James Muir, CodeBlue’s Auckland Sales Manager shares his thoughts on our recommended approach towards Business Continuity & Disaster Recovery.

“At CodeBlue, we help SMB’s with their Disaster Recovery (DR) and Business Continuity (BC) planning. Over the years we’ve helped our clients continue to operate through events such as earthquakes and fires. The last couple of years have brought challenges on a new scale, with Kiwi SMB’s grappling with the pandemic and lockdowns. I’ve put together some thoughts on BC & DR for SMB’s, including some common pitfalls to watch out for and an outline of our recommend approach.”

Common Pitfalls to Watch Out For

Remote access strategy is not well-thought through or fully tested.

How did your business fare during the lockdowns, when large portions of your workforce were suddenly required to work from home? Now with the pandemic behind us, hybrid work remains its legacy.  Are you confident your team is now fully enabled to work remotely?  Most businesses typically have several methods of remote access in place, for example, VPN, Citrix or Remote Desktop. Some or all applications being cloud hosted. Ensure remote access solutions aren’t just an afterthought.

Not fully testing server failover scenarios or failing to test at all.

Full end-to-end DR testing is important as it uncovers all sorts of weird and issues that you may never have otherwise thought of. It also tests all the little interdependencies and other technical things that tie everything together. At CodeBlue, we usually take a pragmatic, staged approach to this, as comprehensive testing requires investment and can involve risk.

Overlooking cloud hosted applications or making assumptions about their uptime and backup SLA’s.

We find a common misconception that cloud services such as Microsoft Azure and Office 365, for example, will ‘never go down’. While these services have excellent SLA’s and a prolonged outage is unlikely, it is important to consider what would happen if one should occur, and plan accordingly.

Not reviewing, testing and regularly updating the DR, and wider BCP plan to account for changes in the business.

I usually recommend an annual DR and BCP review. This takes into account changes in staffing (increase in number of users), the deployment of a new application across the business, or the deployment of new server and network infrastructure, or end user devices.

How to Prepare – Our Approach

Understand your business processes.

Identify all key business processes, and the applications and systems that support these. Then work on a per application basis – it is not a one size fits all approach when it comes to DR.

Work out your acceptable downtime and data loss.

Define these on a per application basis. What is appropriate in terms of protection and investment in DR for your key ERP application is unlikely appropriate for an application that is a ‘nice to have’, such as a meeting room booking system.

Consider the alternatives.

Cloud hosting such as Infrastructure-as-a-Service (IaaS) & Software-as-a-Service (SaaS) can play a role, as well as potentially also insurance. For the average SMB these options may be more economical than trying to build a robust, gold-plated DR solution from scratch.

Implement a documented DR plan, which forms part of your wider BCP plan.

Revisit it regularly and keep it up-to-date!

Most importantly – test, then test again!

This verifies things will work as expected under various scenarios, uncovers potential issues and ensures the relevant staff understand what to do in the event of a disaster.

I’D LIKE TO KNOW MORE ABOUT CODEBLUE