Is Disaster Recovery and Business Continuity an Outdated Concept, and if not, where to start?
Disaster Recovery or Business Continuity Planning is something that all MSPs should have not only for themselves, but also for their clients.
However, with the growth of cloud-based services, it could be argued that DR/BCP is now an outdated concept which most companies no longer need. Yet the company still needs to operate, so even if the plan is simply to work from home, it is still valuable to have a plan which can be communicated to staff.
Disaster Recovery – what is it and where to start?
Traditionally, what is a Disaster?
Simply put a disaster should be considered the loss of something within the business. All of the below would mean that a DR plan of some kind maybe activated.
- Loss of the building.
- Loss of access to the building.
- Loss of data.
- Loss of internet access.
- Loss of electric supply.
The likelihood of the above and their impact will play a big part in the planning that needs to take place.
With the warnings in the Autumn of 2022 that we could have seen scheduled power blackouts, planning for that kind of scenario seems a good opportunity to open conversations with your clients regarding their plans and see what can be adapted or needs to be changed.
Where to Start with DR Planning?
A lot of companies and their IT support will look at DR and not know where to begin, or because some or all of their services are now in the cloud, feel they are at least partially covered.
Obviously the first thing to consider is what is still physically in the office and would therefore be affected by a local failure.
Then, after looking at the list above, it should be obvious that a lot of clients and their IT support will already have the beginnings of a plan, which can be adapted and expanded for other scenarios.
Start by asking the client a few simple questions:
- What do you do when the power goes out?
- What do you do when the internet goes down?
- What do you do if everyone is snowed in and cannot get to the office?
For power loss, this could be a UPS that requires its own room and a generator the size of a small van in the car park, at the other end of the scale, something as simple as pen and paper or more sophisticated such as telling everyone to go home and work from there.
For loss of the internet, you might already have a 4g gateway available to take to a client at a moment’s notice.
If everyone is snowed in, do staff work from home, have soft phones for example, or is it just a day off?
For loss of data, you should already have a plan for dealing with ransomware.
All of those elements can be used and adapted for the more serious events. If the client has everything in the cloud already, then all you might have to add to a plan is how to get access to the data in a secure manner. That can be something as simple as renting dedicated servers and building a remote desktop services farm, or even just deploying Azure Virtual Desktop.
For on premise servers, if you have protection for encryption malware, then that protection may well be adaptable for dealing with other scenarios.
Disaster Recovery shouldn’t be seen as a massive thing that can overwhelm you or your clients. A basic plan can be put together which can be easily adapted for most clients IT needs. Even if the client then requires more advanced needs, this can be a good start and also a valuable source of revenue with the initial planning and then annual reviews to ensure the plan keeps up with the technology that they are now using.
Luke, Daniel and I discuss DR in the pod cast series Cyber Anxiety, the link to it can be found above.