The “TechTarget” website is adamant about the five components of disaster recovery and business continuity – and the last ranks among the most critical: “The care and feeding of your plan.”
Disaster recovery and business continuity (referred to as DR/BC), TechTarget says, “should be considered ‘living documents,’ which need to be periodically reviewed and updated to ensure the plan is accurate, and the procedures defined in the corporate disaster recovery plan will facilitate recovery when performed.
It seems obvious, but not everyone understands it, so TechTarget makes the point several times, starting with: “You can’t restore what you don’t protect.
Part of the DR/BC at the Cayman Islands Chamber of Commerce is on behalf of government, preserving and protecting information that enables departments to function.
“We are, in a sense, an extension of government,” says Chamber CEO Wil Pineau. “They send us documents that need protection, that need to be secure, sure that no one is looking at them.”
The Chamber plan was created by local experts Ronco Cayman Communications Ltd. and, internationally, by Quickbooks – accounting software developed by Intuit for small and medium-sized, businesses. The former is developed with Weblink, which offers a server-based program specifically designed for Chambers of Commerce “for managing your members, prospects, financial data, events and communications,” according to its website.
The Quickbooks program relies on “cloud” storage and backup, readily retrievable and beyond the reach of local disruptions.
Pineau says the organization’s databases “are our most valuable assets so we take data protection and recovery very seriously.”
Ronco provides IT support, preventing “outside hackers from gaining access to our data, including financial records,” and the Quickbooks partners “ensure that we have several backups in case one is corrupted due to natural or human disasters.”
He describes three database levels – “core areas” – the Chamber holds: membership records in all their detail; email, on an exchange server; and financial data, “on the Quickbooks system that we need to protect.”
A rising tide of malicious invasions requires robust, ongoing protection.
“Spammers and hackers are becoming increasingly sophisticated in their attempts to access sensitive information,” he says. “Our IT and software partners monitor the … threats, and have put in place email filters and website-protection measures. It is an ever-changing process that requires constant attention and is an important aspect of our operations.”
The Chamber needs only a modest system for its 700 members – as opposed to the demands of, say, a multinational corporation with thousands of employees. The importance of efficient protection and recovery is no less, however.
“Our system is multi-dimensional,” he says, acknowledging the “relatively small system compared to larger companies,” but anyone entrusting their data to the Chamber needs to know that “we take data protection and recovery very seriously.
“You always have to be prepared for the next attack.” Invaders, he says, “are always attempting to find the back door into your system. A business must always be working to ensure that there are redundancy systems in place in case forced entries occur, particularly if the business collects sensitive information such as credit card and personal identification information.
“An effective data protection and recovery strategy incorporates multiple processes to ensure there are back-up measures,” Pineau says.
He cites a lightning strike at one point that compromised a local server. It took “a couple of days,” he says, to “get the full system back up and running,” although TechTarget points out that is not necessarily a problem.
“For most organizations,” author George Crump of Storage Switzerland, says, “resuming critical day-to-day operations involves recovering less than 5 percent of the servers and 5 percent of the data.
“These are typically critical databases and the applications used to access those databases. The remaining 95 percent of data is reference or archival data. While often important, it is not critical to resume immediate operations. This data can be recovered later as time allows.”
The Chamber’s cloud storage remained unaffected by the strike, Pineau says, and recovery of the server-based information was relatively efficient.
“We had several backups that we could access to prevent loss or interruption, ensuring, he says, “the ability to work remotely from anywhere in the world.”
Backup, in fact, is the fundamental strategy for disaster recovery, but that means data must be copied and sent – at the least – to a second on-site system, although, ideally, it should go offsite in case of a local outage or disaster.
A U.S.-based example was the widespread havoc from Hurricane Sandy on the East Coast in 2012. The storm spanned more than 1,100 miles, suggesting that disaster recovery services may best be located at considerable distance from the origination site.
Lending weight to that admonition is Hurricane Ivan, which wrecked most local infrastructure in 2004, jeopardizing any local backup. Intuit – and its Quickbooks application – was founded in California in 1983, and boasts offices in Canada and the U.K.
This can cause its own problems, however, as retrieval of data across a public – as opposed to a private – network can expose the DR/BC company to issues of bandwidth, latency and jitter if transmitted at a distance.
“The network link and bandwidth that enabled you to copy data to the remote site in dribs and drabs may prove woefully inadequate to the task of transporting all of your data back to you in a short time frame following a disaster,” according to TechTarget author Jon Toigo, president of Florida-based Toigo Partners International.
The Chamber’s lightning strike briefly compromised email functions, Pineau says, “but the servers had backup and we got on line,” reasonably quickly.
At least for the moment, data protection forms a greater priority for the chamber than recovery, but Pineau is cognizant of his members’ needs.
“The Chamber works with our members to offer courses and seminars on this subject. We also share information that we receive from our members who specialize in this field of work. It is important to provide regular tips since data protection and recovery is an essential component for most businesses today.”
The issues involved are sufficiently critical that the Chamber, while hoping to expand its services to online payments, is moving cautiously, seeking the right partners.
Cayman’s small business owners have long lamented the lack of online payment facilities, pointing to loss of customers and revenues, making commercial survival harder in an already difficult environment.
“We are thinking of moving in that direction,” the CEO says, “but it’s not an easy process,” relying critically on protection and recovery networks.
“Once we get this, we need to protect it and we need robust systems. We just are not comfortable with it right now.
“Our software company in the U.S. has proposed a U.S.-based clearing bank, but we don’t want that. We want to go through a Cayman bank – and we’re not there just yet.”
Managing that change brings questions of continuity and recovery full circle.
“Change management is a formal process that ensures changes to a product, process or system are introduced and implemented in a controlled and coordinated manner,” Paul Kirvan writes for TechTarget, cautioning that disaster recovery often takes a back seat.
Plans for corporate disaster recovery need to be kept up-to-date, he says, “as part of the overall change-management process.” The lesson: “Plan the work, then work the plan.”