Once IT has a clear understanding of the environment, key motivators, and possible exposures, take action. The first step is to prioritize identified risks and fill gaps that may exist via mitigation, acceptance, or assignment. These may be gaps in policy, technology, personnel, capabilities, processes, people, or all of the above. Filling these gaps helps harden the infrastructure against potential downtime. Without this step in place, IT may spend too much time recovering from emergencies, somewhat like bailing water out of a boat without repairing the leaks.
Action also includes ensuring the proper technologies, processes, and procedures are in place to recover from the unexpected. Regardless of how well IT might prepare, something can always happen. A ruptured sprinkler line in the server room can create a very bad day for IT personnel—which can turn into a nightmare without a solid, un-tested recovery plan in place.
Control is about managing the IT infrastructure for the highest level of resilience in the future. It’s about maintaining the highest operational state within the infrastructure, from servers to workstations to laptops. This starts from the moment a new piece of hardware or software is introduced into the environment. IT administrators need to be able to maintain control over the IT infrastructure to continuously ensure that client devices are secure, available and compliant with established corporate standards. Control means IT knows—not thinks, but knows—it can maintain the infrastructure in a known good state. It also means not just keeping up, but staying ahead.
Everyone wants to protect and guard against potential incidences—whether it’s a simple server outage or a catastrophic event. But in addition to the right technology, personnel, processes and procedures, organizations must have a commitment to an effective Business Continuity Plan, inclusive of more than just a Disaster Recovery Plan, to make it work. This includes crossing some traditional boundaries to ensure that information is always secure and readily available. The entire system only works if all the parts are properly connected. The invisible “wall of silence” that often exists between the IT security and IT operations teams must drop in order for the IT organization to be able to fully understand, act and control. It is all risk management at the core. In fact, with a broader view on the entire company’s operations, IT must communicate better and more often with the entire company. Creating a governance board comprised of senior IT, corporate, and business managers will greatly assist in building and maintaining an effective awareness and prioritization of business continuity with an organization.
Organizations should ask some important business questions before embarking on Disaster Recovery planning in order to prioritize investment spending and communicate the need to relevant parties. Additionally, business and IT executives should remember that building a Disaster Recovery Plan is all well and good, but it is equally important to regularly test any Disaster Recovery Plan in order to ensure that operations can be established as documented. Testing ensures that there are no surprises should an unplanned event occur.
While no organization can guarantee 100 percent resilience, they can take appropriate steps through proper planning that will help them quickly recover from any disruption to its infrastructure. By incorporating Disaster Recovery Plans into the greater enterprise Business Continuity Plan, organizations can protect corporate viability and ensure a continuity of operations to customers, partners and investors.