Is your business prepared for a disaster? What if a Katrina-like hurricane hit? Or what if your head of IT had a heart attack? A disaster-recovery plan is vital to small and midsize businesses, says Kelly Lipp, CTO of the data protection company STORServer. He says that while having any sort of plan is impressive, there is one area in which companies overextend their energies.
It's the big disasters that get the headlines: Katrina, earthquakes, wildfires, and tornadoes. But disaster strikes businesses far more often on smaller, more localized levels. Kelly Lipp, CTO of STORServer, a Colorado Springs, Colo.-based data protection company, argues that understanding the consequences of those smaller local disasters and what's required to get your business up and running after one strikes will prepare you to respond to a larger catastrophe.
Key to all of it, Lipp says, is imagination and understanding: imagining how you would respond to various disasters and understanding that data restoration is only part of the recovery process.
bMighty: What's the biggest -- or most consistent -- mistake you see companies making with disaster-recovery plans?
Kelly Lipp: Overemphasizing data recovery.
bMighty: Really?
Lipp: Sure. Again and again I see plans that place an overemphasis on data recovery to the exclusion of everything else, including common sense. Plans that cover restoring crucial data, but make no preparations for putting the data back to work. Where are you going to run the data? How are your users going to gain access to the data you've recovered? How are your customers and business partners going to access the data?
bMighty: So specific strategies and plans for data restoration are only part of the process?
Lipp: Yes, and in many ways the most easily addressed part. Recovering data is a relatively straightforward matter. Most of the companies I speak with, most of the data centers I visit, actually have reasonably good data plans, at least for the most mission-critical data. They have good storage and restoration media in use, with media stored off-site. For the most part, they are doing a good job with their data.
But other than the data, most don't have a reasonable plan for what to do after the disaster. How is the business going to look? What if key individuals are indisposed or unavailable as a consequence of the disaster?
bMighty: What's the best way to get started on putting together a comprehensive plan -- a plan that takes into account all of those overlooked factors?
Lipp: Sit in an office and imagine the office isn't there. How are you going to do business without that office? What steps are you prepared for, and what steps haven't been considered?
bMighty: That simple?
Lipp: That simple to get started. [Laughs.] But it's important to get started. As far as disaster recovery and business operations recovery -- separate from data concerns -- that starting point is crucial. Putting your imagination to work is an essential part of this. Do that exercise, and you'll be better prepared, even if nothing is written down. For that matter, a few notes on the back of a napkin is more of a plan than many businesses have for recovery beyond data recovery. You'd be surprised how many things you can think of just by letting your imagination work through the possibilities.
bMighty: And then you get others involved in the process.
Lipp: Yes. If IT is going to drive the process, it's important to ultimately get all of the stakeholders in the room, so that you can look at all the other aspects of the business that are involved in restoring operations. And whether or not IT is driving the process, IT's first job is to make sure the business's data and data-recovery plans and processes are as ready as they possibly can be for disaster recovery. Then you can check data recovery off the list and use your brainpower to address harder things.
bMighty: The result being a comprehensive disaster-recovery plan?
Lipp: Ideally, but you can be too comprehensive, sweat too many details. One of the most thorough I've ever seen filled three big binders. That's more detail than most businesses need.
bMighty: Somewhere between the back of the napkin and those three binders, then?
Lipp: I think a reasonable plan would run about 10 pages, identifying key individuals, key responsibilities, key steps in disaster recovery.
Next Page: What Happens When Your Key Players Are Unavailable?
