Why Companies Need A Next-Gen Approach To Business Continuity

Uploaded on 2022-09-30 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW

During the pandemic, many organisations embraced a hybrid environment, allowing employees to work from home or anywhere else. On top of this, many have adopted or are now implementing infrastructure-modernisation initiatives and digital-transformation programs.

These significant changes bring various challenges, including increased complexity, potential vulnerabilities, and the burning question of how to keep operations running smoothly during a natural, hardware, human or cyber disaster.

To solve those challenges, IT teams must reevaluate their approach to business continuity. The IT metrics to measure business continuity remain the same: uptime, the availability of data and apps, and backup and recovery. But the widespread transition to remote work and digital technologies demands a new approach to business continuity that acknowledges IT's growing responsibility to enable a hybrid workplace and keep all digital systems up and always running.

This approach applies to every company that relies on technology to do business. For example, the French restaurant down the street that uses cloud-based software allows customers to order and pay on their phones. If there is a disruption, if customers place orders that don't go through, the restaurant loses not only the orders but the trust of those customers.

For every connected company, continuity is now an absolute requirement, whether that company is in the business of high tech or haute cuisine.

As they get increasingly digital, there is greater pressure than ever on organizations to achieve 24/7 uptime. An independent global study commissioned by Arcserve showed that 83% of IT decision-makers believe 12 hours is the maximum acceptable downtime for critical systems before a measurable negative impact on business.
And, for many businesses, even this is too long. Indeed, according to a 2021 study from IBM, just one hour of downtime for a single server can cost firms $100,000. So, for an organization with 1,000 servers, that comes to $10 million per hour.

To minimise downtime, today's organisations must take a next-gen approach to business continuity. Here's how they can do it.

Create A Plan

Every organisation should have a business continuity plan. It is a step-by-step plan that will guide your response to a disruption, a time when speed and clear thinking are of the essence. Your plan should encompass any contingency - natural disaster, electrical outage, or cyber attack - so you can address the cause, minimise downtime, and control damage to your revenue and reputation.

Your plan should be comprehensive. It should list the resources needed in a crisis, such as data backups and storage locations. It should also include workers' steps to properly alert company leaders, maintain customer communication, and sustain productivity.

Companies should test the plan regularly to ensure it will work when needed. Testing will help you identify and address weak points before being exposed to a crisis. With a robust and regularly tested plan, you can move forward with confidence that you'll be able to safeguard your data and restore it if necessary when a cyberattack or natural disaster strikes.

Make Data Backups Front Of Mind

Most companies will suffer a data-loss event at some point. In the recent survey commissioned by Arcserve, 74% of midsize companies said they had experienced data loss in the past five years, and 52% of respondents said they could not recover all their data after a loss.

Businesses should adopt a 3-2-1-1 data-backup strategy to prevent data loss. It means three backup copies of your data on two different media (disk and tape, for example), with one copy stored offsite for disaster recovery. The final 1 is immutable backup storage. Immutable backups are the key to successful disaster recovery and business continuity. They convert your data to a write once, read many times format that can't be altered, deleted, or encrypted.

Establish Your RPO And RTO  

A solid business continuity plan should also include recovery point objectives (RPO) and recovery time objectives (RTO), along with steps to achieve them.

RPO is the amount of data your business can tolerate losing in a disruption before the company experiences serious harm. It's the benchmark you use to decide how often you should back up your data and determine the infrastructure you need to enable that backup schedule. Companies can set different RPOs for different functions of the business. For example, dynamic files like financial transactions need a short RPO. Due to the number of variables involved, the recreation of such files is often not possible if they're lost. Static files like employee records can have a longer RPO.

RTO is the maximum amount of time after a disruption before your operations should be up and running normally again. Once you've established your RTO, you can make informed decisions about your data resilience plan. So, if you decide that your organisation can tolerate only one hour of downtime, you'll know you need to build a recovery program that enables you to be back up and running within an hour.

Final Takeaway

In the old days, companies waited for disruptions to occur, and if they did, they learned, adjusted, and moved on. Nowadays, with the threat of disruptions frequent and the damage done by data loss potentially fatal, companies need a next-gen approach to business continuity.

They need a solid and regularly tested plan. Organisations with such a plan will withstand the threats coming at them fast and furious, from natural disasters to cyber attacks. Organisations that don't have such a plan will find themselves in the rearview mirror.

Florian Malecki is Executive Vice President of Marketing at Arcserve

You Might Also Read: 

Containers Are Temporary, But Container Data Is Not:

 

« Securing The Future Of Open Finance
Lessons From The Cyber Front Line »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IX Associates

IX Associates

IX Associates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.