Although business continuity management (BCM) uptake has increased by 3% in the UK over the past few years, very few companies are concerned about the BCM practices of their supply chains, according to a recent report released by The Chartered Management Institute in the UK (in partnership with the British Standards Institution, the Business Continuity Institute and the Cabinet Office).
"Less than one in 10 businesses with business continuity plans in place for their own operations (7%) expect the same of their suppliers, and just 3% see this changing in the future," the report says.
Seventy-four percent of IT decision-makers in SA are not confident they could fully recover after a disaster.
Furthermore, according to the report, BCM uptake is only at 61% this year. Unfortunately, it seems local uptake and interest is no better.
To get an understanding of backup and disaster recovery trends in SA, EMC sponsored a survey of 250 IT decision-makers across a variety of industries and company sizes (research was commissioned by research agency Vanson Bourne). "Our goal was to understand the real causes of systems downtime and data loss in SA, as well as the associated commercial consequences among both private and public organisations," explains Sumash Singh, business unit manager: backup recovery systems at EMC Southern Africa. "The results indicated that 74% of IT decision-makers in SA are not confident they could fully recover after a disaster."
He continues: "Of the companies surveyed, only 56% review their backup and recovery plans after disaster strikes, and 39% increase spending on backup and recovery when they have had a disaster. This is despite the fact that 31% needed a day or more to return to full business operations. The research found that, on average, organisations in SA are spending around 10% of their annual IT budgets on IT backup and recovery, and 40% of respondents did not think their organisations were spending enough on backup and recovery."
The supply chain
Mark Beverley, GM of Service Delivery at ContinuitySA, says the company understands the strategic advantages of having a plan in place to ensure the recoverability of the organisation after an incident.
"However, should one of our critical suppliers experience a disaster, it would affect our services to our clients significantly."
He says downtime will reflect badly on the company and pose a risk to its clients' businesses.
"This is particularly true of real-time suppliers, ie, telcos, municipalities and cloud service providers. Currently, we have alternative arrangements with other suppliers of these services, and in doing so, reducing the risks where possible."
Singh agrees that any organisation would be affected by a disaster experienced by a member of its supply chain. "In fact, the knock-on effect can be just as harmful for partners and suppliers up and down the supply chain. A disaster of epic proportions does not have to occur for a business to suffer disastrous consequences in relation to backup and recovery. We live in an economic time when investments need to be made wisely, and there can be no tolerance for interruptions to the business because of an IT systems failure. By transforming backup and recovery strategies, companies can improve both recovery from day-to-day outages, as well as recoveries from something more severe."
When it comes to responsibility, does an organisation have to ensure the companies in its supply chain have adequate BCM? According to Beverley, any organisation has an obligation to assess all risks and to make sure BCM addresses those risks. "So this will extend to the supply chain. The level to which an organisation can assess and apply pressure for compliance further down the supply chain is debatable, though. I don't think many organisations have taken these assessments far enough."
We find the biggest failures are caused by power- and hardware-related issues.
Singh believes it makes good business sense for all the companies in a supply chain to have an effective business continuity plan in place. "Information is a critical corporate asset and the lifeblood of most organisations. Yet, as much as companies are investing in the systems and devices to create and access data, there is a disconnect with regards to the investments companies are making to actually protect data and applications. Lost revenue, loss of employee productivity and decreased customer loyalty are most often the result of a prolonged disruption; an organisation, therefore, has a responsibility to prevent these negative impacts by ensuring the companies in its supply chain are as well protected as possible."
Local disasters
In SA, says Beverley, there are fewer natural or seasonal disruption causes. "We find the biggest failures are caused by power- and hardware-related issues."
Beverley explains that his company's spend in resilient infrastructure has increased, both from an IT and an infrastructure perspective. "BMS monitoring systems have been enhanced. Our change and incident management processes have been enhanced to cater for infrastructure and IT systems. IT mobility capabilities have also been improved," he says.
According to the EMC-sponsored survey, explains Singh, the top three causes of data loss and system downtime in SA are loss of power (56%), hardware failure (51%) and software failure (50%). "This is hurting business in the following ways: loss of employee productivity (42%), loss of revenue (38%) and loss of customer confidence (32%)," he explains.
Recovery advice for the SME
By Gareth Tudor, CEO of Altonet
1. It is vital for an SME to refine how it manages and protects its information assets.
2. It is essential to ensure a robust backup and recovery strategy is in place to cater for the exceptional growth of business data. This is an often-overlooked aspect.
3. Many backup and recovery strategies fall short of meeting the most basic tried and tested methodologies to securely back up and recover information.
4. Backups need to take place according to a fixed timetable to ensure missed data, duplication and data loss is avoided.
5. There needs to be a rigid and automated operational backup and recovery strategy in place, allowing a company to safely and securely store its data.
6. It is vital to understand which files are business-critical versus files that are more transitory.
7. Next-generation cloud solutions can provide fast, assured and automated backup of mission-critical information, with the ability to recover lost data via a Web interface in a timely manner.
8. With cloud backup, SMEs know their data is stored in a reliable, off-site, redundant environment.
9. Backing up in the cloud reduces costs associated with a dedicated backup infrastructure, simplifying IT budgeting.
10. Since 96% of data restorations are for hardware failures or data corruptions, the restore function must be quick and efficient, with the ability to restore data back to the point of failure only without having to do a complete restore.
Five top backup tips for the SME
By Dawie Bloomberg, MD of Green Apple IT
1. Use built-in backup solutions. Various operating systems (OSes) feature standard backup software and these are proven to work. One example is Apple's Time Machine backup software that is featured with its OS. SMEs can use this backup software available on the OS, as purchased backup software is specifically designed for the enterprise.
2. Ensure rotational backup systems are in place. It is essential to ensure the company has more than one backup hard drive available and that these drives are rotated as often as possible. Hard drives are much more affordable and allow the SME to back up all its data on at least two separate hard drives for additional protection against the loss of data.
3. Keep the backup off-site. It is vital to ensure all the SME's backup media is never kept together on-site. Get into the strict habit of always having a backup off-site. If a disaster such as theft, fire or flooding should destroy a server, it is likely the backup will be destroyed too, if on-site. Take the backup home, and even better, lock it away in a safe to ensure the latest backup is protected.
4. Do a full backup. Specifically with server environments, it is recommended that a full backup or bare metal recovery option is selected, as the server contains not only files and folders, but also all settings, applications and specific configurations on the OS. A bare metal backup will ensure the SME is able to fully restore the server to its original state, as it was at the last successful backup.
5. Test the backup. It is important to understand how the backup works so that the SME is able to test the backup occasionally. Schedule a routine recovery on the system to ensure all data is being backed up. Backup solutions come with wizard-driven file recovery for data restoration; however, it is recommended to use an IT partner to assist with advanced recovery of systems.
First published in issue 290 of iWeek magazine.
Share