By the DynaSis Team
[featured_image] few decades ago, when mechanical hard drives were notoriously prone to failure, the technology media often issued dire warnings about the dangers of not having a good data backup. That was in the days when tape backups were the norm, and companies that hadn’t experienced the pain of a data failure were hesitant to engage in such a complex and time-consuming effort.
Then solid-state drives (with no mechanical parts) and the cloud came along and these backup methods caught the public eye. The noise level relating to the danger of failing hard drives appears to have dropped substantially since then. Ironically, during the same period, businesses have become no more protected against data failure. We submit many are now operating at even greater risk.
Why? Data storage is at an all-time high, with company data pools often weighing in at a terabyte (approximately one million megabytes) or larger. Compounding the problem, huge-capacity, solid-date data drives are inexpensive and small (often the size of a deck of cards). Furthermore, many businesses use both the cloud and solid-state drives for data storage, causing files to become scattered into multiple locations. Some firms even allow (or do not forbid) employees to store company data on personal laptops, portable drives they take home at night, and other off-site locations.
Many companies do not even know that their backups are inadequate until they have a data disaster (or even a minor crash) and lose something important, like that presentation for a new client that took 20 hours to complete. In fact, a November 2013 survey from research firm The 2112 Group found that 23% of companies purchase cloud-based backup solutions after data loss or system downtime due to an unprotected system. Some 44% of purchases occur either after a data disaster or because of concerns one might be looming. Furthermore, an unrelated study found that 44% of business owners have no data governance policy to control where or how they store data.
These statistics point out a dire problem―that nearly half of business owners are not adequately protecting and managing their data. The solution to this problem is simple:
Data and Backup Analysis, Planning and Management.
To get a handle on their data before a data loss occurs, companies need to figure out where it is and then come up with a workable plan to manage it and back it up. They need to embrace the notion that a comprehensive backup and data recovery (BDR) solution involves more than a second hard drive on someone’s desk or an old server in the “computer closet”. It involves data and risk analysis, planning and management, and offsite data backups (usually cloud-based and either redundant or transferred nightly). Such a system, once implemented, gives firms the best chance of backing up everything, everywhere, and ensuring the latest versions of company files are available to everyone―even if the unthinkable happens.
Here at DynaSis, we live, eat and breathe BDR and develop customized solutions on a daily basis. If this blog has hit home, we can perform an assessment that will find all the data hanging around your network. We can then help you decide what you want to back up, and make a plan for a solution and configuration that works within your risk tolerance and financial constraints. To learn more, fill out our inquiry form or give us a call.
By the DynaSis Team
At DynaSis, we are continually working to make improvements, providing our customers with products and services that are faster, more powerful and more secure. This year, we have taken great strides in several areas, including introducing an affordable, secure cloud file system that just may revolutionize your business model.
If you haven’t been introduced to our new offerings yet, we invite you to call us for a complimentary consultation. You may be pleasantly surprised at how much our solutions can propel the success of your business
Automated Monitoring and Alerting: In February, DynaSis launched a cloud-based, high-availability monitoring and alerting service gives that gives engineers in DynaSis’ network operations center a dashboard view of customers’ infrastructure at all times. The service conducts analysis and inspection of DynaSis customers’ on-site infrastructure and networks, 24/7/365, scanning for issues such as low disk space, servers being overwhelmed by too many user requests, and other problems that affect availability and performance. Offered at no additional charge to DynaSis’ Managed Services customers, it added a further layer of scrutiny on top of DynaSis’ already robust network and infrastructure management and maintenance solutions.
Partnership with Veeam: In March 2013, DynaSis announced a partnership with Veeam, a leading provider of disaster recovery services for small and medium-sized businesses (SMBs). Partnering with Veeam gave DynaSis yet another best-practices disaster recovery option for its clients. With the Veeam solution, DynaSis customers’ data and servers are replicated from their virtual servers to DynaSis offsite data centers, eliminating the need for onsite backup appliances or servers. Customers enjoy instant file-level recovery, application-item recovery and virtual server recovery plus deep support for VMware and Hyper-V virtualization environments.
DynaSis BLUE: In September, DynaSis announced the launch of DynaSis BLUE, a solution that turns customers’ on-site file servers into in-house cloud servers. To deploy BLUE, DynaSis installs a tiny software agent on a client's file server and then configures the in-house cloud environment to meet the customer's specifications. DynaSis BLUE enables firms to harness the power of cloud-based file sharing and storage without relinquishing control of corporate files to a third-party provider. With 448-bit Blowfish encryption, two-factor authentication, full auditability and granular user-access and security controls, DynaSis BLUE provisions companies with a comprehensive, 100% synchronized and backed-up solution that offers significantly better governance than leading competitors.
These products and services are some of our 2013 highlights, but they are far from our only accomplishments. We’re also planning some great new additions for 2014.
We hope you had a great holiday season and wish you a prosperous New Year. From all of us at DynaSis, here’s to a great 2014. We look forward to working with you in the future!
By DynaSis
Last month, I introduced our fall Disaster Recovery Education initiative and promised to provide you with more valuable information. This week, we’ll talk about length of downtime (period without access to some or all of your computing resources) and its cost to your organization.
A decade ago, many companies considered a week or more of downtime―in the wake of a disaster―to be acceptable. Small and medium businesses (SMBs) were becoming increasingly computerized and reliant on the Internet, but the hunger for instantaneous communications was nowhere near as ubiquitous as it is now.
Today, many large enterprises measure acceptable downtime in hours (if not minutes) and cannot imagine going for a week or more without access to their email, corporate files, customer records, business processes and other important revenue drivers. SMBs need to adopt this same strategy to compete effectively―and it’s becoming increasingly affordable to do so.
Let’s consider the cost of downtime. It varies by the business, industry and business application, of course, but it is considerable in every instance. Analytical software developer Alinean ran some numbers and determined that the average cost per minute of infrastructure downtime is $700. Having a business application down can cost far more.
Alinean placed the cost per minute of messaging outages at $1,000; with e-commerce pegging at an estimated $10,000 per minute. Supply-chain management software, where system downtime can literally disrupt your entire supply chain for a week or more following restoration, tops the charts at $11,000 per minute.
For SMBs that don’t conduct e-commerce, rely on complicated supply chains or have legions of salespeople in the field, these numbers may seem excessive. To help you get a handle on your own cost of downtime, I’ve provided some practical calculations you can run.
Quantifying downtime, at its most fundamental level, requires calculating two primary losses: reduction to individual or workgroup productivity and loss of transactions. Calculating both helps you pinpoint wasted expenses and lost revenue.
For the first number, you’ll run the “CPA” calculation:
C = average employee cost (salaries or wages + benefits)
P = number of people affected
A = amount of time they are affected
As of September 2013, the average U.S. average “burdened” salary (compensation plus taxes and benefits) per employee was $29.11 per hour, per the U.S. Department of Labor. (Calculating your real number would be more accurate, of course).
Multiply this figure by the number of employees in your operation, then by the amount of downtime you consider acceptable in the event of an emergency. That figure equals your cost of lost productivity.
For business impact, the calculations become more difficult. While you can calculate this per employee, it’s likely easiest to multiply your transactions per hour or day by the average profit per transaction and then by the downtime duration.
These calculations do not consider lost customer good will (or even lost customers), nor do they consider any overtime you will authorize to bring the firm back up to speed in the event of a disaster. These numbers are hard to gauge, but a good figure would be to increase the “people” and “business” numbers by a percentage that increases with the length of downtime (5% for durations of a few days; 25-30% for downtime of a month or more.)
Once you’ve calculated your downtime costs for a variety of disaster scenarios (server crash―1-3 day of disruption; fire or major weather event; possibly weeks or months of disruption), compare it against the cost to reduce your downtime exposure.
If it still seems expensive to implement a near-instant recovery plan, give me a call. Our IT experts can show you how affordable it is to never lose access to your data―even for a minute.
With 2013 shaping up to be a non-event, both in terms of hurricanes and tornados, many small business owners (SMBs) may feel validated in their belief that disaster recovery plans and procedures are a waste of time. Not only has 2013 been unusually quiet in terms of “major” disasters, but the media recently reported that we are nearing the eight-year mark without a major hurricane (Category 3 or greater) striking the U.S. (The last one was Wilma, in 2005). That’s the longest unbroken stretch without a major hurricane since 1851.
If you are one of those SMBs, ask the folks in Missouri, who suffered catastrophic flooding this year, or the residents of New Jersey who were wiped out by Superstorm Sandy in 2012. For that matter, numerous businesses in “low-risk” Atlanta experienced lengthy power outages and even flooding this summer during one of the stormiest periods in recent history. And, don’t forget the 500-year flooding of 2009 that crippled the city for a week.
The reality is that a weather event doesn’t have to meet the definition of “major” to cause substantial disruption. In fact, using the term “disaster” in connection with business continuity and recovery may be a bit misleading, but it’s become an industry-standard term nevertheless.
To put things in perspective, let’s call it “disruption recovery” instead. That’s how we encourage business owners to think about business continuity. Ask yourself questions such as:
How long could your business operate without its business data?
It’s become a fact for most companies that an “important” department like Accounting could lose access to its systems for a day―or even a week―and it wouldn’t affect operations or corporate reputations over the long haul. Yet, if those same companies lost access to email, customer service records or Internet access for more than a few hours, they could experience major productivity losses and potentially damage their standing with clients. If everything went down for a week or more, the damage might be irrevocable.
Technology has forever changed the way we do business, and the majority of SMBs are not adequately prepared to address the impacts of its disruption. According to the 2013 Small Business Disaster Survey carried out by Alibaba, Vendio and Auctiva, 74% of small business owners don’t have a disaster recovery plan for their business.
To encourage SMBs to rethink their strategies, DynaSis is launching a disaster―and disruption―preparedness and recovery program this fall designed to help SMBs reduce or eliminate their vulnerability to disruption. As part of this effort, I’ll be sharing valuable tips and suggestions here over the next few months.
At the end of the day, it doesn’t matter if your business operations are disrupted by a tropical storm or a bad driver crashing into a major power pole and wiping out a transformer. An outage is an outage, and it probably affects your business. The good news is that it doesn’t have to be expensive or difficult to minimize your risk. Stay tuned for further updates, or give me a call if you’d like to know more, now.
For many small to medium-sized business (SMB) owners, disaster recovery and business continuity (DR/BC) are nebulous concepts to be dealt with "when there is time." The problem for many (more than 50%) is the "right" time never comes, leaving them unprepared when disaster strikes. Yet, in the past year, many SMBs are realizing that disasters can hit anywhere, and they are realizing that they cannot put off planning forever.
Although preparing a DR/BC plan is admittedly not a "no-brainer" process, it doesn't have to take hundreds of hours to complete. Perhaps the most important part of this effort—and something you can do without developing bulky manuals and detailed schematics—is determining your "magic numbers" and then taking action to ensure you can meet them.
Three numbers—Recovery Time Objective (RTO), Recovery Point Objective (RPO) and Maximum Tolerable Outage (MTO) will give you a good idea how quickly you need to recover your business—from critical client and decision-making data to core business processes—to ensure your firm doesn't collapse after the dust of a disaster settles. Once you know this information, you'll be in a better position to plan an effective recovery.
Recovery Time Objective (RTO): The minimum time within which you would like to restore your data, applications and critical IT-related processes after an outage.
Recovery Point Objective (RPO): The amount of recent data you could tolerate losing in the event of an outage—which equates to the frequency of your backup snapshots.
Maximum Tolerable Outage (MTO): The longest amount of time your business and its employees could function without access to data, email and applications before the outage puts your business and/or client relationships at risk.
Calculating your RTO, RPO and MTO require you to run a business impact analysis, identify processes that must be operable for you to function, and evaluate the strength of your client relationships (and their tolerance for outages). You'll also need to investigate your vendors and supply chains to see what their disaster plans are and whether you have alternate choices. DynaSis recently published a practical guide to help you in this quest; click here to view our white paper on the topic.
However, you can calculate a rough approximation of your RTO, RPO and MTO through simple visioning exercises. Make a list of clients you could not afford to lose, then estimate their tolerance for a service outage (you know how patient your big clients are). Consider the type of work you do, and decide whether or not it requires instant access to recent data and if employees could perform that work remotely.
Then, evaluate whether your crucial data—like email and client information (contacts /contracts/RFPs, etc.)—Is stored in the cloud or only at your location. Finally, consider whether your business processes can be completed remotely, and whether employees are cross-trained sufficiently that some could step in if others were tied up with disaster crises.
Many companies that make these rough projections are surprised to discover that their tolerance for outages and disruption is very low. They also realize that even if their physical location is not functional, they could maintain client relationships and operate at a minimal level—provided they had access to their information.
If this is the case with your calculation, I invite you to call me. We can perform an in-depth risk analysis that pinpoints your vulnerabilities and makes recommendations for improvement. Given that more than two-thirds of SMBs are located in areas prone to disasters, and the frequency and impact of disasters is increasing (per the National Oceanic and Atmospheric Administration), disaster recovery for most companies is no longer a matter of "if." It's a matter of "when."
by Dave Moorman
Are you confused about the difference between “business continuity” and “disaster recovery?” Have you heard the terms used interchangeably, or has your IT manager or provider used the term BC/DR (business continuity/disaster recovery)? These two activities go hand in hand, but they are not the same. Making matters more confusing, the definition of disaster recovery can vary based on the company; the industry; even the situation.
In future articles, I’ll dig more deeply into solutions for and approaches to business continuity and disaster recovery, but right now, let’s review the distinctions between the two. Knowing the difference will help you avoid exposing your firm to greater risk than its ownership considers acceptable.
Business continuity is almost universally defined as the plan for ensuring a business can perform critical functions—usually at a level tolerable to customers, vendors, regulators and other outside entities—no matter what life throws its way. Business continuity plans can come into play after a disaster or major disruption (and may be put into action before the event occurs), but they are much more than the mechanism by which a company gets through such an event.
The definition of critical functions varies from one firm to another, but they go well beyond getting servers up and running to incorporate maintaining power supplies and/or securing a location for employees to work. Business continuity plans also include personnel—which individuals or positions are required to ensure the business can operate at the desired level. Most companies develop their business continuity plans after making a thorough evaluation of business processes to determine which are essential to baseline operation.
Disaster recovery is a plan for recovering from a disaster at a level of downtime acceptable to the company ownership. Disasters come in all types and sizes, from tornadoes to virus outbreaks. As a result, most companies have multi-layered plans to address various scenarios.
IT continuity/recovery plans are components of both business continuity and business disaster recovery. A core recovery mechanism for both types of plans is data backup and recovery. However, firms that can tolerate little, if any, downtime also incorporate advanced recovery solutions such as failover servers (off-site, backup servers that can be activated in the event of an outage). Such solutions provide both business continuity and disaster recovery.
Firms that can survive week-long data outages—or that have very small budgets—may opt for offsite backups (with tests) but anticipate they (or their provider) may have to rebuild their environment completely, from scratch. These solutions enable disaster recovery, but they could place a firm’s business continuity in jeopardy. Stay tuned for more information on the finer nuances of these vital business operations.
by Dave Moorman
The recent devastation wrought by "Superstorm Sandy" has reminded us all that no one is invulnerable to disaster. New York City saw an unprecedented (nearly 14-foot) storm surge, and businesses from North Carolina to Connecticut found themselves with sand and water pushed into their buildings—and power to their businesses disrupted.
It doesn't take a disaster of this magnitude to suspend business operations, and groups such as the Institute for Business Safety (IBHS; ibhs.org) are making news daily with pronouncements about the detrimental impact of even minor disasters. So great is the concern that the federal government, working through the Federal Emergency Management Agency (FEMA) has expanded considerable effort (and tax dollars) developing powerful tutorials and tools to help companies engineer disaster recovery and business resiliency plans.
Yet, even though most firms have some form of business continuity/disaster recovery (BC/DR) plan in place, statistics show the majority aren't sure how to implement it and/or don’t run test scenarios. A majority also have not taken advantage of the benefits that cloud computing and virtualization offer for BC/DR.
A complete BC/DR plan incorporates many elements, starting with a business impact analysis and followed by policy/goal statements, recovery strategies, and development of not only a BC/DR plan, but also a program for maintaining and testing the plan on a regular basis. (The FEMA tutorials mentioned above are an excellent start along this journey. The IBHS has some great templates as well.)
As FEMA points out and DynaSis has long maintained, an IT recovery plan and program is an integral component of any business continuity and disaster recovery plan (BC/DR). Although it may take months, or even years, for businesses to develop an enterprise-wide BC/DR plan that addresses operations at every level, BC/DR programs for the technology side have become easier, more affordable and more self-sustaining than ever before.
Cloud-connected backup hardware, preloaded with management, testing and recovery software, makes it effortless for companies to protect their technology assets and access them on-premise or remotely. For many firms, data archives are the single most important business asset—and the foundation of the BC/DR plan.
If you’d like to learn more about the newest technologies in data backup and recovery, as well as end-to-end programs that can have you and your employees and colleagues up and running in minutes, call DynaSis for a no-obligation, no-pressure consultation.
Many businesses think that business continuity and disaster recovery means protecting your technology and having a plan in place for data recovery. And while it is that, business continuity includes much more in order to keep your business functional during a disaster.
Business continuity has several other components you need to think about in case your business is ever the victim of a natural disaster or emergency:
Communication: What happens if you cannot use your current infrastructure or facility to communicate with clients or employees. You need an emergency contact plan in place to re-group employees, connect with vendors, and reassure customers you are in control.
Logistics Operations: A plan is required to continue to carry out deliveries and orders in the event your facility is not operational for more than one day. A list of emergency service providers should be kept up to date in case the unthinkable happens, as well as a backup plan in case key employees cannot perform critical duties.
Proactive Testing: Performing a visual facility review once per year to correct deficiencies can help you prepare and be ready in case you get stuck between a rock and a hard place. Taking inventory of critical resources including data and equipment and making sure those assets can withstand the storm can help you get back on your feet following the aftermath.
While it sounds like a lot of work (and it is!), the immediate and long-term benefits far outweigh the cost of losing your business. Implementing a business continuity plan offers competitive advantage, peace of mind, technology efficiencies, client confidence, and even savings!