – and how long they can take before they’re up and running again – the recovery time objective (RTO).

“Some companies will lose R10m per day if they’re down; others might lose tens of millions per hour. In these cases, the RPO and RTO will be very low. For a financial services client running a trading platform, the cost of not being able to effect a trade due to interruption of services could amount to billions of rands. In this case, the RPO is 0.”

New technology does allow companies to meet these low RPOs with less complexity and lower cost than before. Faster and lower cost bandwidth, accessibility of fibre in the last mile, and the advent of virtualisation technology and cloud-based services all form part of modern, world-class business continuity solutions. However, many companies are still stuck using antiquated technology.

The same EMC report showed that 44% of respondents still use backup tape to recover from a disaster, but that 82% would like to move away from tape altogether. Beaumont says that the audit firms are perpetuating this lack of understanding of proper business continuity by making physical tape backups a key requirement for an unqualified audit.

“On the one hand it forces companies to use unsuitable solutions for their disaster recovery needs. More alarmingly, however, is that many IT professionals are lulled into a false sense of security that tape backups will fulfil their business continuity needs. We need a radical shift in how business continuity is seen in a broader business context if we want to build truly effective and robust solutions that will meet the stringent demands of today’s business environment.”

Share this article:

Further reading: