Time is Money: Top Mistakes in Combating Costly IT Outages

Dante Orsini

By Dante Orsini

It’s no secret a single IT outage can wreak havoc on a firm’s revenue and reputation. Headlines about outages tend to evoke different reactions for people. Some judge: “How could that company be so irresponsible?” Others laugh: “Glad I’m not them.” Others cringe in fear: “Could that happen to us?”

These are all fair human responses. In reality, very few companies are adequately prepared to combat and recover from the business threats that can trigger an IT outage–from a cyber-attack to human error to an environmental disaster. Overconfidence, misinformation and mistakes are rampant and especially dangerous to law firms, as the transactional nature of legal services means that IT availability is critical.

Steven Heller, director of technology for law firm Graubard Miller, may have said it best: “If my users aren’t connected, they’re not serving clients, so availability and redundancy are my top priorities.”

Here are some quick tips for avoiding common mistakes and misconceptions that prevent business continuity during an IT outage:

Don’t Confuse Remote Backup and Disaster Recovery
Too often, “remote backup” and “disaster recovery” are incorrectly used interchangeably. In truth, the difference can mean waiting a day (or even weeks) for copies of data versus having all systems back online in minutes.

Backup is simply a copy of your data. Of course, archiving your data somewhere safe is hugely important for regulatory requirements. It’s also a helpful measure for data protection against threats like ransomware because a company can revert to backup copies of their data instead of paying a malicious attacker for the original copies. Recognizing this, firms are increasingly improving their backup capabilities by abandoning traditional tape solutions in favor of more reliable remote, cloud-based backup.

However, backup falls short of ensuring business continuity for a few reasons. Generally, backups are made nightly, so content and applications can be stale. Further, obtaining the backup files—even when using some remote services—can take days or weeks.

Modern disaster recovery tools enable firms to operate as if an IT outage never occurred. These systems continuously replicate your data and applications, so you never settle for an outdated copy. What’s more, cloud-based disaster recovery (or Disaster-Recovery-as-a-Service – DRaaS) eliminates the need for secondary IT infrastructure requirements, so your team doesn’t have to maintain additional hardware.

Strategically Balance Business Risks and Disaster Recovery Costs
Traditionally, business continuity initiatives were the first to fall off IT’s priority list, and budget concerns were the major reason. Companies that did not have secondary IT infrastructures were forced to take risky bets, hoping an IT outage would not affect them. The budget argument is no longer relevant, as cloud-based disaster recovery enables firms to stay online during a disaster regardless of their IT footprint.

By relying on cloud infrastructure as your secondary site, you ensure resilience and avoid wasting resources on additional hardware. Pay as you go pricing models only charge you for the resources you consume. And, modern disaster recovery and backup software allows you to prioritize what you recover quickly and what can wait so that you can completely cost-optimize for your budget, business needs and compliance requirements.

Do Not Underestimate the Importance of Security
Regulated industries have been the largest and earliest adopters of cloud-based disaster recovery because they are subject to IT resilience requirements. However, while these teams adopt DRaaS to ensure they can stay online in case of an issue, they often overlook the security of the environment they are moving to. That means even if they survive the initial problem, their data and applications are still at risk because the cloud they rely on may be vulnerable to cyber threats.

As you evaluate cloud-based disaster recovery vendors, pay close attention to their integrated security features. Look for advanced functionality like intrusion prevention, encryption, antivirus/anti-malware tools and reporting that will help keep you ahead of today’s emerging cyber threats. After all, you may be on that platform for days, weeks or even months, and services and support vary greatly.

Don’t forget about the Audit After
Many times, IT teams are not aware of specific compliance requirements of individual clients, particularly in regulated industries like healthcare and finance. Misconceptions around compliance could create significant issues if IT were to fail over compliance-bound data to a non-compliant infrastructure or cloud provider.

So what is the lesson? Do the due diligence to ensure your disaster recovery provider complies with the regulations that apply to your clients, including data sovereignty considerations. Do not settle for simply checking the compliance logos thrown onto an IT vendor’s website. Verify the dates of certificates to ensure they are still valid, check out their audit paperwork, and ask if you can speak to their compliance team. A little up-front validation can prevent a very unpleasant audit later.

Test, Test and Test Again
Many times, companies spend the time and resources implementing a disaster recovery plan and never actually test to make sure it works properly. The majority are hesitant because testing has traditionally slowed down performance of primary infrastructure, and no one likes a slow network. Cloud-based disaster recovery eliminates this issue, as teams can execute testing on-demand with no impact to normal operations. Top DRaaS providers will also work directly with your team to troubleshoot any issues. Because of the dynamic nature of IT, tests should be conducted regularly (annually at a minimum).

In the end, you are busy. Your team is busy. But in the face of today’s business threats, no company can afford to settle when it comes to ensuring business continuity. By following these tips, you can avoid the mistakes I see companies make every day, and stay out of those troubling headlines.

Dante Orsini is senior vice president of business development at iland, a global cloud hosting company and recognized leader in Disaster-Recovery-as-a-Service. As a trusted partner, Dante works directly with customers to anticipate and address complex requirements and tune solutions that balance business priorities and compliance needs. For more information and industry analyst insights, go to www.iland.com/draas/.