It can be a serious mistake to underfund your plans for business continuity and recovery from disasters. This is because the chances of extreme weather are rising worldwide, while many business owners are still unaware what a few hours of data downtime could cost.
Taken together, loss of business income and letting down key customers could run into hundreds of thousands, even millions of dollars. Therefore it’s essential we implement a disaster recovery (DR) plan that’s tailored to our needs. There are two angles to take into account when estimating the cost.
- Compliance Requirements – The GDPR is rippling through American business as the fiduciary responsibilities of caring for other people’s data strike home. Business owners and directors face expensive sanctions for failing to follow through.
- Financial Losses – These are somewhat harder to calculate because cash flow varies according to time and season. However, there are various probability theories you could try, but this one is solid:
(worst case + 4 x most likely + best case) divided by 6
Once we have quantified the financial risk of data downtime we can go forward and decide our best DR solution.
The Nuts and Bolts of Determining Downtime and Compliance Costs
Clearly, your chances of fiduciary failure and customer losses increase the longer you are down, and the frequency this happens. Here’s a handy source of ideas if you can’t find a starting point for calculating your downtime costs. The example values are dated but the logic is as good as ever.
The goal of any business continuity and disaster recovery plan should be the highest possible availability. However, even the best service can falters when a provider lets it down. Even if you’re promised 99% availability, this still represents 87 hours a year and they can happen randomly. Ask your accountant to estimate the loss of income.
Having a top-rate data colocation center collaborator should reduce the probability further because it is self-contained. If, on the other hand you run your infrastructure from your office your utility provider, or building manager will tell you the risks you face, and these may be outside your control.
Putting it Another Way: How Much Data Loss Could You Withstand?
Downtime is transient but data loss is forever without a rock solid backup. Therefore, it’s essential to manage this by setting a recovery point objective. Word and Excel do this for us with auto saves but it’s still up to us to adjust the settings. In business, a recovery point objective (RPO) is the ‘age of files’ we must recover from backup storage for normal operations to resume after failure. Hence we express RPO in terms of the amount of downtime we can tolerate in a single incident.
A recent report suggests a quarter of companies have RPO’s of less than one minute, with a further 35% only able to tolerate downtime less than one hour. This information, if correctly calculated helps determine your backup strategy. Add this to your growing list of goals.
How Well Would You Cope in a Natural Disaster
We only spoke about ‘normal’ disaster recovery thus far in this article. Hassles like the utility going down for a few minutes, or a lightning strike tripping a switch at a substation. Unfortunately, the new normal now includes weather patterns building harsher hurricanes and disasters. If you don’t subscribe to a cloud service or a colocation center, you may someday face power outages from hurricanes similar to these:
- Texas: 384 Hours (Rita, 2005)
- Texas: 336 Hours (Ike, 2008)
- Long Island: 337 Hours (Sandy, 2012)
If you do not have a service level agreement with a colocation center (or some other arrangement) these periods could cause you severe losses.
However, hurricanes are not the only threats you could be facing someday. Snowstorms, earthquakes, tornadoes, and floods have all taken their toll in recent years, and storm surges are worsening as ocean levels rise. The long power outages from Rita, Sandy and Ike are rare occurrences. However, even a 24 hour outage could severely affect your bottom line.
What Others Spend to Keep Going While They Recover From Disasters
The 2016 study by Cloud Endure found a pattern of spending that correlates with good business practice. The average company spend on their DR bears a relationship to their average cost of downtime. This makes more than a modicum of business sense because the cost of insurance should not exceed the risk insured.
Hence Cloud Endure recommends you spend less than $10,000 annually if your daily cost of downtime is less than that amount. This provides guidance in terms of orders of magnitude. However the absence of peg points within it could encourage risk taking. We could for example argue we are not in a hurricane or tornado corridor, which in reality is not a smart business decision.
How the Need for 100% Data Redundancy Is Increasing
However, malicious hackers and ransomware scams are not place-bound, and 51% of respondents claimed the latter was the biggest security threat to their business in 2017. Do you remember the WannaCry attack that captured 300,000 computers in 150 countries?
Therefore, the need for data redundancy is increasing. It could do this exponentially as we rely on artificial intelligence to run our business systems in the background. It is therefore hardly surprising that government, healthcare and financial sectors are among the biggest US spenders on business continuity, and disaster recovery preparedness.
It follows the days are ending of ‘taking a chance’ with a generator and battery rack. Moreover, a colocation center can prove significantly cheaper than ‘going it on your own’ with a cobbled-together business continuity and disaster recovery strategy.
Business owners and directors should no longer leave these things to the IT department, because data security can make or break their operations.