Back to List

How to Implement a Cloud-based Business Continuity Plan

Skyline Technologies  |  
Apr 23, 2019
 
First and foremost, you need to clarify your definitions. Make sure your team, your IT team, your business leaders, and your organization understand the definitions of RPO and RTO. Also make sure they understand how those impact their business and their business continuity plan.
 

Case Study

When one of our associates was doing corporate IT, he was on a business continuity planning team committee that set a recovery point of two hours (it was okay to have up to a two-hour data loss). He built the whole design around that RPO with a recovery time of 60 minutes or less and presented it to the owner of the company. He laughed and said, "There’s no way the business understands what a two-hour data loss means." This organization had a multi-step workflow that took an hour and a half to complete from end-to-end.
 
He said, "Go back to them and ask them if it's okay to run that process twice in the same day…I guarantee I know what the answer is." He was absolutely right. After explaining to the business what a two-hour RPO meant, they said it was unacceptable. That completely
 

Data/System Classification

Not all data and applications are the same. Are all systems truly critical for business continuity? Probably not. For example, recently we were working on the business continuity plan for a customer that uses SharePoint as one of their production workloads. When they did their analysis, they discovered their SharePoint is not critical to their business system. They can make money without having SharePoint online. Therefore, we were able to wrap a different business continuity strategy around their SharePoint compared to their critical business systems.
 

Documentation, Documentation, Documentation

Do you know what you have for your business continuity plan and how well it’s documented? What’s included? How do things get managed? One of the things we find missing in documentation (especially when it comes to business continuity) is the decision-making process behind it. In documenting, it’s vital to include why a decision was made for each step. For example, if you decide not to list SharePoint as a critical business system, include why it’s not critical. Leave no room for second-guessing.
 
Detailed documentation is important because we all have turnover within our organizations. Without explanations, you won’t understand the why behind the what. Also, time makes fools of us all. In a few years, how likely is it that you will remember why you decided what you did? It’s a common issue. People leave, time passes, and organizations evolve. Make sure you’re tracking the What’s, Why’s and How’s.
 

Recovery Type Cost Implications

Do you understand the cost implications behind the different recovery types and the necessity of each? It's important to have the design drive the budget –not the other way around. Otherwise, you will talk to your business, create definitions, classify your daily document, and create your design only to hear, “That's too expensive” or “It’s going to take too much time. We need something implemented cheaper and faster." That’s where you, as a decision-maker, should be able to say, "Here's how that's going to impact your business. It means you go from a 50-minute RPO to a two-hour or four-hour RPO. It means we go from a five-minute recovery time to a one-hour recovery time." You should be able to respond accordingly right away.
 

Manual Failover Steps

You want to minimize your manual failover steps as much as possible. If there are going to be manual steps and some just can't be avoided, make sure they are properly documented and easy to find.
 

Plan for Human Emotion

At the same organization mentioned in the other case study, we went through our business continuity planning and created what the company owner required: five binders of documentation. One lived in the data center; one lived at the shared desk of the two admins; one lived at the owner's desk inside the building; one lived at the owner's house; and one lived at the COO’s house.
 
On a Saturday night while our associate was on vacation, he got a phone call saying, “We had a power outage. Our backup power system failed and we're bringing systems back online, but we're having a problem. Can you tell us the order of turning on the server so we make sure things come online?" He said, "It's in the business continuity binder." They said, "Where's that?" He said, "Which one?" They didn’t know what he was talking about. There was one factor that hadn’t been considered in the planning: human emotion. They were flustered because they're trying to bring their systems back online and they had forgotten where the binders were. Since our associate wasn’t caught up in the emotion of the situation, he could remind them where to look.
 
Make sure your plan also includes human emotion. It doesn't matter how well a business continuity plan and manual steps are documented because finding that documentation and following it to the letter depends on the mental and emotional state of the people involved –which is impacted by the reason the recovery plan is being executed.
 

“How do we overcome internal opposition to the cloud?”

Speaking of emotion, some in your organization may oppose the idea of utilizing the cloud. There are many different reasons why people would object. The first step is understanding what the objection is and why they're averse to using the cloud. It could be security reasons, or it could be location-specific: some geographies within Azure don’t allow certain types of data. Maybe you have regulations within your organization where the cloud is not a viable location for your critical data. After you understand the reason behind the opposition, then you know how to educate them on why you think the cloud would be viable for your organization.
 

Test, test and test again

Test quarterly at the very least, and make sure you audit the results and mitigate and resolve any failures. Avoid the fate of a local 500-seat call center (that will remain unnamed) that sarcastically called its annual test of its backup power system their “annual power outage”. They test, but they don’t audit, mitigate, or resolve the backup power system failures. Every year for more than a dozen years, they ran the same test with the same results, and no resolution. When you create your test plan, make sure all parts are tested, audit the test results, remediate any issues, and test again.
 

Next Steps

First, define your RPOs and RTOs (notice the plural). Next, classify your systems and data. You want to make sure you’re defining the proper recovery type for each classification because it can have a huge impact on cost. Then build your plan, test it, and execute it.
 

Business Continuity is just one piece in your cloud strategy

Business continuity is a great place to start your cloud strategy because it's very low impact to your users. We tend to find that data backup recovery, whether it's business continuity-based recovery or just backup, is a great entrance into the cloud. If you would like help creating your business continuity plan, let us know!
 
Our cloud solutions team offers many cloud-readiness solutions, including:
 
  • Cloud Readiness Workshop – essential if your organization either doesn't have a cloud strategy or is very early in your cloud strategy build-out and would like help understanding what you need to do.
  • Cloud Optimization Assessment – ideal if your organization is already running in the cloud. Is it optimized? Is it cost effective? Are you truly getting the best bang for your buck? Are there things you can do to improve performance? How could you implement multiple geographies for this application that you're running in the cloud?
  • Business Continuity Planning – we can help you do data classification, help define your RPOs and RTOs, and help overcome internal objections. If you have business units objecting to the cloud, we can provide the information to educate and (hopefully) overcome some of those objections.
  • Backup and Recovery Services
  • App and Server Migration
  • Application Modernization – we can help you move from traditional infrastructure to a more agile, flexible, and scalable approach to application development.
 
If you have any questions about Business Continuity Planning, or any of these offerings, contact us. We’ll be happy to answer any question(s) you may have.
 

Get the free eBook

This is the last of 5 blogs on Where Should the Cloud Fit Into Your Business Continuity Plan?. To read them all right now, download our free eBook.
 
cloud business continuity plan ebook
 
Azure

 

Love our Blogs?

Sign up to get notified of new Skyline posts.

 


Related Content


Blog Article
Azure Tips & Tricks: Application Insights Snapshot Debugger
Todd TaylorTodd Taylor  |  
May 21, 2019
A painful memory that is burned into my developer-brain is a production support issue for a .NET web API that I wrote years ago. I worked for a large retailer at the time, and the bug was preventing electronic pricing signs from displaying the most up-to-date price for hundreds of products at...
Blog Article
Azure Tips & Tricks: Moving Operations in API Management
Todd TaylorTodd Taylor  |  
May 07, 2019
Azure API Management (APIM) helps developers save a lot of time by doing most of the heavy lifting involved in creating an API gateway and developer portal. However, the APIM administrative UI is missing a few minor times-saving features, such as the ability to move API operations between APIs...
Blog Article
Advantages of a Cloud-based Business Continuity Plan
Skyline Technologies  |  
Apr 09, 2019
One of the concerns we hear from customers is how much control is given up when moving to the cloud – especially in business continuity. That’s understandable, so we’re going to break down the advantages of an Azure Cloud Cold Site and Hot Site.   Azure Cloud Cold Site...
Blog Article
5 Pitfalls of a Traditional Business Continuity Plan
Skyline Technologies  |  
Mar 26, 2019
To get a clear view of where the cloud fits into your business continuity plan, it's helpful to examine the pitfalls of a traditional plan.   1. Cost Business continuity can be extremely costly when taking the traditional approach. You're buying two of everything for production...
Blog Article
Traditional vs. Cloud Assets for Your Business Continuity Plan
Skyline Technologies  |  
Mar 12, 2019
Let's consider how we have historically implemented IT assets to satisfy our business continuity plan.   Traditional Cold Site A traditional cold site is in a second owned or rented location. It’s typically not as nice as the primary site, and it's often at your business...