Tuesday, May 27, 2014

If a disaster were to strike your infrastructure right now – would your company survive?

Though many organisations believe that their disaster recovery and data back-up procedures are rock solid, investigations very often reveal the contrary. If some unforeseen disaster were to strike your business and IT infrastructure right now – are you absolutely sure your data would be safe and easily accessible? In this article we uncover the implications of data loss and discuss the ways in which companies can avoid irreversible damage.

[Adam Whittington] According to Gartner Group, only 6% of companies survive longer than two years after losing data. While 43% were immediately put out of business after a ‘major loss’ of data, 51% closed their doors within two years.

In an already competitive economy where survival is for many companies a daily struggle, few South African businesses can truly afford such risk.

The scary reality is that while many South African businesses have a solid IT infrastructure and a productive workforce as a result of that, many overlook the real risks that are associated with data loss. Regardless of the size of your organisation, data loss can be crippling, if your data is unable to be replaced.

Data protection and disaster recovery goes beyond a simple back-up now and again. Fail-proof data back-up, management and recovery, requires a systematic, highly organised approach that ensures every aspect of the infrastructure has been accounted for.

While many organisations believe that their back-up procedures are sufficient, when an unexpected failure occurs, many find that both their back-up and disaster recovery procedures fall far short of what they needed.

What constitutes a threat to data?

Data is found everywhere in every business. With the inclusion of PDA’s such as laptops, tablets and smartphones – individual workers carry sensitive and important data around with them beyond the borders of the office, making the threat of a loss of data even more pertinent.

There are four key areas of potential data loss that can impact your business:-

  • Human error: accidental data deletion, misplacement or modification
  • Software: software malfunction, inaccessible data due to new/updated software versions, virus infection, malware infection
  • Hardware: hard drive failure, CPU failure, misplacement or theft of devices
  • Unavoidable physical occurrences: power-surges and outages, theft, fire, flood, earthquake etc.
  • Intentional Internal Security breaches: employees with a grudge or something to gain, can pose a threat to data and overall security.
  • External Security Breaches: Small businesses are deemed an easy target for modern hackers

What are the implications of a loss of data?

We’ve already revealed a few common statistics regarding the survival rate of businesses after a major loss of data, however data that is lost – regardless of how seemingly minimal the quantity of data that may be – will have an impact on the business as it always carries a Rand value.

Compliance (POPI): The Protection of Personal Information Act (POPI) has been signed in to law by the President. For any company that processes any form of personal information, it is imperative that this personal information is retained within a secure environment. Organisations within Marketing, Financial Services, Healthcare and Hospitality are in particular impacted by this act. Find out more about POPI HERE.

  • Productivity: As a company struggles to re-instate data, time is lost to this activity, while access to information is hampered, thereby negatively impacting employee productivity on all fronts.
  • Accuracy: When data is not replaceable, or is only partly replaceable, employees will need to locate and recreate data entries and information. Inaccuracies can often occur in this process which can impact sales and revenue.
  • Reputation: Customers will expect that a professional, efficient organisation is able to secure data and maintain operational efficiency even when disaster strikes. If a sizeable quantity of data is lost, this can undermine customer confidence in the organisation.
  • Security: In the case of data theft, not only could your own organisation be placed at risk, but your customers can also be placed at risk.
  • Legal Liability: Customers who are the victims of an organisations data theft event, may elect to sue the business for damages. In addition to the legal costs involved, if the court rules in favour of the prosecution, then the business will be liable for the damages incurred. This has the potential to put the company out of business.
  • Cost: The productive hours required to reproduce data will commonly amount to more in Rands that the cost to maintain efficient data back-up plans and procedures.

The Solution: Simulate to Reveal your Weaknesses & Fix Them

Many organisations do not realise that their daily back-ups are not running as intended and to make matters worse, they assume that because they have a published disaster recovery plan in place, that their data and operations are secure. Very often however these plans are outdated and have no dedicated individual assigned to the management and review of the plan.

Untested plans do not work

Though not the most popular move in organisations, as it has undoubtedly entailed long nights or unwelcome disruptions to business operations in the past, disaster recover testing remains one of the most thorough, accurate methods of understanding the weaknesses and vulnerabilities within your infrastructure and disaster recovery, or business continuity plan.

Start with a good foundation

A rigorous hardware and software review should be conducted, after which consideration is given to all the potential things that could go wrong. An impact assessment should also take place where the impact of a disaster to all stakeholders is considered – including all personnel, the supply chain, third party vendors and of course, customers. From this foundation, a more accurate approach to testing is then possible.

Uncover and fix all issues

System based simulations are critical to uncover and address loopholes and problems and very often, a single simulation is not enough. Once issues have been identified and rectified, a new simulation will need to take place to ensure that back-up and disaster recovery plans and processes are operating optimally. Nothing should ever be left to chance.

Simulate real life for best results

The closer a simulation is to the anticipated genuine scenario – the better. End-users must be involved in the process and repeated rehearsals should be performed so that people know precisely what to do should disaster strike!

Make pro-active planning and management a habit

A comprehensive back-up and disaster recovery simulation should be performed at least once every 6 months as a standard approach. This will help to ensure that you remain in full control of the real state of your back-up and disaster recovery plan.

Embrace change

A hybrid approach to data back-up is one of the key benefits that have arisen from the advent of cloud based applications. Many organisations still make the mistake of storing back-up tapes and disks on the same property as the location of the infrastructure itself. With cloud based back-up as an additional measure of security, companies can swiftly and easily ensure that data is 100% secure. The key is to embrace new possibilities and capitalise on the more progressive means of data management that are now available to companies of all sizes.

Benefit from impartial assistance

Independent reviewers and observers, such as our technical personnel at MMC, are a valuable means to ensure a comprehensive approach to disaster recovery and business continuity. With our many years of experience in not only the design and implementation of efficient disaster recovery and business continuity plans, but also our experience in managing actual disaster recovery events, we are able to assist in all aspects of testing and design improvements.

We invite you to contact Anthony Simons, our Senior Business Solutions Consultant for more information. Let us help you secure the future of your organisation through the comprehensive management of your data.

Established in 1991, MMC provides organisations within the small to medium business sector with a variety of flexible, outsourced IT services. With solid implementation experience across a wide range of leading IT products, we provide robust, reliable solutions that are tailored specifically to the individual needs of our clients.

No comments:

Post a Comment