Transcription
How to Sell “Disaster Recovery”to Senior Management.
ContentsExecutive Summary01Are You Having Trouble Selling DR toSenior Management?02Strategies for Lighting a Fire underExecutives with Regards to DR04Should You Perform IT Recovery InHouse or Outsource?06How iland Can Help09Summary/Conclusion09Discover the iland Difference10
If you’re like many organizations, you have an inadequate disasterrecovery (DR) program that leaves you vulnerable to risks such asloss of revenue, penalties and fines, not to mention the potentialfor negative impact to your business reputation due to downtimeor data loss. Despite these risks, you’re likely having a difficult timejustifying an adequate investment in DR to your senior management.You may feel like the only way you can attract management’sattention to this issue is to manually pull the plug on your datacenter on a regular basis.This white paper gives you strategies for getting on the same pageas senior management regarding DR. These strategies include: Striking the use of the term “disaster” from your vocabularymaking sure management understands the ROI of IT Recovery Speaking about DR the right way—in terms of risk mitigation Pointing management towards a specific solutionWe will then offer guidance to you on the best way to implementDR by migrating to the cloud. You will then learn more about iland’smarket-leading Disaster as a Recovery Service (DRaaS).01
Are You Having Trouble Selling DR to Senior Management?One reason relates to common attitudes towardsrisk. While people are risk averse and willing topay to mitigate risk, they do so only when theirown money is at stake. When company money ison the line, they’re far more willing to take risks.As a Senior Analyst at Forrester Research has said,“Organizations are willing to accept far more riskthan I would have ever thought possible.”Another reason for this challenge is thatorganizations, like yours, believe that they havea comprehensive DR program, when, in fact,their program is incomplete. Organizations oftenimplement backup/ recovery hardware and software,but fail to consider the processes necessary toimplement a full solution. This includes: Mapping business processes to all the supporting applications and IT systems so the DR planprotects the entire business process, rather than isolated applications. Developing complete recovery processes to ensure that the data center is fully recoverable Fully testing DR plans with end user and application stakeholder involvement. Pre-configuring and validating end-user access. Using the results of testing to optimize recovery plans. Implementing comprehensive processes for change management to sync recovery processes tochanges in IT systems. Categorizing business criticality with application tiering. Educating and collaborating with management on tiering structures for better RTO and RPOoutcomes and the business impact.02
Having an inadequate DR plan can negatively impact your organization leading to: Interrupted service During Hurricane Dorian in 2019, data centers throughout theSoutheast U.S. and Canada experienced interruptions due to flooding. Lost sales and revenue In 2019, American Airlines confirmed there was an issue with theSabre flight reservation and booking system, used by several major airlines—includingWestJet, Alaska Airlines and JetBlue. Any type of downtime can cause millions of dollars inlost sales and revenue. High costs 93% of companies without Disaster Recovery who suffer a major data disasterare out of business within one year. Potential supply chain disruptions Disruptions to one partner can cause problems forpartners up and down the supply chain, which means that a company may not be able todeliver product due to events that occur around the world Loss of reputation due to bad press about an outage For example, on February 7, 2019,Wells Fargo tweeted, “We’re experiencing a systems issue that is causing intermittentoutages, and we’re working to restore services as soon as possible. We apologize forthe inconvenience.” Many customers returned with tweets bashing the bank that affectedWells Fargo’s reputation and ultimately their business.Despite these risks, many IT organizations continue to face significant challenges in persuadingsenior management to provide the budget necessary to implement comprehensive DR programs.03
Strategies forRegards to DRLightingaFireunderExecutiveswithSo how can you get your executives to pay attention to DR so you can protect your organizationfrom data center interruptions? The following strategies can help you achieve this goal:Strike the term “disaster” from your vocabularyWhen people think about disasters, they imagine low probability events, such as widespreadregional outages caused by floods, earthquakes and acts of terrorism. Yet most downtime iscaused by mundane events, including hardware failure, severe weather, human error, or poweroutages. In addition, there has also been a rise of malicious employee-based incidents and externalsecurity events causing havoc on IT environments. Senior management is far more likely to payattention to high-probability events. By excising the word “disaster” from your vocabulary—andreferring to this challenge as IT Recovery—you can prevent senior management from seeing DRas something necessary only for unlikely events.Refer to IT recovery in terms of risk mitigationC-level executives understand the concept of risk and are comfortable thinking in terms of riskmitigation. Talk about the risk of losing thousands to hundreds of thousands of dollars in revenue dueto the interruption of a mission critical application. One way to approach this would be: Identify all the risks. Prioritize them by probability and business impact, which is defined as the hours ofdowntime multiplied by the cost per hour of downtime. Remember that costs can varyseasonally. The cost of downtime may be greater when the organization is working on endof-year financials or during peak holiday seasons. Ask executives to identify the risks they’re willing to mitigate versus the risks they arewilling to accept (leave unmitigated). Work with executives to develop a program that starts with mitigating the highest-probabilityhighest impact risks, but that then evolves over time to address lower-probability events.04
Explain the benefits of IT RecoveryMake sure management understands the benefits they can achieve from IT recovery, including: Gain competitive advantage: A customer experiencing one frustrating event can easilymove their business elsewhere. Generate more revenues: At the most basic level, faster recovery means your missioncritical, revenue-supporting applications stay, well, up. But you can also turn IT recovery intoa revenue-generating mechanism. For example, an outsourcing customer charged one pricefor hosting an application-as-a-service, and a higher price for “DR”-ing that application. Meet supply chain demands: When your organization is part of a supply chain, yourcustomers may demand to know what will happen if you go down. By implementing an ITRecovery program, you can respond to these customer demands. Meet regulatory and compliance requirements: Many laws and regulations requireorganizations to implement risk mitigation policies, practices and procedures. An ITRecovery program enables you to meet these requirements. Meet SLAs: Many business agreements include SLAs that specify penalties for noncompliance or non-performance. An IT Recovery plan helps organizations avoid thesepenalties. Meet fiduciary duties: C-level executives have a fiduciary responsibility to implementpractices and programs that protect their business. CFOs must be responsible stewards oftheir shareholder’s assets. C-level executives can go to jail or receive personal fines if theydon’t comply with these requirements. Thus, C-level executives’ roles require them to thinkabout IT recovery.Point management to a specific solutionIt may work best to not simply focus on the fact that management needs to spend more on ITRecovery, but rather to recommend which applications require an active recovery plan. To simplifythe implementation process, think about selectively cloud IT Recovery just as you would any otherbusiness processes.05
Should You Perform IT Recovery In-House or Outsource?A Checklist:Outsourcing can play a key role in implementing your IT Recovery process and to help you determinewhether this is the appropriate course for your organization, ask yourself the following questions:Do you face any regulations that would prohibitoutsourcing?Even if such regulations exist, you may be able to outsourcestrategically. Look at your organization and determine whetheryou have any tasks that you are permitted to outsource. Byoffloading these tasks, you can focus internal resources on areasthat are highly regulated.Do you fear loss of control?Some cloud service providers are viewed as taking control awayfrom your organization’s IT department, which may cause concernabout whether you are truly protected. If you are concerned withloss of control, select a cloud service provider that operates as anextension of your IT organization under your guidelines.Are you concerned about increased risk?By employing an outside party to provide IT services, you maybe concerned that you are letting another group of individualsaccess your data and systems. To mitigate this risk, make surethat the outsourced service provider has safeguards to protectinformation against unauthorized access or false manipulationduring creation, transmission, storage and retrieval operationsinvolving third parties. Also, be sure the outsourcer understandsand addresses your compliance requirements.06
Do you want to lower TCO for your IT recovery program?With traditional DR solutions on premises, you will need to purchase hardware, softwareand other elements according to a 1 to 1 scale for your production datacenter as well as forwhen you need to purchase more as your data grows. The overall total cost of ownershipfor an outsourced DR solution—including the program, hardware, and recovery software—issignificantly lower than for in-house solutions. Lower hardware and software costs result fromthe outsourced provider’s ability to achieve economies of scale when acquiring technologyfor use by a large number of customers as well as specialized expertise in implementing andmaintaining these solutions. Outsourced service providers reduce program costs by investingin automation technologies, including libraries and templates of run books and procedures,that dramatically reduce the time it takes to develop procedures. At the same time, theexpertise, pre-developed procedures, and automation outsourced service providers deliverimproved IT Recovery program effectiveness.Recovery TCO:Annual Hardware Costs Space Power Servers Storage Networking equipment Hardware Maintenance Managementand Monitoring MRP CostsDr Software Costs Backup Software Backup Software Maintenance Backup Appliances Disaster Recovery Security Management and Monitoring Network Backup Space and PowerProgram Costs Application Mapping Procedure Development Test Planning and Execution Post Test Analysis Recovery Lifecycle Management MRP Costs07
Do you REALLY want to develop IT recovery as a core competency?Many organizations find that having in-house staff perform IT Recovery diverts valuable ITresources from supporting the organization’s core business activities. Faced with the highcosts and substantial staff necessary to design and implement an IT Recovery plan, manyorganizations are turning to managed service providers to perform these tasks rather than doso in-house.With considerable expertise specifically devoted to IT recovery, cloud service providerscan help you achieve the following: Speed: DRaaS provides much faster, automated and more reliable recovery options thantraditional DR approaches with years of DR expertise. Lower Cost and enhanced reliability: Many IT services traditionally performed on-premisesare now available as-a-service eliminating the additional costs to invest in infrastructure andcapital expenses. Improved administration: Lowers the administrative burden placed on IT and frees up teammembers to handle tasks that provide greater business value. Seamless redundancy and scalability: Provide peace of mind with no loose ends to chase orworry about. Services provide cost-effective redundancy for all critical business informationsystems, but also enables routine validation testing. Global standardized solution with one provider, one technology, one solution with globalaccessibility from one interface.Are you confident that you are recoverable?Given the risks you have identified, can you prove to the Board that you are recoverable?Usually, the best way to provide this proof is through regular testing or third-party audits (forcompanies in highly regulated industries).Testing, essential to ensure a DR plan works properly, can take days to manually adjust andretest, shutting down both production and recovery sites. According to research, on average,organizations of all sizes take about 50 hours for test planning while setting up and tearingdown the test environment takes anywhere from 80 hours for a small organization to 768hours for a large enterprise. Testing also requires a sizable team for test planning, startuptesting, ongoing testing and setup and teardown of the environment. Other research hasfound that this team ranges from approximately up to 13 engineers to meet the needs of asmall business to 103 engineers for a large enterprise.08
How iland Can HelpOrganizations must address IT Recovery by creating a comprehensive program that encompassespeople, processes and technology. iland’s Disaster as a Recovery Service (DRaaS) delivers the completeset of essential services your organization needs to deliver effective testing and recovery. Based onmore than 25 years of recovery expertise, iland DRaaS can mitigate the root causes of your recoverychallenges by systematically helping you manage every stage of the process so your organization canbe confident it hasn’t missed a critical step in recovery procedure development, implementation oroperation. IT Recovery test planning and execution, so you can demonstrate recoverability, as well asany post-test analyses of gaps Actual execution of the recovery at time of test or actual disaster, which reduces the numberof IT staff who will need to travel away from your primary site, where they are most needed The ongoing lifecycle management of your recovery program, including change management(ensuring that changes to your production environment are reflected in the recoveryenvironment) A single point of contact or the ability to use our Secure cloud Console to have the ability toaugment your technical staff and will work with you to handle your unique needsSummary/ConclusionFollowing the strategies outlined in this paper will enable you to justify the investment in IT recoveryto senior management. Checking into a cloud solution provider can make it easier for you to pointmanagement to a specific, proven and comprehensive solution. By choosing iland’s DRaaS, you canallow your IT organization to control the provided services, dramatically reduce the TCO for yourrecovery needs, focus on your business’s core competency, all while having the confidence that yourbusiness processes and IT solutions are fully recoverable.09
Discover the iland DifferenceBaaSiland offers cloud-based backup to adhere to your goal of 3-2-1resiliency. Leveraging encrypted communication and applicationtrusted tunnels, this off-site, “air-gapped” version of your backupwill be available to you if something were to happen to your localrecovery. You can recover entire virtual machines, applications orfiles directly from the cloud.DRaaSWith DRaaS, iland enables organizations to meet their disasterrecovery needs without requiring a secondary data center,additional hardware or even additional staff. With industryleading disaster recovery software and very tight RTO and RPOavailable, you can be assured that in any disaster (ransomwareincluded) you can bring your environment online quickly withvirtually no disruption.IaaSOrganizations running their workloads in the iland Secure Cloudhave peace of mind that security and compliance are always ourpriority. We uphold a variety of global certifications and standards.So, no matter what industry and region you work in, we haveensured that the proper controls are in place. Coupled with built-insecurity reporting around vulnerability, network intrusion, malwareand virus scanning, you can rest assured that the iland cloudenvironment is as robust as your own.10
Object StorageSeamlessly extend your on-premises storage to the cloud andefficiently secure and manage your data for long-term retentionof business and mission-critical data. Built for resilient digitalbusinesses, iland Secure Cloud Object Storage offers industryspecific security and compliance, guaranteed availability andall-inclusive pricing. Managed through the iland Secure CloudPlatform, iland delivers an integrated experience with ourother data protection services such as DRaaS and BaaS for astreamlined experience.Microsoft 365Your Microsoft 365 emails and documents are safe and protectedwith iland Secure Cloud Backup for Microsoft 365. It directlyintegrates with Microsoft 365 to provide flexibility in howyou protect your Exchange Online, SharePoint Online, andOneDrive data. You can quickly restore your mailbox itemsdirectly to your Microsoft 365 mailbox by exporting themto a PST file, emailing them as an attachment, or save themlocally. This provides protection from deletion and data loss,gaps in retention policy parameters, Malicious insiders, anddeparting employees.iland’s world-class support is there with you for every step of your journey. Our indepth, consultativesales and onboarding processes ensure that you are as comfortable with your new cloud environmentas you are with your own data center. iland support is always included and available by phone orthrough the iland Secure Cloud Console. iland engineers can help you with everything from managingDNS to invoking backup recovery and DR.11
Thank you.About ilandiland is a global cloud service provider of secure and compliant hosting forinfrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).North America: 1.800.697.7088UK: 44 20.7096.0149Netherlands: 31 10.808.0440They are recognized by industry analysts as a leader in disaster recovery. TheSingapore: 65 3158.8438award-winning iland Secure Cloud Console natively combines deep layeredAustralia: 61 2.9056.7004security, predictive analytics, and compliance to deliver unmatched visibility andease of management for all of iland’s cloud services. Headquartered in Houston,Texas, London, UK, and Sydney, Australia, iland delivers cloud services throughoutNorth America, Europe, Australia and Asia.Learn more at iland.comiland, the iland logo, and all other iland product or service names are registered trademarks or trademarks of iland Internet Solutions. All other registered trademarks or trademarks belong to their respective companies. 2020 iland. All rights reserved.
Recovery, but rather to recommend which applications require an active recovery plan. To simplify the implementation process, think about selectively cloud IT Recovery just as you would any other business processes. Explain the benefits of IT Recovery Make sure management understands the benefits they can achieve from IT recovery, including:
