With a global pandemic commanding the attention of mainstream media, board rooms, break rooms, and webinars; many are overlooking another constant concern. Business Continuity and Disaster Recovery should be an extension of operations, and receive heightened seasonal interest from those of us on the Gulf and Atlantic Coast. With tropical system activity increasing, I felt compelled to create a quick article to remind and guide those responsible for protecting your business applications, systems, and users.
Take a moment to review the documented Disaster Recovery and Business Continuity Plan. This should not be a daunting exercise, as in the event of a disaster scenario the objectives should be concise and effective with many using these very plans to support COVID-19 responses. Considerations for the following can help guide decision makers through the review process:
- Validate the infrastructure and application catalogs for accuracy. Responses to COVID-19 lead to dynamic technology decisions, so ensure new solutions are protected and the desired security posture is maintained throughout an unplanned disaster scenario.
- Measure capacities to account for spikes in demand as workloads potentially shift off primary platforms. Disaster events can also impact supply chain so adding capacity to platforms nearing thresholds may need to be accelerated.
- Cloud based solutions are still in scope. Review connectivity redundancy, service level agreements, and support contracts with all providers.
- Confirm all BCDR roles are staffed as many departments have had to reduce staff due to the current economic conditions.
- Beyond assignment, the level of competency should be evaluated. Who owns the work and how proficient are they at the task?
- Based on talent GAP analysis, determine sourcing strategy of human resources and/or managed services opportunities.
- Affirm the status of protection platforms used to achieve targeted recovery point objectives (RPO) and recovery time objectives (RTO). Negotiate reasonable targets if the organization has had budget, staffing, or technology cuts that inhibit success.
- Document all automations (unattended/attended) and all facets of BCDR including site failover, system recovery, operations, and testing. Focus on the ownership and thresholds of the triggers.
- Perform a table top exercise walking through disaster scenarios to document questions, delays, information gaps, and any failures that would impact the business. This is also a good opportunity to validate the communication strategy including task ownership, primary/backup methods, update frequency, escalation protocol, and return to service notifications. Adjust the BCDR plans based on the table top experience.
While the listed items may seem fairly evident, the attention of the IT leader has likely been on support of business operations. There will be a follow-up publication outlining opportunities to improve BCDR including concepts centered on hybrid multi-cloud, automation, client computing, infrastructure-as-code (IaC), and containerization; but first things first.
If you are facing technology challenges, please do not to hesitate to reach out to Alchemy Technology Group for consultation.