4 Disaster Recovery Tips For SMBs

  /     /     /  
Publicated : 22/11/2024   Category : security


4 Disaster Recovery Tips For SMBs


Think your SMB cant afford to prep for an IT disaster? Learn from the CIO of Granite Rock, located on the San Andreas Fault--where an earthquake isnt just possible, its probable.



Securing The Super Bowls Of Sports (click image for larger view and for slideshow)
If your CIO doubles as your CFO, you might be a small or midsize business (SMB).
Steve Snodgrass fills both roles at Granite Rock, a 600-person construction supplier. The CIO/CFO, like a lot of his SMB peers, works with a tight budget, a downsized IT staff, and increasing requests from the business. Were what I would call a classic midmarket company, Snodgrass said in an interview.
For some SMBs, that mix means cutting corners on things that have a blurrier link to the bottom line, like disaster recovery (DR) planning. Yet Snodgrass keeps DR top of mind because, well, he has to--Granite Rock operates on the
San Andreas Fault
, where an earthquake isnt just possible--its probable. One of the challenges for us as a company is to have a disaster recovery plan that works and is affordable, Snodgrass said.
Snodgrass and Granite Rock began facing that challenge back in 2000--largely by accident--when the company decided to outsource its enterprise resource planning (ERP) system to WTS, which is now part of
Velocity
. The reason? The Bay Area firm was dealing with a dot-com talent drain. A full backup and recovery plan came about over time as its outsourcing decision evolved. Today, Granite Rocks ERP system is hosted in Seattle and fully recoverable from another secure site in Denver should anything go wrong. If disaster strikes in San Francisco--or Seattle, for that matter--Granite Rock can continue to pay employees, bill customers, and keep critical operations running.
[ Intellectual property and mobile top the list of SMB security concerns. To learn more, see
Top SMB Security Worries: Intellectual Property, Mobile
. ]
Whether or not youre in a
high-risk area
, Snodgrasss approach offers some DR wisdom for fellow SMB IT pros to consider in their own organization.
1. Become a pragmatist.
Granite Rock doesnt have the budget or IT staff to ensure that every application and system is fully recoverable, so Snodgrass doesnt bother trying to achieve 100% readiness. Recovering the ERP platform is priority one, so thats where he and his team has put its focus over time. Granite Rock does some less comprehensive DR planning for other important applications--its Microsoft Exchange server, for example--and it makes educated decisions about which areas to ignore. An earthquake would knock out the weighing systems Granite Rock uses when customers place orders for tons of rocks--but Snodgrass isnt losing sleep over that. The wide-area networks those systems rely on would also be down, so recovery is moot.
Redundancy wouldnt get you anything, Snodgrass said. We take a pragmatic approach: What are systems you cant afford to live without, and what are systems you could live without?
2. Lose the cloud fear.
Snodgrass is quick to acknowledge that his companys DR readiness began somewhat serendipitously. But the decision to move a business-critical application offsite was key; fellow execs that have shunned
cloud platforms
for
security
or other reasons. Snodgrass doesnt think those fears are unfounded, but notes that moving to hosted platforms can help IT pros create a DR plan without separate costs. We embrace it, Snodgrass said. That doesnt mean he does so with a blind eye--its just that the benefits outweigh the risks. Are there security and trust issues? Absolutely.
3. Stop fretting over ROI.
When it comes to proving a return on his IT investments, Snodgrass is in a unique position: because hes also the CFO, he is, at least in part, proving ROI to himself. Yet when it comes to DR, Snodgrass thinks SMBs should become less obsessed with ROI in the traditional sense. One of the major flaws of the IT industry is that there arent a lot of solutions that have a tangible return, Snodgrass said. Thats a problem if youre making a financial case for DR in your organization--a case Snodgrass said will likely be met with skepticism by the CFO and other stakeholders. Instead, he advocates a different approach: Describe your DR plan as an insurance policy.
Theres no rate of return on insurance, Snodgrass said. If you dont have a [disaster] thats insured, its just an ongoing cost to the business. And yet when something does go wrong, the uninsured business might soon be
out
of business.
4. Put the plan through its paces.
The most common DR pitfall in Snodgrasss view--aside from ignoring it entirely--is to invest in a plan and then not test it. Its one thing to have a disaster recovery plan; its another to know that it actually works, Snodgrass. That means testing it in simulated disaster conditions. Granite Rock, for example, practices recovering and restoring its offsite tape backups so that the team isnt trying the somewhat laborious process for the first time in an actual disaster scenario.
Equally important: Testing should be an ongoing process, not a one-time task. The reason is simple: Its a moving target, Snodgrass said. IT is always adding services, and the business is always demanding services. Thats a real challenge for a midmarket company.
ITs spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. Its time to break free. Download our
Disaster Recovery Disaster
supplement now. (Free registration required.)

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
4 Disaster Recovery Tips For SMBs