It is no secret that every organization believes in disaster preparedness and business continuity. Companies are emphasizing disaster recovery and developing digital resilience to ensure business continuity. But what does this plan look like when tested in a real-world scenario?
When we delve deeper into past events around the world that created disastrous scenarios that took companies days and months to recover, it becomes clear what a sound resilience system means for a business.
Business Resilience and Disaster Recovery Case Scenario
Business continuity relies on system resiliency which is a key to recovery. Resiliency principles have allowed organizations to learn how to respond, re-engage, and emerge stronger amid disruptive change. Becoming resilient also means experimenting with new approaches and regaining productivity while applying learnings and integrating toolkits.
Let’s look at two examples of business continuity to see how organizations have worked to reduce downtime after critical events. And later, we’ll learn the importance of a well-planned disaster recovery strategy for resilience.
First Case Scenario: Computer Virus Infects UK Hospital Network, Caused Stopped Operations For 5 Days
In 2016, we saw one of the worst business continuity planning ever when a computer virus infected the UK hospital network. This was a time when very little was known about ransomware, and who never thought it could be such a significant threat to the business community.
A terrible “computer virus” infected a network of hospitals in the UK known as the Northern Lincolnshire and Goole NHS Foundation Trust on October 30, 2016. At the time, officials weren’t sure of the exact cause of the system breakout, but the impact on its operation was devastating:
- The virus paralyzed his system, and stopped working at three different hospitals for five days.
- Even in “major trauma” or childbirth, patients were thrown out the door and sent to other hospitals.
- More than 2,800 inpatient procedures and appointments were canceled due to the attack. Only critical emergency patients, such as those suffering from serious accidents, were admitted.
Later, Computing.co.uk, in one of its reports, speculated that there was no business continuity plan document.
(Here, you can learn more about how to develop an IT business continuity plan keeping in focus your disaster recovery requirements.)
In an industry such as healthcare, disaster scenarios in healthcare facilities can be life-or-death.
Second Case Scenario: Internet Marketing Firm Goes Mobile In The Face Of Hurricane Harvey
In August 2017, Hurricane Harvey entered Southeast Texas, destroying homes and businesses across the region. Hurricane Harvey was a devastating Category 4 hurricane which means having a hard time fixing things or no recovery. Research shows that 40-60% of small businesses never open their doors after such a major disaster. But, there is an example available of a small firm that didn’t want to be a second statistic.
Gail Media, a small internet marketing agency, was almost one of them. Their offices were flooded when Lake Houston flooded despite being located on the second floor of an office building. The flood was so severe that no one could enter the building for three months. And when GAIL employees were finally able to enter the space after the water level receded, any hope of recovering the area was quickly crushed.
The company never returned to the building. However, its operation was hardly affected. This is because GAIL stores most of its data in the cloud, allowing employees to work remotely in the storm’s aftermath.
Find answers here for questions why should you choose cloud to implement disaster recovery and how exactly it helps?
Even with the office closed, he never lost access to his important documents and records. In fact, when it came time to decide where to move, the owner ultimately decided to keep the company decentralized, allowing workers to continue working remotely (and providing a glimpse of how we will adapt to disaster during the Covid 19 pandemic three years later).
If the company had stored all its data in the office, the business might never have been well.
Why Has There Been A Shift To Resilience From Recovery?
Let’s understand this with another example.
In 2013, lightning struck an office building in Mount Pleasant, South Carolina, causing a fire. The office was the home of Canty Technology, an IT company that hosts servers for over 200 customers.
The fire burned down Canty’s network infrastructure, melted cables, and burned his computer hardware. The equipment was destroyed beyond repair, and the office was unusable. The situation looked bleak for a company whose core service is hosting servers for other companies. The entire infrastructure of the Canty was destroyed.
But ultimately, Canty’s customers never knew the difference:
Canty had already moved its client servers to a remote data center, where continuous backups were stored as part of its business continuity plan. (At present, cloud-based backups can be secure off-site for storage.)
Even though Canty’s employees were forced to move to a temporary office, its customers never experienced interruptions in service. It was an outcome that could have been very different. The company placed all of its client servers on the site only five years ago. But founder Willis Canty rightly determined that this setup posed too many risks. It would require a significant on-site disruption to wipe out her entire business as well as the businesses of her clients, potentially exposing her to legal liabilities. Thus Canty implemented a more comprehensive disaster recovery plan and moved its customers’ servers off-site.
So Should You Go With Resilience or Disaster Recovery?
The most important thing here is to notice an effective resilience plan has already been there, used, and tested in the worst scenarios even before Covid19 happened. CEOs or CTOs who have seen disaster coming in any form or in any shape have prepared and backed themselves with available advanced technologies and solutions.
But the ones who have not identified the difference and importance of each business continuity plan here is a short note for them that clearly differentiates the difference and uses cases:
Defining Disaster Recovery
Disaster recovery is the process of bringing IT services back online after a failure or outage. These scenarios could be due to a natural disaster, a global pandemic, or a cyber attack. Getting back online can be a largely manual process that requires a high level of human orchestration. For example, disaster recovery has long been the way most banks deal with major system outages. However, recently, there has been a significant shift towards a focus on resilience rather than recovery.
Companies today still prefer disaster recovery based on the nature of their business. Cloud-based DR is the best alternative for them as they experience better RTO and RPO. However, the DR is best for companies that can afford to lose data for some hours.
Learn here how to design your cloud based backup only disaster recovery strategy
Defining System Resiliency
The resilience approach focuses on protecting core services and preventing issues before they happen. This may include identifying risks and vulnerabilities associated with services that support critical business processes and conducting a detailed risk assessment of the impact of the outage. Measures are then implemented to address these risks.
System resiliency is crucial for you if your business relies on business-critical applications. Being a resilient business means downtime is measured in minutes. Whether caused by ransomware, human error, or some other event, a significant loss of data can be disastrous for businesses operating with mission-critical applications.
These companies design their data backup and recovery to meet system resiliency, ensuring business continuity. Solutions from cloud service providers, for example, are built with numerous features to ensure continuity, including hybrid cloud technology (backups stored both on-site and in the cloud), instant virtualization, ransomware detection, and automatic backup verification, to name a few allows you always to have a mirror copy of all your files.
A data backup solution itself won’t prevent data-loss events from occurring. But it does ensure that businesses can rapidly recover data if/when disaster strikes so that operations are minimally impacted – and that’s the whole point of becoming resilient.
