When insuring the contents of their house against theft, most people hope to be spending money on a policy they'll never have to use. The more cautious will over-pay, over-insure and over-protect, just in case the worst does happen. However, after several years of paying for an insurance policy they've never claimed against, it's certainly tempting to cut costs, take your chances and hope for the best – the further away people are from their last claim, the more they tend to forget about the implications, potential consequences and the value insurance adds.
In a similar way, any disaster recovery policy involves spending in order to protect against potential damage – in effect it's insurance against a disaster that may never happen. As a consequence, some companies may be tempted to axe it completely in an effort to cut costs during the recession.
It is possible to strike the right balance between cost and necessity. Consider the business principles behind disaster recovery and assess what the business would really need in the event of a disaster. DR is the strategy put in place by a business to prepare for the recovery of core data should a 'disaster' of any sort occur to put that data at risk. The balance is different for every company but always involves spending money to protect against a potentially much greater loss, whatever the economic climate.
Companies have varying DR strategies. SMBs that prioritise the need to recover lost data should their systems fail may salvage their information from tape stored on site. In many instances this is adequate but if they need to recover data in a very short time frame or seek additional protection, they might turn to a managed platform instead. If the data involved is mission-critical, a business might consider backing up its data with a dual site solution, using different physical locations to add resilience.
When Natwest's banking transfer functions were hit by a hardware failure earlier this year, millions of customers were left unable to withdraw cash, transfer money or pay bills. The overall monetary cost ran into millions after just one day but the cost in terms of customer satisfaction was immeasurable. A bad customer experience can leave behind resentment that lasts months or even years and should leave us all too aware of how cost-effective a quick and efficient disaster recovery strategy could be.
Backing up to a facility that meets specific compliance requirements can be a priority for businesses. Merchants that store, process and transmit cardholder data must, for example, store information in highly secure PCI DSS compliant facilities. In the event of a disaster, a secondary facility may be brought into play for speed but it must also be compliant in order to process card data.
Going down the IaaS route for DR strategy will in many cases deliver a highly flexible solution. Businesses can work closely with their provider to make sure the strategy is customised to meet budgets, without compromising on the necessary levels of security, compliance and speed.
In the end, especially during difficult economic times, it can all come down to striking the right balance between preparation for disaster and cost-effectiveness. Over-paying for a strategy that exceeds the values of potential losses doesn't make business sense but experience tells us it does pay to be prepared for disaster. Businesses need to carefully assess their needs to get the balance right. If organisations are willing to risk going without a comprehensive DR strategy, for the sake of cost saving in the recession it's something they may regret if they're caught out in the storm.
James Carnie is the head of solutions architecture at Adapt.