It’s time for the next installment of our “How to Speak Like a Data Center Geek” series. If you’re in the tech industry, you’ve probably heard the acronym BC/DR, which stands for “business continuity and disaster recovery.” It’s a scary sounding mouthful but it’s essential to every business. Not having a good BC/DR plan in place would be like not having a plan to take care of your own health. And if your BC/DR strategy isn’t complete, you may find yourself heading into the emergency room with a costly crisis to resolve. In fact, according to the Federal Emergency Management Agency (FEMA), 40-60% of small businesses never reopen their doors following a disaster and 90% fail within one year unless they can resume operations within five days.i
A quick BC/DR glossary
BC (Business Continuity): BC is about keeping the business running during routine maintenance and updates (planned downtime) or in the event of an emergency or disaster (unplanned downtime). A business continuity plan (BCP) identifies which business functions are essential for operations and establishes processes to keep them running with as little or no downtime as possible. Once the essential business functions and planned and unplanned downtime scenarios are identified, developing a business continuity plan involves conducting a business impact analysis (BIA) to identify vulnerabilities, evaluate the consequences of an interruption in business operations and determine what contingencies need to be put in place to address the risks. The ISO/TS 22317:2015 standard provides detailed guidelines on conducting a BIA.ii
Resilience: Resilience refers to how quickly an organization can adapt to disruptions while maintaining business operations. Without an effective BC/DR plan, it’s difficult to achieve resilience.
Redundancy: Redundancy is the duplication of critical system components so there will be a backup or alternate method if it fails. Redundancy can be as simple as backing up one database to mirroring an entire IT infrastructure at a separate geographic location. When planning for redundancy, it’s important to consider all the elements of an IT infrastructure that could fail to ensure that the risk is mitigated. This could include replicating data, applications, networks , power and more.
BCM (business continuity management): BCM is a framework for managing an organization’s risk and threat exposure by developing plans that enable the organization to continue operating and recover critical functions in the event of a business disruption. In addition to BC, BCM includes emergency response, crisis management and disaster recovery (DR). Need to know more? Check out the ISO 22301:2012 standard on business continuity management systems.iii
DR (disaster recovery): DR is a part of a BCP. Whereas business continuity focuses on comprehensive planning for the organization as a whole to mitigate risk, disaster recovery is typically centered on IT infrastructure. A disaster recovery plan (DRP) outlines the steps a business needs to take to restore technology systems after a disaster or emergency event has occurred.
- RTO (recovery time objective): RTO is the targeted maximum duration of time allowed for recovery of a business process (basically how long it will take to get the systems operational again). It is usually defined during the BIA by the process owner.
- RPO (recovery point objective): RPO is the targeted maximum period of time allowed for data to be lost due to an incident (basically the minimum frequency of backups). An RPO of 12 hours means that data needs to be backed up every 12 hours. For less aggressive RPO targets, daily off-site backups to tape may work, but RPOs measured in minutes will require continuous mirroring to another site.
- DR test (disaster recovery test): It’s important to regularly test a DR plan to ensure that it will work in the event of an actual disaster and meet RTO and RPO objectives. Once testing is complete, the DR plan should be updated to address anything that didn’t work.
Harnessing the cloud for BC/DR
All the advantages of the cloud (flexibility, scalability, cost) can work for BC/DR as well. Critical IT system elements, data and applications can be mirrored to the cloud, or multiple clouds for redundancy, enabling faster time to recovery in the event of a failure. If a failure occurs, the organization can fail over to one of the cloud mirrors and then fail back when the incident is resolved. One thing to keep in mind when leveraging the cloud for BC/DR is to make sure that the mirrored cloud site is geographically distant from the primary location. And the type of interconnection between your primary and secondary locations does matter – using the public internet introduces network congestion and latency (delays) that cause unpredictable performance and increases security risks.
Direct and secure private interconnection between BC/DR sites is needed to achieve high availability and lower RTO/RPO objectives. With Equinix Cloud Exchange Fabric™ (ECX Fabric™), a business can build geo-diverse, resilient software-defined interconnection to cloud services, minimizing downtime or service disruptions. ECX Fabric interconnects Equinix International Business Exchange™ (IBX®) data centers in metros around the world, bypassing the public internet to avoid network congestion and reduce security threats. Its secure and reliable, high-performance, low-latency virtual connections to networks, clouds and remote IBX data centers can be provisioned in minutes, accelerating the deployment of BC/DR infrastructures and enabling instantaneous high availability on-demand.
Watch the video (below) and download the ECX Fabric Data Sheet to learn more about ensuring business continuity across multiple clouds.
Like to geek out? Here are more geek posts to binge on.
Part 7: Security and reliability
Part 17: Artificial Intelligence
Part 21: Infrastructure Services
Part 22: Business Continuity and Disaster Recovery (see above)
[i] FEMA, Make Your Business Resilient Infographic.
[ii] ISO/TS 22317:2015, Societal security — Business continuity management systems — Guidelines for business impact analysis (BIA).
[iii] ISO 22301:2012, Societal security — Business continuity management systems — Requirements.