Why Companies Need A Next-Gen Approach To Business Continuity

Uploaded on 2022-09-30 in TECHNOLOGY--Resilience, TECHNOLOGY--Developments, FREE TO VIEW

During the pandemic, many organisations embraced a hybrid environment, allowing employees to work from home or anywhere else. On top of this, many have adopted or are now implementing infrastructure-modernisation initiatives and digital-transformation programs.

These significant changes bring various challenges, including increased complexity, potential vulnerabilities, and the burning question of how to keep operations running smoothly during a natural, hardware, human or cyber disaster.

To solve those challenges, IT teams must reevaluate their approach to business continuity. The IT metrics to measure business continuity remain the same: uptime, the availability of data and apps, and backup and recovery. But the widespread transition to remote work and digital technologies demands a new approach to business continuity that acknowledges IT's growing responsibility to enable a hybrid workplace and keep all digital systems up and always running.

This approach applies to every company that relies on technology to do business. For example, the French restaurant down the street that uses cloud-based software allows customers to order and pay on their phones. If there is a disruption, if customers place orders that don't go through, the restaurant loses not only the orders but the trust of those customers.

For every connected company, continuity is now an absolute requirement, whether that company is in the business of high tech or haute cuisine.

As they get increasingly digital, there is greater pressure than ever on organizations to achieve 24/7 uptime. An independent global study commissioned by Arcserve showed that 83% of IT decision-makers believe 12 hours is the maximum acceptable downtime for critical systems before a measurable negative impact on business.
And, for many businesses, even this is too long. Indeed, according to a 2021 study from IBM, just one hour of downtime for a single server can cost firms $100,000. So, for an organization with 1,000 servers, that comes to $10 million per hour.

To minimise downtime, today's organisations must take a next-gen approach to business continuity. Here's how they can do it.

Create A Plan

Every organisation should have a business continuity plan. It is a step-by-step plan that will guide your response to a disruption, a time when speed and clear thinking are of the essence. Your plan should encompass any contingency - natural disaster, electrical outage, or cyber attack - so you can address the cause, minimise downtime, and control damage to your revenue and reputation.

Your plan should be comprehensive. It should list the resources needed in a crisis, such as data backups and storage locations. It should also include workers' steps to properly alert company leaders, maintain customer communication, and sustain productivity.

Companies should test the plan regularly to ensure it will work when needed. Testing will help you identify and address weak points before being exposed to a crisis. With a robust and regularly tested plan, you can move forward with confidence that you'll be able to safeguard your data and restore it if necessary when a cyberattack or natural disaster strikes.

Make Data Backups Front Of Mind

Most companies will suffer a data-loss event at some point. In the recent survey commissioned by Arcserve, 74% of midsize companies said they had experienced data loss in the past five years, and 52% of respondents said they could not recover all their data after a loss.

Businesses should adopt a 3-2-1-1 data-backup strategy to prevent data loss. It means three backup copies of your data on two different media (disk and tape, for example), with one copy stored offsite for disaster recovery. The final 1 is immutable backup storage. Immutable backups are the key to successful disaster recovery and business continuity. They convert your data to a write once, read many times format that can't be altered, deleted, or encrypted.

Establish Your RPO And RTO  

A solid business continuity plan should also include recovery point objectives (RPO) and recovery time objectives (RTO), along with steps to achieve them.

RPO is the amount of data your business can tolerate losing in a disruption before the company experiences serious harm. It's the benchmark you use to decide how often you should back up your data and determine the infrastructure you need to enable that backup schedule. Companies can set different RPOs for different functions of the business. For example, dynamic files like financial transactions need a short RPO. Due to the number of variables involved, the recreation of such files is often not possible if they're lost. Static files like employee records can have a longer RPO.

RTO is the maximum amount of time after a disruption before your operations should be up and running normally again. Once you've established your RTO, you can make informed decisions about your data resilience plan. So, if you decide that your organisation can tolerate only one hour of downtime, you'll know you need to build a recovery program that enables you to be back up and running within an hour.

Final Takeaway

In the old days, companies waited for disruptions to occur, and if they did, they learned, adjusted, and moved on. Nowadays, with the threat of disruptions frequent and the damage done by data loss potentially fatal, companies need a next-gen approach to business continuity.

They need a solid and regularly tested plan. Organisations with such a plan will withstand the threats coming at them fast and furious, from natural disasters to cyber attacks. Organisations that don't have such a plan will find themselves in the rearview mirror.

Florian Malecki is Executive Vice President of Marketing at Arcserve

You Might Also Read: 

Containers Are Temporary, But Container Data Is Not:

 

« Securing The Future Of Open Finance
Lessons From The Cyber Front Line »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.