Business continuity mitigates the impact on a business when critical business functions are interrupted.
However, an effective business continuity strategy can be challenging because there are so many factors that can disrupt operations.
These factors can include anything that threatens a commercial facility, whether it’s a natural disaster or a physical break-in - it could also include anything that undermines IT infrastructure, such as hardware failure, or a security breach or it can even be something that threatens personnel, like a disease pandemic.
Business continuity encompasses three core elements: resilience in how business functions and infrastructure are designed, recovery to restore systems that fail, and contingency to cope with incidents and disasters that occur.
“Organisations that don’t have a business continuity plan in place are at enormous risk of failure,” says Stuart Mills, Regional Director A/NZ, CenturyLink.
“The strategy they choose affects their downtime, which in turn impacts the bottom line and whether or not they remain in business.”
By carefully identifying and implementing a mix of existing internally-managed infrastructure and outsourced technology with the help of a managed hybrid IT provider, Mills believes enterprises can develop a company-wide business continuity strategy.
Six ways business continuity can cost business:
1. Evaluating what service-level agreements (SLAs) really mean:
Many organisations assume that if they have 99.999 per cent uptime they’re covered. But in reality, true uptime is a little more complicated.
Let’s say business requires a 100 per cent SLA for its data centre. It assembles a variety of point-only SLA providers that guarantee the five 9s (99.999 per cent) of expected availability for the server that sits in the data centre.
However, there is other infrastructure associated with a server too, like the IT backbone that connects the server to end users, or the managed network routers and switches that support the backbone and delivery of services.
Most organisations assume these don’t need the five 9s because the most mission-critical element is the actual data centre.
However, if the data centre has five 9s, but the IT backbone has four 9s and the managed network routers and switches have three 9s, then the actual availability of an application called up by an end user is far less than the five 9s of the data centre.
2. Redundancy in the data centre:
The fundamental challenge of business continuity is that it’s all unknown. How can you possibly foresee the outcome of an unidentified risk in a location you don’t know at a time you can’t predict?
What you can do is put some hard thought into the planning behind your infrastructure. First, where is your data centre? It’s important to check whether it’s in a location that’s susceptible to natural disasters, such as a geological fault, cyclone zone, or flood plain.
Next, make sure you have the right level of redundancy. The natural thinking is that the more you have, the safer you are. But too many data centres lead to data centre sprawl, which can make it much harder to ensure that a business continuity plan is cohesive.
3. Refreshing and testing business continuity plans:
Business continuity isn’t just about putting a plan in place; it’s about putting a plan in place and then making sure it still meets the organisation’s needs over time.
If you're not thinking about business continuity as a continual process, then your strategy could be outdated. And if you're not building validation into your disaster recovery strategy, you're not nearly as protected as you think.
4. Vendor assessment:
Conducting third-party vendor evaluations is a critical component of validating a business continuity plan. It starts when you sign up with a vendor, and it continues whenever you assess your strategy.
Ask questions and, every time you validate, ask these questions again. Conduct regular audits and pay special attention to the business continuity plans of your Software-as-a-Service (SaaS) and cloud providers.
If they’re running operations in a data centre that don’t conform to standards, you’re shouldering the risk.
5. Balancing cost:
It can be hard to make a case for business continuity because the only real way to measure return on investment is after your systems have gone down.
Everyone says they want the five 9s, but the reality is that it’s expensive. And at the end of the day, not every workload is absolutely mission-critical.
An effective business continuity strategy balances cost and risk, and determines which workloads must operate continuously and which don’t need to.
6. Human error. Humans make mistakes:
You may have a highly resilient data centre from a technical perspective but if the appropriate operating procedures aren’t in place, you may not meet your actual resiliency requirements.
Always verify that your vendors follow correct procedures. Actively seek out service providers with a demonstrated commitment to quality, which can be shown through certification through organisations like the Uptime Institute, Six Sigma and ISO.
But true business resiliency isn’t just about your data centres. It also has to do with making sure your data isn’t compromised.
Employees often open the doors wide to data breach, whether it’s a malicious act or because organisations either don’t have security policies in place or don’t enforce them.