By Sasha Malic, Head: Availability Services, ContinuitySA
In my previous blog, I outlined the reasons why many organisations are opting not just for the DRaaS model, but to procure it as a managed service from a specialist business continuity company.
The deciding factor? The domain expertise and experience a business continuity provider can provide. The provider of managed DRaaS has to play the role of a trusted advisor who will not only ensure that you have a DR plan that is properly scoped and will work, but who will help you survive a disaster.
Here are some of the key questions to ask:
Another important performance-related question would concern how responsive the service provider is. How quickly do they respond to questions or issues, and what hours are they available?
Once you have chosen your managed DRaaS provider, you should expect to receive primary business and technical contacts; access to a portal containing information about the DRaaS resources and performance, including a dashboard of some kind; access to a user community of fellow clients; proactive notifications about challenges or changes; and help with testing.
In our next blog, I will attempt to identify the success factors of a successful DR plan.]]>
Public cloud providers would include the cloud computing leaders like Amazon Web Services, Microsoft Azure and many others. The cost benefits can be significant, but of course you are just one of many clients, and no specific DR expertise is offered.
Larger companies with multiple data centres could use the DRaaS approach to provide a private cloud within which to provide the DR. The economies of scale would obviously be less substantial, but this might suit a company with a desire to control the solution. Again, though, the company would have to provide the DR expertise.
However, another approach has emerged which, I believe, offers the best of all worlds: managed DRaaS. It is an increasingly popular option for companies large and small, because it combines the cost and scalability benefits of the cloud model, while acknowledging the complexity of DR.
Some of this complexity was indicated in the previous blog, More than just alternate infrastructure, but there is also the fact to consider that ensuring the DR solution is kept up to date and continually tested are also intensive and specialist tasks. As important, when a disaster occurs, it’s quite reassuring to have access to people who have been through such stressful experiences before—and the chances of a successful recovery are higher.
Finding powerful friends
For these reasons, opting for a managed DRaaS solution is gaining favour. In this model, the organisation would contract with a business continuity provider like ContinuitySA, who would offer the DR capability over a network link as described, but would be able also to offer the advisory help in scoping and implementing the right solution, and also the best practices and processes to ensure the solution remains current, and is tested regularly.
The service provider would also have the skilled and experienced personnel on hand to help a client through an actual disaster, a high-pressure period where faulty decision-making can have devastating consequences.
At the same time, the client would receive the cost benefits of effectively sharing the service provider’s infrastructure based on usage, effectively a quasi-private cloud but, of course, with all the governance in place to ensure that client data and systems remain rigorously separate.
If you should decide this is the approach that makes most sense for your organisation, clearly the next big question is how to choose a DRaaS provider—something we’ll look at in depth next time.]]>
By Sasha Malic, Head: Availability Services, ContinuitySA
In my previous blog, I argued that the DRaaS model was extremely attractive because it allowed companies and government entities to access the alternate technology needed to keep them up and running in the event of a disaster. But I also made it clear that DR was more than just access to alternate technology—the solution must met the organisation’s needs, and it will have to guaranteed to work when it’s needed.
DRaaS makes accessing the alternate technology easy and less expensive, but it is still necessary to understand what data and applications are going to be recovered, and to what extent. Everything has its price tag, and its impact on the whole, so the whole system has to be properly understood. These are the key steps:
Next time, we’ll look at a final issue that needs to be resolved: which type of DRaaS you will opt for.]]>
By Sasha Malic, Head: Availability Services, ContinuitySA
Having a proper disaster recovery solution in place—one that is guaranteed to work when the chips are down—used to be the preserve of banks and big corporations with deep pockets and regulatory obligations. Now, in the wake of King III and similar codes, the critical importance of IT for a business’s sustainability has made DR a board responsibility.
No company, big or small, can afford for its IT systems to go down for an extended period. Customers and business partners simply will not tolerate the unavailability of a company or its applications due to system failure, however good the reason. If a company can’t trade even for a short time, it risks losing customers to competitors who are up.
But setting up an alternate recovery site, with hardware and office space, is expensive not only in terms of capital and operational costs, but also in terms of management focus. It’s a highly specialised discipline to scope, implement and test a DR solution, and then to manage it when a disaster is invoked.
The “aas” revolution
The notion of purchasing DR as a service—DraaS—is revolutionising the industry, and making true DR a reality for companies who had long considered DR to be outside their reach. It works on the cloud computing model, which means that instead of buying or renting an alternate site, and the necessary kit, companies can now obtain the necessary processing and storage capacity from the cloud to set up a virtual DR site, just as they would purchase infrastructure, software or even platforms in the same way. The “as a service” model has matured to the extent that providers now have the software to make the process of getting and then scaling these types of services very simple.
However, while DRaaS makes economic sense, but it should not be seen as a new way to access the necessary hardware and software. To get it genuinely as a service means partnering with a specialist DR provider who can deliver the advantages of the “as a service” model combined with the best practices and experience to make sure it works.
We’ll explore what this means in the next blog, when we consider what steps make up a true DRaaS solution.]]>
“Despite the fact that commerce depends utterly on applications and data, a Veeam study found that 84 percent of CIOs globally cannot deliver the uptime that their businesses demand,” he says. “This availability gap has increased by 2 percent since the last study in 2014. Specifically, unplanned downtime for mission-critical applications has risen to 1.9 hours from 1.4 hours, while the figure for non-mission-critical applications is 5.8 hours, up from four hours.”
Similar underperformance is evident when it comes to recovery time objective for mission-critical applications, which is three hours as opposed to the service-level agreement/ business requirement of 1.6 hours. Recovery point objective is 4.2 hours against the idea of 2.9 hours.
“The Report estimates that the average annual cost of downtime for an organisation can reach $16 million within a 12-month period, an increase of $6 million on the 2014 figure,” Odgers says. “Lack of availability is costing organisations big money—and these figures do not take into account the negative effect on brand equity.”
Odgers says that the huge growth in DRaaS and BaaS (BackUp as a Service) is being driven by CIOs’ need to bridge the availability gap while coping with tightening budgets. The growing maturity of the cloud means that it’s now possible to access offsite infrastructure and storage without investing capital in expensive disaster recovery sites, along with the associated operational and management costs.
However, he emphasises, disaster recovery and backup require considerably more than just reliable alternate infrastructure. Partnering with a reputable business continuity provider like ContinuitySA means that organisations can also access the specialist expertise to ensure that the disaster recovery solution is properly scoped, managed and regularly tested. A specialist provider of business continuity management services also has the experience and staff to offer help in recovering after an event.
The remaining piece of the puzzle, Odgers says, is to provide an easy, efficient way to automate and secure the process of transferring backups or replicas to the offsite provider. At the same time, the solution needs to accommodate clients who also want a backup or replication onsite as well.
Odgers says that Veeam uses the 3-2-1 rule to a solution with the right balance between on- and offsite copies of the data: three copies on two different types of medium, with one of them offsite,” Odgers explains. “Veeam Cloud Connect provides the platform that provides a simple, easy-to-manage dashboard both for the client and the cloud service provider. It also uses SSL encryption to protect data in transit, and a WAN accelerator to reduce the load on the network.”
Odgers says that Veeam now protects more than 11,1 million virtual machines worldwide in partnership with cloud and service providers like ContinuitySA.
“It’s all about providing an easy and cost-effective way for CIOs to take advantage of the cloud to improve their ability to close the availability gap within their budgets,” Odgers concludes. “In fact, the capability is so flexible that CIOs are even using it to provide them with the extra capacity they need for finite but intense workloads, such as marketing campaigns.”
 2016 Veeam Availability Report, available at https://go.veeam.com/2016-availability-report.html.]]>
By Willem Olivier, GM: Africa. ContinuitySA
As we all know, the value of an effective BCM is becoming more widely appreciated as companies take sustainability more seriously. Nowhere is this more true than in Africa, where businesses are gearing up to take advantage of the continent’s opportunities but find their ability to compete hampered by unreliable national infrastructures and a lack of BCM experience. Many are finding that a credible BCM capability is a requirement for entering into solid partnerships with global companies, and to building a loyal customer base.
To many companies, it initially seems as though insourcing BCM makes the best sense—they reason it will be cheaper, everything will be under their control and they do not risk compromising data confidentiality. But in many cases these initial assessments fail to take into account the hidden costs and pitfalls of insourcing. Before making a decision, companies should consider the following issues:
Are there hidden financial costs? Building and equipping a recovery facility requires both capital and operating budget. Organisations should also not forget the expense of maintaining the equipment and facilities, as well as renewing the technology. Companies often forget that existing budgets such as facilities maintenance, will not be able to absorb the extra expense. Alternatively, removing expensive BCM infrastructure from the balance sheet is likely to be desirable, and syndication via an outsourcer invariable reduces costs substantially.
Are there hidden personnel costs? It’s unlikely your staff has the necessary specialist BCM expertise, so these skills will have to be acquired—at a cost. Almost certainly, extra staff will have to be hired as an effective BCM programme is complex and ongoing. And don’t imagine that your existing management capabilities (such as facilities management) will be able to absorb the extra work without hiring extra staff.
What are the hidden complexities of BCM? Commissioning a failover data centre and work-area recovery facility is actually the easy part of BCM on the vendor’s side — and it’s not that easy! Harder by far is developing the right business continuity plan in line with the company’s strategies and risk appetite, and putting in place the complex business processes needed to ensure that, in the event of a disaster, the business can recover. What happens if the only or one of your key BCM resources is ill or away when a disaster happens? And, most important of all, are you testing the BCM solution regularly, and feeding the results back into the plan to ensure continuous improvement? Chances are that you aren’t, simply because the time is never right, and today’s business is always the priority.
The answer for many companies is a combination of in- and outsourcing, a solution that hopefully gives them the best of both worlds. But when making the decision, remember that there is never a dress rehearsal for a disaster—it’s always for real. When the chips are down, having an expert by your side usually makes sense!]]>
The cyber security and business resilience session will be held at ContinuitySA media briefing session in Midrand on Thursday 19th May from 7h30 – 10.30. Seats are limited so register now at http://www.continuitysa.com/cyber-security-breakfast/
Aimed at C-level executives from board members to the CIO, CFO, COO, CTO and CEO the event will give answers to questions such as how to quantify a cyber threat? Reflect and get advice on how prepared you are for these threats and look at how the threat landscape can be monitored.
Ensure your business can achieve more than a basic level of #cybersecurity and safeguard your organisations business resilience from the current threat landscape for total peace of mind by attending this session.]]>
Many factors such as industrial action, extreme weather conditions, routing upgrades or hardware failure can all lead to extensive loss of data, the consequences of which could be catastrophic to your business.
Disaster Recovery as a Service, commonly known as DRaaS, is a comprehensive portfolio of services that offers a potential solution, however does it offer the full service that you would expect unless it is properly managed by a company with many years of expertise and a proven track record providing DRaaS.
In the ‘safe hands’ of a competent organisation like ContinuitySA, who efficiently design, set up and manage every facet of your customised data protection, you can have absolute peace of mind to focus on your business.
ContinuitySA offers a three tiered approach to DRaaS:
Server replication – Includes fully managed offsite data recovery centres to which you replicate your servers. Servers can be failed over in minutes. This protects physical, virtual and cloud hosted servers.
Managed Virtual Server hosting – Used for production hosting or secondary live servers. You are able to increase or decrease resources such as storage and memory at any time, without having to re-provision your servers.
Managed backup – Expertly managed disk based backup reduces your backup window, dramatically shortening backup times. Primary backup devices can be located at your premises, replicating to the recovery centre eliminating link bottlenecks.
There are substantial cost benefits to moving to a DRaaS model which also frees up your IT staff to focus on other projects.
ContinuitySA offers 24/7 expert advice, management, monitoring and reporting to give you…….
TOTAL PEACE OF MIND!]]>
When it’s time to find premises for your new business or when you are relocating or need extra office space, it’s interesting to consider the alternatives available. Should you deliberate about office renovations, take a new building or evaluate a resilient office space?
In addition to its core Business Continuity Management, ContinuitySA is offering resilient office space to companies who want the benefits of a fully managed office solution at a fixed monthly costs.
So what is our resilient office solution you may ask?
Our resilient office space is essentially a ready-made, customised office solution which is fully managed to get your business up and operating with the minimum of turnaround times in a business resilient environment at a fixed monthly cost. Equipped with optional desk top computers, furniture and flexible telephony options (Avaya, Mitel or your own) this solution can get you operational speedily. Access is available to our onsite data centre. UPS and diesel generators provide electrical back up during potential winter load shedding, and emergency water supplies are also available. Superior bandwidth connectivity is supplied with multiple WAN ISP’s.
Our facilities also offer onsite parking as well as being close to public transport nodes. 24 hour service desk support is on hand to support your infrastructure and around the clock security. A flexible approach to contracts, be they short or long term, allows you to build a best fit solution perfect for you as well as taking into account scalability during the contract period.
So if your business needs more space or you’re looking at alternative office solutions why not find out more. Contact us on email firstname.lastname@example.org or click here for more details or for somebody to contact you on what options and locations we have readily available.]]>
By Michael Davies, CEO, ContinuitySA
The final set of risks relate to geo-politics and, in particular, terrorism. Our team recognised that these are risks that are largely out of companies’ control, but they need to understand them and have mitigation plans in place.
We decided to include these risks particularly because Africa seems to be more and more vulnerable to them, terrorism in particular. It comes at a time when South African businesses, in particular, are looking to expand north in order to achieve the growth that is so elusive domestically. Unfortunately, many of the continent’s most attractive markets are also increasingly theatres for political violence. Kenya and Nigeria are two cases in point, with Al Shabaab active in the former, and Boko Haram in the latter.
Don’t forget that this risk applies also to your supply chain
Companies attracted by these markets must therefore take the time and trouble to understand the risks they pose, and put contingency plans in place. The safety of employees is of particular concern, and the threat of kidnap is also real. Companies have a well-established Duty of Care to their employees which does not end when at a border.
This is a highly specialised area, and it’s one in which the aid of specialists should be sought. Your insurance company is likely to be very helpful because the risk may be insured, and also your legal advisors would offer insight into what your obligations are. Both will have relationships with security companies that specialise in these types of risk, and who will possibly be able to offer information and counsel.
In conclusion, and looking at the five risks as a whole, we feel that it’s very important to consider the whole process of business continuity management, which underpins business resilience, in terms of your customers. You need to understand the extent to which they are relying on you, and thus on your ability to recover from a disaster.
On the plus side, positioning your company as a reliable partner, one that has taken the trouble to build resilience into its business model, can be an excellent marketing tool, and a way to build the company’s reputation in the market. The world is increasingly sensitive to risk, and partners that are seen be alive to risk are desirable.]]>