Disaster recovery not a sideline

May 2016 Security Services & Risk Management, Infrastructure

Organisations need to move away from treating business continuity and disaster recovery as isolated IT conversations. Unless businesses ensure they also take people and processes into account when planning for disasters, they run the risk of not surviving them.

This is the view of Sakkie Burger, managing executive at Business Connexion. “Most companies prioritise the need for restoring IT in the event of a system breakdown,” he says. “What they do not focus on, however, is what processes are in place to ensure the business can continue when automated or digital processes fail and specifically the role that employees have to play as they are ultimately the custodians of the processes that drive operations.

“It’s easy to, for example, provide a company with 10 seats to go and restore their IT systems and get them up and running again, but how do you accommodate a company with 100 employees that have just lost their premises in a disaster? This poses a different challenge and there are not many companies, providing disaster recovery in South Africa, that have the luxury of having that amount of space available waiting just to be occupied when there is a need for disaster recovery.”

Burger says that although most companies are going the route of digitisation, manual processes still have a fundamental role to play. “Take an airline, for example. If their electronic system for checking passengers onto the plane goes down, they have to have a manual back office process in place to perform this function. They cannot just ground the aircraft until the electronic system is restored. And herein lies the challenge: not many companies have these contingencies in place and they are putting themselves, their businesses and most important, their customers at risk.”

He adds that while many organisations have these failover processes in place, they either do not test them regularly enough or their testing practices are inadequate. “Many organisations have testing in place, but they perform a paper-based test. They see that there’s a manual process in place, the configur-ation is there and that it is documented, but that is where it ends. There is no actual testing from end-to-end by recovering on a piece of hardware and making sure it works, that the network is connected and that users can actually sign in and check the data,” says Burger.

“People tend to do disaster recovery tests to satisfy their auditors rather than making sure the business can continue to run in the event of a disaster.”

There are a number of challenges in adopting an adequate disaster recovery strategy. “The biggest challenge is the cost. You know you have to have it, but also that you might never need it,” he says. “The second challenge is distance. What distance is the correct distance for you to have a disaster recovery site, particularly when you take incidents that could affect a broader geographical area into account? Here connectivity also comes into play, because the further away your disaster recovery is from your main site, the more expensive network constituencies become.”

Burger believes that possibly one of the biggest risks companies face is that, while they have disaster recovery processes in place, they tend to set it up on equipment that has become redundant or obsolete. “In these cases companies have had to upgrade their equipment, so they use the new technology for their production line and then run their disaster recovery on the old machines. The challenge with this is that when they do need to do a recovery, they find that it’s not compatible or supported anymore, which means they are not capable of recovering core systems in reasonable timeframes.”

He adds that DR often does not get the attention it deserves because it is an expenditure that is not really productive. “That is why there is a trend to outsource their disaster recovery to a third party, where there is an agreement that they have to have the necessary equipment in place to ensure they can run your disaster recovery effectively and efficiently”.

Burger advises companies that are either relooking their disaster recovery strategy or implementing it for the first time, needs to ensure that they understand which of their applications are the most critical as a first step. “Some applications don’t need disaster recovery contingency and you can run your business without them. Interestingly though, between 5 and 7 years ago mail wasn’t deemed a high priority application. Today, that is deemed the first thing companies want to have recovered, because it has become mission critical to the running of their businesses. Times have certainly changed”

He adds that companies must also understand the technology that is involved. “You can’t just move a workload from a Unix platform to a Microsoft platform. You must ensure that the work breakdown structures and standard operating procedures and processes are documented, tested and updated at least twice a year. It’s easy to just write a process and file it away in a cupboard and do nothing further with it. It needs to be tested vigorously and on a regular basis. It is not just about testing it, it’s about change management and fixing problems as and when you are presented with them.”

Burger says that often change management is the biggest problem in disasters. “A disaster happens because something changed and a change request didn’t notify the disaster recovery process of this change. If your disaster recovery manual is not up to date, it could significantly increase the amount of time spent to fix the problem,” he concludes.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...
What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

Read more...
More than just a criminal record check
iFacts Security Services & Risk Management
When it comes to human-related risks, organisations and their most senior leaders focus on a narrow set of workforce risks, the potential risks that human workers pose to the business.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Read more...
Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Read more...
Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Read more...
Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Read more...
Access to data centre secured
Suprema Access Control & Identity Management Infrastructure
GBM required a modern access control system to increase the security of its facilities in a productive environment without affecting the operation of the offices and the data centre, which are carried out 24/7/365.

Read more...
Africa’s growth lies on shoulders of renewable energy
News & Events Infrastructure
The Africa Tech Festival from 13 to 16 November in Cape Town will unpack the challenges and discuss the pivotal role of sustainability & renewable energy in advancing technological development in Africa.

Read more...