[INFOGRAPHIC] Tornadoes: The Power to Destroy Everything

The United States alone experiences approximately 75 percent of the world's known tornadoes, which can occur at any time of the year (if conditions are right).

Check out The Weather Channel's infographic to see how many tornadoes travel through your area each year.


Now that you know the average annual tornadoes in your area, here are some steps that you can take to make sure your business is prepared.

Could Your Business Survive a Sinkhole?

Road damaged by a sinkholeWith nearly 300 ground depressions since 2010, sinkholes are a way of life for Floridians. Due to the thick layers of limestone underneath the entire state that are slowly being eroded by acid rainwater, residents along the East Coast are all too familiar with these rapidly forming holes.

Of course, you should be aware that sinkholes are not limited to Florida. They can be found in about 20 percent of the U.S. in states such as Texas, Alabama, Missouri, Kentucky, Tennessee and Pennsylvania.

Residents and businesses located in these areas were alerted to the financial and physical damage that sinkholes can cause when in early 2014, eight classic corvettes at the National Corvette Museum disappeared into a 30-foot deep hole within seconds. (You can watch the video here.)

Disaster events such as this one may seem mysterious and unpredictable, but there are some warning signs to look for to help protect your business and your employees.

Warning Signs of a Sinkhole 

  • Fresh cracks in the foundation of your building 
  • Doors and windows that fail to shut properly (that previously did so) 
  • Small cracks in the ground around your business 
  • Trees that start to lean 
  • Circular patches of wilting vegetation
  • New ponds that form after it rains 
Though watching for these warning signs will help you identify a cave-in before it occurs, you still might be caught off guard by a sinkhole. Here's what to do if a sinkhole forms in or around your business.

What to Do If a Sinkhole Forms 

  • Call emergency officials immediately. 
  • Place colorful tape/rope around the ground depression to warn others of the sinkhole. 
  • Keep your employees away from the hole. Property owners can be held liable if someone is injured because of negligence. 
  • Have a disaster recovery plan in place to prepare for sinkholes (especially if they force you to set up temporary office space in a safer location).

Want to know how to prepare your business for similar unexpected disasters? Check out how to survive the longest day of the year.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 2

Finger pointing at question mark in the cloudsLast week on our blog we featured Part 1 of a Q&A session with two of our cloud experts: Eric Thompson, solutions architect, and Brandon Tanner, senior manager. The questions were originally included in DRJ's webinar "Using Cloud to Accelerate Workplace Recovery." Attendees wanted to know a lot about the cloud, so we decided to do a two-part blog series. Below is Part 2.

Q: How do you help organizations that operate brick-and-mortar workspaces (e.g., a call center) prepare for remote recovery during a disaster?
A: Working remotely is an option because of the flexibility the cloud provides, but users don’t have to work from home. Customers have options.

Lots of our clients virtualize the infrastructure so applications are running in the cloud. They’ll then replicate the office environment at an alternate location. We can also bring in a mobile unit with preconfigured office space so users can duplicate the back-end infrastructure in the cloud and then couple that with the alternate office area.

If you choose not to have that traditional central office space at time of event, you can have employees work from home through a virtual system using virtual desktops, softphones and other similar technologies.

Either way, it’s about prep. One thing that gets overlooked is validating solutions via test, whether you’re evaluating business functions or going and doing a mobile test. One of the important pieces of testing is that the vendor gets the opportunity to work with the client so they have a better idea of what’s involved. Tabletops are enlightening, but there’s nothing like actually doing a test to set proper expectations.

Q: In the remote DR scenario, do you offer guaranteed response times, specifically for database restoration to storage media?
A: Any vendor will have service level agreements (SLAs) around these types of products, though a lot of the SLAs we see relate to availability and data not being lost. We do have guidelines, depending on what you need to have done, but if you’ve got an RTO tied to an application, you need to validate the process and document the results to make sure it fits your business’s requirements.

Q: How do we connect to the cloud?
A: It depends on cost, compliance and regulatory requirements and what’s available between you and the cloud provider. Our customers usually directly connect to us, but we give you the option to connect through secure VPN, MPLS, the Internet, etc.

Q: If you depend too much on cloud availability, what happens when communications are disrupted?
A: Most all cloud providers have redundancy on their end through multiple carriers. However, we can’t control every point between the two end points. Even the largest providers have had issues. Setting expectations is key. Ask yourself, “What am I solving for by leveraging the cloud? If I don’t have access to it, what does it do to my business?”

Another thing to consider is whether or not the solution is being designed properly and the horsepower is being allocated properly so you don’t have problems on the bandwidth side.

Q: What are your thoughts on public cloud utilization?
A: The public cloud serves a specific sector and need. We deal more with regulated industries that need to have the assurance that their data is at a specific location, stays in the U.S. and is encrypted in transit and at rest.

There’s no straightforward answer. Organizations should do what makes the most sense for them strategically. Some go with the hybrid approach, but it comes back to business functions, applications and the type of data you’re dealing with.

Q: Any final comments on cloud services?
A: To remain competitive, organizations can’t put their head in the sand and decide they’re not going to implement cloud. You have to stay on top of it. You need to start having a cloud strategy that involves more than just one project. It’s no different than DR in that you can’t just put it on the shelf once you’re done, or it’s outdated within a month. It has to be part of the organization’s DNA and thought process to take advantage of what’s out there.

Do you have a question about the cloud we didn't address? Let us know in the comments, and we'll answer it on our blog!

Cloud Compliance: What Auditors Are Looking For

Businessman looking at landscape and maze
In today’s world, many companies are either part of a regulated industry or have been identified as a critical vendor in a customer’s supply chain. These organizations are audited by regulatory bodies such as the Federal Deposit Insurance Corporation and the Office of Civil Rights or by another third-party auditor.

If your company falls into one of these two categories, you’re likely aware that most auditors look to see if your organization has implemented sound risk management and mitigation controls for safeguarding mission-critical data and business processes.

However, as more and more companies and their vendors adopt cloud solutions, you might be wondering what factors auditors consider when evaluating whether or not a cloud solution is compliant.

As a provider of private cloud vaulting and recovery solutions for regulated industries like finance and healthcare, Rentsys Recovery Services is, in auditors’ eyes, an extension of our customers’ organizations. As such, we’re expected to protect and recover each organization with the same level of scrutiny as the institution or practice’s employees. Because it’s imperative our services are conducted in a safe and sound manner while complying with applicable laws and regulations, we've become familiar with the key areas auditors view as potential issues.

Use the guidelines below as a starting point for determining whether or not you and your vendors will pass muster with your auditors.

Security

  • How sensitive is the data that will be placed in the cloud (e.g., confidential, critical, public)?
  • What controls are in place to ensure your data is properly protected?
  • Is any data whose disclosure could harm the organization or its customers appropriately encrypted or protected?
  • Are there controls in place to ensure the integrity and confidentiality of the data?
  • Is the data stored or processed overseas?

Availability

  • Does the cloud solution have an adequate and tested plan to ensure the continuity of operations as well as its ability to recover and resume operations if an unexpected disruption occurs?
  • Does the plan account for the availability of essential communications links?

Privacy

  • Does the cloud solution meet regulatory requirements for safeguarding customer information and other sensitive data?
  • What controls does the service provider have to ensure the integrity and confidentiality of the data?
  • Have the internal controls been evaluated by another auditor?

When determining the feasibility of cloud solutions for your organization, most auditors will expect you to perform thorough due diligence and a risk assessment. Keep in mind that though security, availability and privacy are key elements of sound risk management and risk mitigation controls for cloud services, you may need to consider other elements specific to your industry. A thorough risk assessment should bring those considerations to light.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 1

Cloud-shaped window in modern officeRecently we sponsored a Disaster Recovery Journal (DRJ) webinar, during which two of our associates — Eric Thompson, solutions architect, and Brandon Tanner, senior manager — talked about how cloud solutions can accelerate business recovery. (If you missed the webinar, you can check it out here.)

At the end of the session, attendees had some excellent questions about cloud solutions. If they’re asking these questions, we’re sure others are too, so we’ve compiled a two-part series highlighting some of the questions from the webinar.

Q: How do I know if my environment is ready for the cloud and where do I start?
A: Before making a decision about whether or not you’re ready for cloud, look at your business continuity and disaster recovery (BC/DR) plan, specifically the business impact analysis, to see if it’s up to date.

Evaluate if the business functions are lined up appropriately with the systems and applications interdependencies. Also make sure you’ve assigned the appropriate RTOs from business, client and compliance perspectives. Once you’ve identified those functions and system interdependencies, cloud solutions become viable options.

Q: How do you address requirements for security and segmentation of client data, as well as return of  data at the end of engagement?
A: If you’re evaluating cloud vendors, keep in mind that any vendor needs to have gone through the Service Organization Controls (SOC) 2 audit so you’ll have visibility into the provider’s services. The audit focuses on a business’s nonfinancial reporting controls, availability of service, process integrity, confidentiality and privacy.

In terms of getting data back, companies like Rentsys will work with you to move data to another location by exporting the data to some sort of media. When people move from one platform to another (e.g., physical to virtual), data needs to be both portable and recoverable in the new infrastructure. Know up-front how a vendor handles data migrations.

Q: How is the cloud environment maintained so that it’s current with my in-house production data center?
A: Typically the cloud infrastructure is all handled by the vendor. As far as maintenance, in a traditional cloud model, the cloud vendor owns and operates the hypervisor down through the hardware stack on behalf of your company. You control systems from the OS up. If you're using a replication technology, updates in production will replicate to the cloud. If you’re recovering data, the systems will restore to the latest backup point.

Q: Can you talk about licensing considerations when discussing cloud options?
A: It varies. There are certain software applications that allow you to run a secondary copy at time of event free of charge as part of license. Others may require a separate license, sometimes at a reduced cost in the event of a disaster. Licensing considerations will also depend on the cloud vendor. At Rentsys, for example, physical workstation recovery solutions include licensing as part of the service.

Q: What is the cloud provider responsible for and what is the customer responsible for?
A: The cloud provider’s responsibilities should be documented in a SOC 2 report, and the contracts should be specific about who’s responsible for what. We would also caution you to look closely at what the vendor actually provides, because things are done differently in the cloud. If you’re open-minded, you might be able to take advantage of something you didn’t know existed that’s better for the company.

Do you have any questions about the cloud? Share them in the comments below and stay tuned for Part 2 of our Q&A series!

Why Disaster Recovery Doesn't Have to Equal Panic

crowd running
It's easy to feel overwhelmed when a disaster strikes, especially if it hits your business. As a leader in your organization, you hope to maintain control of the situation. But how can you do that if your employees start to panic?

Believe it or not, it's actually normal for people to remain calm and maintain normal social behavior during a crisis, according to research from the American Society of Safety Engineers (ASSE).

However, this research also shows that "panic is more likely to occur in environments where panic is expected." This means it's crucial to avoid emphasizing panic in your disaster recovery plan and to keep employees informed and involved. Consider your employees' natural response to a disaster and follow the tips below for a smooth recovery.

Plan Ahead


No matter what business interruption comes your way, you have to be prepared to manage it ahead of time. Create a disaster recovery plan that includes protocols for handling different disaster scenarios and make sure your employees know what's expected of them.

It's also important to consider employees' needs throughout the planning process. If a regional disaster strikes, the ASSE study points out that a person being separated from their family can be more stressful than the possibility of injury. In fact, employees are likely to delay evacuations until all family members are accounted for. To alleviate your employees' stress during these situations, you could deploy a Mobile Recovery Center locally to prevent employees from having to relocate to an out-of-town workspace.

Practice Your Plan


Once you have a recovery plan, you need to practice and test it. Without running through your plan, there's no way to know if things will run smoothly when the time comes to use it. Include your employees in these practice runs so they can respond appropriately when a disaster actually strikes.

Testing your disaster recovery plan not only helps your employees feel at ease but also reveals any kinks in your plan. You can't afford to forget minor things, such as pens and notepads, when a disaster strikes. Test your plan once or twice a year to make sure you'll have the smallest details ironed out.

For more tips on preparing for a business interruption, download our Business Continuity Plan Checklist.

Three Benefits of Rentsys Continuity Manager Software

Rentsys Continuity Manager logo
Continuity Central recently released the first part of its business continuity software survey, which contains information about business continuity (BC) software usage around the world.

The survey results affirm the notion that BC software is rising in popularity and becoming essential for small, medium and large businesses. Here are a few ways that our software, Rentsys Continuity Manager (RCM), can help your business before and during a disaster.

Measure Risk and Downtime


Nearly 80 percent of businesses use BC software to create a business impact analysis (BIA), which is a major part of BC planning. BIAs require a lot of data, making them tedious and time-consuming to conduct. In addition, some software requires you to manually enter your company's information, which can lead to data discrepancies.

However, with RCM, you simply have to load your company's data from your production database into RCM's web-based interface and let the software do the rest of the work. It will automatically generate risk analysis reports, mitigation strategies and recommendations for disaster preparedness, business/IT disaster recovery planning and testing. These tools will enable you to implement clear action points and goals for possible disaster scenarios depending on your industry and location.

Simplify the Planning Process


Over 50 percent of the survey respondents use BC software to help build and manage their recovery plans. The reason is simple: Business continuity software significantly eases the planning process. RCM significantly cuts down on the months of intensive research required to manually create a plan. The software has both standard and customizable surveys, so you can make sure you're gathering all the information you need. Distributing surveys is as simple as sending an email to your team leaders.

Once you gather the survey results, you'll know exactly which recovery tasks are most important to each team, along with the corresponding recovery time objectives (RTOs). This will not only save you time but also make your BC/DR plan more efficient.

Manage Real-Time Events


When a disaster strikes, every moment counts. You can't afford to waste valuable time scrambling to contact each individual team member to let them know which recovery tasks they should focus on. With RCM, you can instantly send a message to your teams, updating them on the situation.

Once you've notified your teams of their recovery tasks, each team can access RCM online and begin the recovery process. Team leaders will know which business-critical processes are a top priority for recovery, because they've already laid out their objectives in the surveys. The RCM dashboard allows you to view each team's progress in real time, so you'll be able to quickly identify which teams need more direction.

These are just a few of the many benefits of our business continuity software. To learn more, check out our video.