Backing up Your Files for Disaster Recovery Isn’t Enough

If you’re not an IT person but are involved in business continuity and need to be familiar with your business’s disaster recovery (DR) plan, how do you know if your organization is using the right data backup and recovery solution? The specific answer will vary based on your organization’s size and industry, but one thing holds true for all organizations: You need a solution that can back up your environment, not just your files. We’ll explain why.

File-Sharing Services



Files open on laptop
End users love online file-sharing solutions such as Dropbox and Google Drive. It’s not hard to see why: The interfaces are user friendly, files can be automatically synced across devices, and data is easily accessible.

When it comes to recovery, however, file-sharing services are a mixed bag. On the one hand, being able to recover a single file or subset of files at the click of a button is great.

Recovering a large amount of data, as in the case of a total system failure, is another story. Sorting through duplicate backups and then recovering all your files can be a time-consuming process (not to mention the fact that you’ll have to rebuild your system environment from scratch). Even worse, people using file-sharing services have recounted horror stories of permanently losing chunks of data due to system bugs and syncing issues.

If your organization is subject to regulatory requirements such as HIPAA or FFIEC, file-sharing services present yet another set of challenges, because they don’t have adequate built-in measures for protecting sensitive information. For instance, even though data might be encrypted while it’s stored within the service’s interface, it’s not protected if the files are shared. One company even discovered that links to people’s personal tax returns and mortgage applications were showing up in pay-per-click ads.

While file-sharing services do have benefits, it’s important to remember that even though some vendors offer solutions that are marketed for enterprise use, they were originally designed for the individual consumer and don’t readily translate to a business-wide backup solution.

System-Based Backup Solutions

Hands typing on keyboard
Earlier we mentioned that in the event of a total system failure, a file-sharing service is only helpful for recovering files. This is one of the areas where system-based backup and recovery solutions offer a clear advantage: They create copies of your operating systems, configurations and data and then back them up to a storage appliance or cloud service.

When a total system recovery is necessary, you can recover the image to the destination hardware without having to manually reconfigure the system. To shorten recovery times, save on storage space and reduce bandwidth, you can use deduplication to back up only the unique versions of a file, as opposed to keeping copies of each file every time it’s saved.

System-based solutions can also be ideal for maintaining compliance — especially because, as FFIEC guidelines state, “The primary risk associated with data and program back-up is the inability to recover systems, applications, and data in case of a disaster or other disruptive event.” To find out if a specific solution meets compliance requirements, verify that the vendor has undergone an audit such as Service Organization Controls 2.

Best of Both Worlds


Regardless of your organization’s size or industry, relying on a file-sharing service as your DR solution won’t cut it. Fortunately there are system-based DR solutions on the market that offer the benefits of file-sharing services — portability, cross-device compatibility and ease of use — without sacrificing security. BlackCloud vaulting and recovery, for example, allows you to back up and restore individual files as well as full systems through a single portal interface.

Have you encountered challenges from file-sharing services that we didn’t cover in our post? Share them with us in the comments!

What to Put in Your Winter Preparedness Kit

Snowy roadThe first day of winter is almost here, and that means we all have to gear up for the colder weather and icy roads. Make sure you’re equipped by keeping a winter preparedness kit in your car. Here are some critical items to remember:
  • Ice pick
  • Snow shovel and brush
  • Basic tool kit with screwdrivers, pliers and a wrench
  • Bag of traction material like kitty litter or sand
  • Flashlight with extra batteries
  • Items to keep you warm, such as extra clothes, gloves, hats and blankets
  • Booster cables
  • First aid kit 
  • Nonperishable food items (such as granola bars) 
  • Water
  • Warning flares
  • Reflective triangles

With these items, you'll be prepared to handle the wintry roads. For more winter tips, check out our post “What to do When... There Is Too Much Snow.”

Research Shows That the Demand for Healthcare Cloud Services Is Growing

Doctor standing in front of cloud conceptIn recent years, regulatory mandates such as HIPAA have forced healthcare organizations to approach business continuity differently, particularly when it comes to big data management.

With electronic data volumes growing by about 40 percent annually, healthcare practices are having to innovate in the way they manage data, while keeping in mind objectives such as recovering data and reducing the likelihood of security breaches.

Efficient management of high-value data is also becoming important to improving quality of care. In a recent survey by the American Health Information Management Association, nearly all healthcare professionals (more than 90 percent) said that valuable information “helps improve care quality, contain costs and analyze clinical, business and financial performance.” 

Cloud solutions are making it possible for a more streamlined data management process. But are healthcare organizations taking advantage of these solutions? Do they have the resources available to do so? Recent research says yes.

A report by Frost & Sullivan indicates that by 2020 the total value of the healthcare cloud market will be in the neighborhood of $3.5 billion. In a separate survey by Dimensional Research and sponsored by Equinix, 74 percent of North American survey respondents said they expected a larger budget in 2015.

With their increased budgets, providers will look for the following features in a cloud services solution (criteria are gathered from both surveys):
  • Security
  • Operational efficiency
  • Lower up-front costs
  • Access to on-demand capacity
  • Quick deployment
  • Easier management of IT staff
  • Direct connections to cloud providers
In response, disaster recovery and business continuity vendors are launching cloud solutions that meet healthcare providers’ specific needs. Check out how one healthcare organization is using the cloud to manage their data.

[Webinar Recap] Aligning IT Disaster Recovery With Workplace Continuity: Do You Know What the Options Are?

Closeup of phone, computer, keyboard and mouseThis week we hosted a webinar with the Disaster Recovery Journal. The session addressed a topic we’ve seen cropping up more and more these days: “Aligning IT Disaster Recovery With Workplace Continuity: Do You Know What the Options Are?”

The Two Essential Components of Business Recovery


As Rentsys National Sales Manager David Tedford explained during the webinar, two of your business’s mission-critical assets are its systems — such as office technology, communications hardware and business continuity planning software — and its people.

You need both to fully recover, but sometimes your IT recovery time objectives (RTOs) just aren’t in sync with your workplace recovery capabilities. This is especially the case now that at least 63 percent of businesses have an RTO of less than 24 hours [PDF], whether due to operational needs or compliance requirements.

Bridging the Gap Between IT Disaster Recovery and Workspace Continuity


[Chart] IT Availability Continuum
Finding the right disaster recovery (DR) solution is not typically an issue. After all, most people who manage their company’s DR strategy are familiar with the IT availability continuum, from traditional backup on the low-cost, low-RTO end to server and storage clustering on the higher-cost, short-RTO end.

You know how to recover your systems, applications and processes, but what about your employees?

As David pointed out during the session, you can find workspace continuity solutions that correspond with IT recovery solutions in terms of RTO. For example, a modular workspace has a similar recovery window as traditional backup. On the other end of the spectrum, a virtual desktop interface solution can keep up with the short RTO of server and storage clustering.

To hear about the available workspace solutions, the pros and cons of each and examples of real-life applications, view the webinar here.

Thinking About Moving to a Hybrid Cloud Solution?

Cloud, screwdriver and wrench
If you’re thinking about moving to a hybrid cloud solution for your enterprise, you won’t want to miss our latest post on the ContinuityInsights blog. In it, we address six key questions you should ask yourself when deciding if a hybrid cloud model is right for you. For example, does your IT team have the time and skills they need to make it work? Do you have compliance objectives to meet? What happens if you need to switch providers? Read the complete post here

The Importance of Implementing a Voice Recovery Solution

If the voice communications network went down at your office today, would you be able to recover your phone systems quickly and efficiently?

A lineup of business telephonesVoice connectivity is a crucial factor of a business continuity and disaster recovery (BC/DR) plan, because not having the ability to receive or deliver calls negatively affects your company’s ability to do business as usual.

For instance, if a large part of your employees’ jobs involves talking on the phone with clients or prospects, not having a functioning voice communications network slows their productivity.

By the time you get your infrastructure back up and running, your staff could be forced to work overtime to deal with a backlogged workflow, incurring unnecessary expenses for your business.

In addition to the financial strain of being unavailable by phone, your prospects and clients might view you as unreliable if they can’t reach you to have their concerns addressed promptly, which could damage future client relationships.

A comprehensive BC/DR plan should include steps for implementing a voice recovery solution during a business interruption. For tips on how to keep your voice network up, check out our post "How to Prepare for Your Phone Systems Going Down."

Most Commonly Forgotten BC/DR Items

A red string tied around a finger as a reminderIf a disaster affected your city right now, what resources would you need to keep your business operational?

This question can be answered by creating a thorough business continuity and disaster recovery (BC/DR) plan. However, implementing this type of plan can be stressful (especially if it's your first attempt).

We know it can be easy to forget some critical items along the way. We talked to a few of our DR coordinators to come up with some questions to remind you of what's important when coordinating your BC/DR plan.


How Will Your Data Be Backed Up?


We've talked about the importance of backing up your business-critical data, but don't forget to:
  • Keep a list of passwords in a secure location that more than one person can access in case the designated person is unavailable after a disturbance.
  • Arrange for on-site security to prevent someone from gaining unauthorized access to hardware containing your data.
  • Know which equipment you'll need to restore your backup data after a disaster and test it beforehand.

How Will You Supply Power to Your Building? 


Whatever type of facility you choose to use, make sure you plan how you will power it. Having a generator on hand (or using a third-party vendor to supply you with one) to keep operations running could be useful, but to make sure can keep the lights on during a power outage, don't forget to:
  • Preconstruct a manual transfer switch that allows for a quick connection of the generator to your building (if you source a rental generator).
  • Have enough fuel on hand to power generators.
  • Have a supply of low-wattage light bulbs to reserve generator power for office technology or other crucial equipment.

How Will You Communicate During a Disaster?


Being able to communicate with your employees, customers and the public is crucial during a disaster. When planning how to keep the lines of communication open, don't forget to:
  • Develop a list of employees' personal phone numbers and email addresses.
  • Plan how to communicate with your employees internally and how to address the incident with the general public.
  • Discuss with customers, investors and vendors beforehand how you will contact them after a disaster.

What Resources Do You Need at Your Temporary Workspace?


A business disturbance could leave your office building uninhabitable. You may have provisions for a temporary workspace in your BC/DR plan, but the details are what help keep your business running. When choosing a temporary office space, don't forget to:
  • Check the amount of bandwidth offered to make sure employees can work without interruption.
  • Make sure bathroom facilities are available.
  • Determine if your employees will need special accommodations such as a wheelchair ramp.
  • Coordinate the delivery of office equipment such as printers, copiers, fax machines, telephones and other office supplies.

The key to any BC/DR plan is testing. You'll learn where your weaknesses are and have the chance to solve any problems before a real disaster hits. For example, through testing, Mercantil Commercebank employees learned that they forgot small things like pens and paper. To learn about the importance of testing, check out this video featuring our expert disaster recovery coordinators.

Natural Disasters: Real-Life Horror Films

Man backlit creepilyWith Halloween right around the corner, we’re entering the season for horror movies. Some moviegoers enjoy the rush of adrenaline that comes with watching a horror flick and leave the theater thoroughly entertained. However, while disasters can be thrilling on the silver screen, they’re not enjoyable in real life. Natural disasters can cause immense damage and generate hefty business costs.

Fortunately, with a little bit of warning and a lot of preparation, you can prepare your business for a disaster and recover efficiently. We’ve noticed that a few things that happen in horror movies also happen before real life disasters. Here are a few signs that a disaster is coming and how to prepare for it.

Your Bottom Line Gets Slashed


Small businesses, which are hit hardest by natural disasters, suffer a median income loss of $3,000 each day that operations are down. The loss of income combined with the recovery and repair expenses causes some business to close temporarily while recovering. Unfortunately, 25 percent of businesses that close after a disaster do not reopen, which means it’s essential to avoid closing for any length of time after a disaster.

The most important aspect of disaster recovery is to actually have a plan in place. Some companies underestimate the logistics required to recover successfully and quickly after a disaster strikes. This disorganization only adds chaos to the situation and could ultimately be the reason they fail. Create a comprehensive disaster recovery plan and test it regularly so you’re prepared to keep your business running after a disaster.

The Lights Flicker


When a natural disaster hits, electricity is often the first thing to go. Particularly with the aging North American energy infrastructure, power outages are increasingly common. In the event of a power outage at your office, most of your technology will be inoperative and business will cease. You might think your employees can simply work from home, but there are several logistical issues with that method, such as bandwidth, VPN concentrators, terminal server sessions and more.

Instead, prepare your business to overcome power outages by arranging an alternate workspace ahead of time, such as a fixed-site business recovery center (BRC) or mobile recovery center (MRC). The technology in both a BRC and an MRC can be preloaded with your company’s data. If your employees can be temporarily relocated, a BRC is your best option, as it’s a full office building. However, if employees need to stay put, an MRC can be delivered to any location you specify so you can continue work even from the parking lot of your existing building.

The Phone Lines Get Cut


High-speed wind can knock out telephone lines pretty quickly and easily. When a massive natural disaster strikes, it could be days (or even weeks, as was the case during the Hurricane Sandy aftermath) before communication lines are restored.

Contracting third-party network and voice recovery services is the best way to give your business the resilience to recover from a communications outage. This will allow you to continue business and stay connected to your customers and partners during your disaster recovery efforts.

Don’t let these typical horror happenings put you out of business. To get started creating your plan, check out our business continuity plan checklist.

Reflections on Hurricane Sandy

Tomorrow marks two years since Hurricane Sandy first formed in the Caribbean before wreaking havoc on the East Coast.

With customers in Manhattan, we saw some of the aftermath firsthand.

We witnessed the damages that would ultimately land Sandy among the ranks of the worst natural disasters of 2012 (the damages amounted to $65 billion).

Utility trucks lining the streets of Union Square
Con Edison electrical services
preparing for Sandy in Union Square
Vehicles driving through pouring rain
East Williamsburg Brooklyn
during the beginning of Sandy
Dark, dimly lit street
14th Street in Manhattan after Sandy






















We heard about the challenges our clients faced: widespread power outages, downed voice circuits and inaccessible office space.

Throughout the affected areas’ recovery efforts, our clients — who, by the way, had comprehensive disaster recovery plans in place — and other companies have shown us that businesses are key to a community’s recovery, whether it’s donating money to relief efforts or selling critical services and providing jobs.

Was your business affected by Sandy? Share your experience with us in the comments.

If Your BC/DR Strategies Were a Football Team...

Football season is in full swing, so we’re starting to see which teams are championship worthy and which teams are just scraping by. That got us thinking: If your lineup of business continuity and disaster recovery (BC/DR) solutions were a football team, how good would it be? Much like the players of a football team, your BC/DR solutions have important tasks independently, but the goal is to get them all working together to win the game (or to recover successfully from a business interruption).

Businessman in football helmet with footballTo make sure your BC/DR efforts are well integrated and cohesive, you have to make sure you’ve got the basics of a successful football team: offense, defense and special teams.

Offense


The goal of the offense is to move the ball closer and closer to the end zone in order to score a touchdown. To keep your forward momentum, you need offensive strategies. If your offense is made up of the right solutions, your company can continue to efficiently score touchdowns — such as successful recoveries.

Offensive Lineup of Solutions
  • Cloud Vaulting and Recovery — Protect your business from data loss by saving a copy of your critical data to a secure, private cloud. If your servers fail or crash, you'll be able to access your information via the Internet and continue moving toward the goal.
  • Compliance Testing — To test your BC/DR strategies without interrupting daily work, consider testing them in a cloud environment. This will help you determine any kinks in your plan before you're in a real disaster. When a business interruption does occur, you'll be equipped to handle it efficiently and minimize business downtime.

Defense


No matter how good your offense is, at some point you may need to rely on your defense. If your defense isn’t on point, the opposing team will crush you. In the business world, downtime has put plenty of companies out of business — but you don’t have to let it defeat you. By implementing a solid BC/DR plan, you can fight back against downtime and resume business quickly. 

Defensive Lineup of Solutions
  • Network and Voice Recovery — To continue business after a disaster, you need a backup network and communications infrastructure. Consider using a network and voice recovery solution that can be delivered to any location and configured to your specifications (such as a mobile recovery unit equipped with voice and data connections), so you have flexibility in case of an unexpected business interruption.
  • Alternate Workspace — When your building is hit by a disaster, it's sometimes left unworkable. Consider a Business Recovery Center or Mobile Recovery Center to avoid shutting down your business. An alternate work environment will allow you and your employees to get back up and running after a disaster.

Special Teams


Offense and defense typically get all the glory in football, but the special teams players are keys to the success of a football team. In BC/DR, the solutions that are used in the midst of a business interruption typically get most of the praise, but there are a set of behind-the-scenes solutions that are vital to the continuity of your business. 

Special Teams Lineup of Solutions
  • Continuity Manager Software — Planning for a disaster requires a lot of resources and time, so it's important to do everything properly. With planning software designed specifically for BC/DR efforts, you can efficiently plan your disaster recovery strategies and assign tasks to recovery team members. By using software to assist in your planning, you can be sure that you don't leave out anything crucial.
  • Professional Planning Services — The constant changes in compliance requirements make it tough to keep your BC/DR plan current. By hiring a professional planning consultant, you can be sure that your plan complies with the ever-changing federal regulations and avoid hefty fines.
With these players on your team of BC/DR strategies, you’ll be able to recover quickly and efficiently from a disaster. For more BC/DR planning tips, download our checklist.

Five Disasters Caused by Human Error

Man holding laptop looking horrifiedYou know that natural disasters can wreak havoc on your business. We’ve already seen plenty proof of that this year: the polar vortex in the Midwest and Southeast, the tornado outbreak in the South, the San Diego firestorm, etc.

Sometimes, though, disasters aren’t naturally occurring phenomena, but rather the unfortunate result of human error. That’s why it’s important for your business to be prepared for all types of events, regardless of the cause.

Over the years, employees’ mistakes have cost businesses downtime, reputational damage and monetary loss. Below are five notable examples.

Data for 19,000 Colorado Employees Goes Missing


Late in 2007, an employee of the state of Colorado misplaced a USB drive while transporting it between work sites. Unfortunately, the device contained nearly 19,000 current and former employees' Social Security numbers and possibly addresses. The employee was disciplined for not following protocol, and IT officials were tasked with the arduous process of determining whose information the USB drive contained so all 19,000 individuals could be notified.

Train Runs Stop Signal


In 2008, a Metrolink commuter train engineer caused a wreck considered "the nation’s deadliest rail disaster in 15 years" when he ran a stop signal in Los Angeles and collided with a freight train. The accident decimated the train and resulted in 25 deaths and 135 injuries. Investigators determined that the engineer had been texting while operating the train. His last text had been sent 22 seconds before the crash.

Kansas City Hotel Walkway Collapses


More than 1,000 partygoers at an event being held at Kansas City’s Hyatt Regency Hotel in 1981 became victims of an engineer team’s design flaw when a skywalk on the fourth floor collapsed. The structure dislodged other structures made of steel, concrete and glass, which resulted in the deaths of 114 people. The engineers were stripped of their licenses.

Incorrect Command Wipes Pixar Server


The creators of Pixar’s "Toy Story 2" nearly saw two months and hundreds of hours of hard work disappear when someone ran an incorrect command and erased the server where the movie’s files were stored. Thankfully, one of the company’s directors had a backup (the only one) stored on her computer at home, and the movie was saved.

Power Outage Affecting Millions of Customers


In 2011, an Arizona Power Service employee single-handedly caused a power outage affecting Arizona, Southern California and Mexico. The worker had been performing routine maintenance at a substation in Arizona, but instead triggered a cascade of outages affecting millions of customers across the power grid.

Human error is inevitable, but when it affects your business’s success, be sure you’re equipped to deal with the aftermath.

To start creating or re-evaluating your plan, check out our Business Continuity Plan Checklist.

The Beginning of Autumn and Business Continuity

Tomorrow marks the first day of autumn: a season with falling leaves, cooler weather and an abundance of pumpkins. Many are using this time to prepare for the upcoming holidays, but the season itself can serve as a reminder to look at your business continuity and disaster recovery (BC/DR) efforts.

In many ways, autumn and business continuity are alike. In case you don't see the similarities right off the bat, we've listed some below.

Continuous Changes


Business people walking amongst Autumn treesDuring autumn, it's well known that the leaves and temperature change along with the length of days, but what's less prominent is the fact that the starting date of the season shifts from year to year. The first day of autumn constantly changes between September 22 and 23, due to the amount of time it takes the earth to orbit the sun. It even occurs on September 24 every 372 years.

Much like autumn, your business experiences constant changes. Because of these changes, your BC/DR strategies must adapt to fit your business's evolving needs. As a company grows from a small business to a mid-size or large business, it requires different approaches to staying operational during a disaster. Consulting professional business continuity planners on a regular basis will ensure that your efforts match your needs.

Equal Measures


In Latin, the term "equinox" means "equal night," which is a reference to the nearly equal amount of sunlight and darkness on the day of the autumnal equinox. This half-and-half relationship reminds us of the equal importance of planning and testing a BC/DR plan.

Planning for a disaster involves more than thinking about what you might do in case of an emergency. A concrete plan must be created and distributed among your organization. By doing so, when you experience a business interruption, you can simply reference and enact your plan instead of trying to recall from memory what you thought would be best.

Planning is most valuable when it's backed up by testing. Testing reveals problems with your plan before a disaster occurs. It's important to test before you have to implement your plan so you can fill the gaps before you're recovering from a catastrophe.

Harvests and Storage


Autumn is well known for being the harvest season. In the same way that people and animals gather food and store it for the bitter winter approaching, your business should collect important company data and store it in case disaster strikes.

The cloud is a good option for storing information because it allows your data to be secured off-site so you can still access it during a disaster. Instead of losing important data in a disaster, your business will be able to access it quickly and recover with minimal damage.

To make sure you don't miss anything critical in your BC/DR plan, download our disaster recovery checklist.

[INFOGRAPHIC] Data Management in the Cloud Era

Did you know that 70 percent of businesses are managing data in the cloud? If you're still not sure about using cloud services, check out this infographic by our partner, CommVault, to see how businesses are using the cloud.

CommVault cloud data management infographic

If you'd like to learn more about implementing cloud recovery solutions, check out this post.

Businesses That Made a Difference After the Napa Earthquake

Photo by James Gunn via Flickr / Creative Commons License
One hundred red-tagged homes and businesses. More than 200 injured people. Seventy thousand customers without power. This was the aftermath of the 6.0 magnitude earthquake that left Napa Valley in shambles at 3:20 a.m. on August 24.

Yet despite the turmoil, the community banded together to repair the damage wrought on the places they lived and worked. Several businesses, some with damage to their own facilities, stepped forward to help residents get back on their feet again, whether by responding to emergency calls or simply serving coffee.

Pacific Gas and Electric


When 70,000 customers lost power after the earthquake, Pacific Gas and Electric (PGE) worked tirelessly to restore it. Within days of the quake, all customers were back on the grid. PGE also announced on its website that it would conduct gas safety checks at homes and businesses throughout the affected area.

Napa Public Works


After Napa sustained 90 water line leaks, Napa Public Works worked overnight to repair eight of them.

Napa Fire Department


During the first 30 hours after the 3:20 a.m. earthquake, the Napa Fire Department responded to more than 360 service calls, including 92 possible gas leaks, 50 downed power lines and 50 fires.

Queen of the Valley Medical Center


Despite sustaining structural damage to an administrative building and power loss, the Queen of the Valley Medical Center relied on backup generators to reopen its doors. The facility set up two triage tents Sunday night and resumed normal operations on Monday, allowing staff to treat the 200-plus patients that sustained injuries from the quake.

North Napa Post Office


With its facility out of commission due to damage, the North Napa post office set up a tent as a temporary mail drop-off and P.O. box pickup station so residents could still send and receive mail.

Home Depot


The damage to Napa’s local Home Depot store was not as bad as other area businesses, so the company hooked up a generator and opened as usual on Sunday morning. As residents worked to repair the damage to their homes, Home Depot’s emergency order of cleanup supplies such as water heater parts, fittings, garbage bags and water shovels flew off the shelves.

The company also supplied trucks filled with water, garbage cans and bags to a crew of about 40 people, who went house to house helping residents.

Javco Window and Glass


In downtown Napa, the buildings' storefront windows were no match for the earthquake. Employees of Javco Window and Glass spent two days replacing their own damaged glass supply and then helping nearby businesses board up and assess the damage to their broken windows and frames.

VisitNapaValley.com


Napa businesses rely heavily on tourism, so the tourism website VisitNapaValley.com immediately updated its site with information about businesses that had reported they were open. By having this information readily available, tourists were able to determine if they could move forward with vacations they’d previously planned.

Alexis Baking Company


Alexis Baking Company, a local bakery known to residents as ABC, was fortunate enough to have its power restored quickly. When the owner came in to clean up her facility, she decided to set out free pastries and coffee for the community as a way to give back.

It’s organizations like these that demonstrate how having a good disaster recovery plan helps not only the business itself but the community as well. This is not a comprehensive list, however. There are many other unsung heroes helping pull Napa back together. If you know of one, share their story with us in the comments!

Learning From Japan’s Disaster Recovery Strategies

"Post-disaster settings provide opportunities to examine the effectiveness of leadership in mobilizing people and resources in highly dynamic situations." 
— Hirotaka Takeuchi, Harvard Professor of Management Practice

Building surrounded by rubble after the Tohoku earthquakeForbes recently published a story about a Harvard MBA program that allows students to travel around the world exchanging knowledge with leaders at businesses of all sizes, from mom-and-pop shops to mega-corporations.

A subset of this program, called the Immersion Experience Program (IXP), sends about 30 students to Japan annually. There, the students learn how local businesses exercised disaster preparedness and recovery after the 2011 Tohoku earthquake and tsunami.

Here are some key takeaways we gleaned from the write-up about the students’ trip to Japan this year:
  • True resiliency revolves around a comprehensive recovery strategy as well as entrepreneurial innovation.
  • Disaster recovery involves adapting to the needs of the community, not just increasing profitability.
  • Successful CEOs pursue the business’s goals even when faced with adversity.

Read the full article here.

September Is National Preparedness Month

This month is FEMA's National Preparedness Month, which aims to educate and empower Americans to prepare for and respond to all types of emergencies, including natural disasters and potential terrorist attacks.

Prepared, not unprepared.Although we write a lot about emergency preparedness for businesses, being prepared for the unexpected is just as important on a personal level as it is on a business level.

This month, be sure to emphasize the importance of observing the four key steps of being prepared for an emergency:
  • Be informed.
  • Make a plan.
  • Build a kit.
  • Get involved.

Here are three ways you can encourage your employees to prepare for emergencies:

How are you promoting emergency preparedness at your business this month?

[INFOGRAPHIC] Tornadoes: The Power to Destroy Everything

The United States alone experiences approximately 75 percent of the world's known tornadoes, which can occur at any time of the year (if conditions are right).

Check out The Weather Channel's infographic to see how many tornadoes travel through your area each year.


Now that you know the average annual tornadoes in your area, here are some steps that you can take to make sure your business is prepared.

Could Your Business Survive a Sinkhole?

Road damaged by a sinkholeWith nearly 300 ground depressions since 2010, sinkholes are a way of life for Floridians. Due to the thick layers of limestone underneath the entire state that are slowly being eroded by acid rainwater, residents along the East Coast are all too familiar with these rapidly forming holes.

Of course, you should be aware that sinkholes are not limited to Florida. They can be found in about 20 percent of the U.S. in states such as Texas, Alabama, Missouri, Kentucky, Tennessee and Pennsylvania.

Residents and businesses located in these areas were alerted to the financial and physical damage that sinkholes can cause when in early 2014, eight classic corvettes at the National Corvette Museum disappeared into a 30-foot deep hole within seconds. (You can watch the video here.)

Disaster events such as this one may seem mysterious and unpredictable, but there are some warning signs to look for to help protect your business and your employees.

Warning Signs of a Sinkhole 

  • Fresh cracks in the foundation of your building 
  • Doors and windows that fail to shut properly (that previously did so) 
  • Small cracks in the ground around your business 
  • Trees that start to lean 
  • Circular patches of wilting vegetation
  • New ponds that form after it rains 
Though watching for these warning signs will help you identify a cave-in before it occurs, you still might be caught off guard by a sinkhole. Here's what to do if a sinkhole forms in or around your business.

What to Do If a Sinkhole Forms 

  • Call emergency officials immediately. 
  • Place colorful tape/rope around the ground depression to warn others of the sinkhole. 
  • Keep your employees away from the hole. Property owners can be held liable if someone is injured because of negligence. 
  • Have a disaster recovery plan in place to prepare for sinkholes (especially if they force you to set up temporary office space in a safer location).

Want to know how to prepare your business for similar unexpected disasters? Check out how to survive the longest day of the year.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 2

Finger pointing at question mark in the cloudsLast week on our blog we featured Part 1 of a Q&A session with two of our cloud experts: Eric Thompson, solutions architect, and Brandon Tanner, senior manager. The questions were originally included in DRJ's webinar "Using Cloud to Accelerate Workplace Recovery." Attendees wanted to know a lot about the cloud, so we decided to do a two-part blog series. Below is Part 2.

Q: How do you help organizations that operate brick-and-mortar workspaces (e.g., a call center) prepare for remote recovery during a disaster?
A: Working remotely is an option because of the flexibility the cloud provides, but users don’t have to work from home. Customers have options.

Lots of our clients virtualize the infrastructure so applications are running in the cloud. They’ll then replicate the office environment at an alternate location. We can also bring in a mobile unit with preconfigured office space so users can duplicate the back-end infrastructure in the cloud and then couple that with the alternate office area.

If you choose not to have that traditional central office space at time of event, you can have employees work from home through a virtual system using virtual desktops, softphones and other similar technologies.

Either way, it’s about prep. One thing that gets overlooked is validating solutions via test, whether you’re evaluating business functions or going and doing a mobile test. One of the important pieces of testing is that the vendor gets the opportunity to work with the client so they have a better idea of what’s involved. Tabletops are enlightening, but there’s nothing like actually doing a test to set proper expectations.

Q: In the remote DR scenario, do you offer guaranteed response times, specifically for database restoration to storage media?
A: Any vendor will have service level agreements (SLAs) around these types of products, though a lot of the SLAs we see relate to availability and data not being lost. We do have guidelines, depending on what you need to have done, but if you’ve got an RTO tied to an application, you need to validate the process and document the results to make sure it fits your business’s requirements.

Q: How do we connect to the cloud?
A: It depends on cost, compliance and regulatory requirements and what’s available between you and the cloud provider. Our customers usually directly connect to us, but we give you the option to connect through secure VPN, MPLS, the Internet, etc.

Q: If you depend too much on cloud availability, what happens when communications are disrupted?
A: Most all cloud providers have redundancy on their end through multiple carriers. However, we can’t control every point between the two end points. Even the largest providers have had issues. Setting expectations is key. Ask yourself, “What am I solving for by leveraging the cloud? If I don’t have access to it, what does it do to my business?”

Another thing to consider is whether or not the solution is being designed properly and the horsepower is being allocated properly so you don’t have problems on the bandwidth side.

Q: What are your thoughts on public cloud utilization?
A: The public cloud serves a specific sector and need. We deal more with regulated industries that need to have the assurance that their data is at a specific location, stays in the U.S. and is encrypted in transit and at rest.

There’s no straightforward answer. Organizations should do what makes the most sense for them strategically. Some go with the hybrid approach, but it comes back to business functions, applications and the type of data you’re dealing with.

Q: Any final comments on cloud services?
A: To remain competitive, organizations can’t put their head in the sand and decide they’re not going to implement cloud. You have to stay on top of it. You need to start having a cloud strategy that involves more than just one project. It’s no different than DR in that you can’t just put it on the shelf once you’re done, or it’s outdated within a month. It has to be part of the organization’s DNA and thought process to take advantage of what’s out there.

Do you have a question about the cloud we didn't address? Let us know in the comments, and we'll answer it on our blog!

Cloud Compliance: What Auditors Are Looking For

Businessman looking at landscape and maze
In today’s world, many companies are either part of a regulated industry or have been identified as a critical vendor in a customer’s supply chain. These organizations are audited by regulatory bodies such as the Federal Deposit Insurance Corporation and the Office of Civil Rights or by another third-party auditor.

If your company falls into one of these two categories, you’re likely aware that most auditors look to see if your organization has implemented sound risk management and mitigation controls for safeguarding mission-critical data and business processes.

However, as more and more companies and their vendors adopt cloud solutions, you might be wondering what factors auditors consider when evaluating whether or not a cloud solution is compliant.

As a provider of private cloud vaulting and recovery solutions for regulated industries like finance and healthcare, Rentsys Recovery Services is, in auditors’ eyes, an extension of our customers’ organizations. As such, we’re expected to protect and recover each organization with the same level of scrutiny as the institution or practice’s employees. Because it’s imperative our services are conducted in a safe and sound manner while complying with applicable laws and regulations, we've become familiar with the key areas auditors view as potential issues.

Use the guidelines below as a starting point for determining whether or not you and your vendors will pass muster with your auditors.

Security

  • How sensitive is the data that will be placed in the cloud (e.g., confidential, critical, public)?
  • What controls are in place to ensure your data is properly protected?
  • Is any data whose disclosure could harm the organization or its customers appropriately encrypted or protected?
  • Are there controls in place to ensure the integrity and confidentiality of the data?
  • Is the data stored or processed overseas?

Availability

  • Does the cloud solution have an adequate and tested plan to ensure the continuity of operations as well as its ability to recover and resume operations if an unexpected disruption occurs?
  • Does the plan account for the availability of essential communications links?

Privacy

  • Does the cloud solution meet regulatory requirements for safeguarding customer information and other sensitive data?
  • What controls does the service provider have to ensure the integrity and confidentiality of the data?
  • Have the internal controls been evaluated by another auditor?

When determining the feasibility of cloud solutions for your organization, most auditors will expect you to perform thorough due diligence and a risk assessment. Keep in mind that though security, availability and privacy are key elements of sound risk management and risk mitigation controls for cloud services, you may need to consider other elements specific to your industry. A thorough risk assessment should bring those considerations to light.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 1

Cloud-shaped window in modern officeRecently we sponsored a Disaster Recovery Journal (DRJ) webinar, during which two of our associates — Eric Thompson, solutions architect, and Brandon Tanner, senior manager — talked about how cloud solutions can accelerate business recovery. (If you missed the webinar, you can check it out here.)

At the end of the session, attendees had some excellent questions about cloud solutions. If they’re asking these questions, we’re sure others are too, so we’ve compiled a two-part series highlighting some of the questions from the webinar.

Q: How do I know if my environment is ready for the cloud and where do I start?
A: Before making a decision about whether or not you’re ready for cloud, look at your business continuity and disaster recovery (BC/DR) plan, specifically the business impact analysis, to see if it’s up to date.

Evaluate if the business functions are lined up appropriately with the systems and applications interdependencies. Also make sure you’ve assigned the appropriate RTOs from business, client and compliance perspectives. Once you’ve identified those functions and system interdependencies, cloud solutions become viable options.

Q: How do you address requirements for security and segmentation of client data, as well as return of  data at the end of engagement?
A: If you’re evaluating cloud vendors, keep in mind that any vendor needs to have gone through the Service Organization Controls (SOC) 2 audit so you’ll have visibility into the provider’s services. The audit focuses on a business’s nonfinancial reporting controls, availability of service, process integrity, confidentiality and privacy.

In terms of getting data back, companies like Rentsys will work with you to move data to another location by exporting the data to some sort of media. When people move from one platform to another (e.g., physical to virtual), data needs to be both portable and recoverable in the new infrastructure. Know up-front how a vendor handles data migrations.

Q: How is the cloud environment maintained so that it’s current with my in-house production data center?
A: Typically the cloud infrastructure is all handled by the vendor. As far as maintenance, in a traditional cloud model, the cloud vendor owns and operates the hypervisor down through the hardware stack on behalf of your company. You control systems from the OS up. If you're using a replication technology, updates in production will replicate to the cloud. If you’re recovering data, the systems will restore to the latest backup point.

Q: Can you talk about licensing considerations when discussing cloud options?
A: It varies. There are certain software applications that allow you to run a secondary copy at time of event free of charge as part of license. Others may require a separate license, sometimes at a reduced cost in the event of a disaster. Licensing considerations will also depend on the cloud vendor. At Rentsys, for example, physical workstation recovery solutions include licensing as part of the service.

Q: What is the cloud provider responsible for and what is the customer responsible for?
A: The cloud provider’s responsibilities should be documented in a SOC 2 report, and the contracts should be specific about who’s responsible for what. We would also caution you to look closely at what the vendor actually provides, because things are done differently in the cloud. If you’re open-minded, you might be able to take advantage of something you didn’t know existed that’s better for the company.

Do you have any questions about the cloud? Share them in the comments below and stay tuned for Part 2 of our Q&A series!

Why Disaster Recovery Doesn't Have to Equal Panic

crowd running
It's easy to feel overwhelmed when a disaster strikes, especially if it hits your business. As a leader in your organization, you hope to maintain control of the situation. But how can you do that if your employees start to panic?

Believe it or not, it's actually normal for people to remain calm and maintain normal social behavior during a crisis, according to research from the American Society of Safety Engineers (ASSE).

However, this research also shows that "panic is more likely to occur in environments where panic is expected." This means it's crucial to avoid emphasizing panic in your disaster recovery plan and to keep employees informed and involved. Consider your employees' natural response to a disaster and follow the tips below for a smooth recovery.

Plan Ahead


No matter what business interruption comes your way, you have to be prepared to manage it ahead of time. Create a disaster recovery plan that includes protocols for handling different disaster scenarios and make sure your employees know what's expected of them.

It's also important to consider employees' needs throughout the planning process. If a regional disaster strikes, the ASSE study points out that a person being separated from their family can be more stressful than the possibility of injury. In fact, employees are likely to delay evacuations until all family members are accounted for. To alleviate your employees' stress during these situations, you could deploy a Mobile Recovery Center locally to prevent employees from having to relocate to an out-of-town workspace.

Practice Your Plan


Once you have a recovery plan, you need to practice and test it. Without running through your plan, there's no way to know if things will run smoothly when the time comes to use it. Include your employees in these practice runs so they can respond appropriately when a disaster actually strikes.

Testing your disaster recovery plan not only helps your employees feel at ease but also reveals any kinks in your plan. You can't afford to forget minor things, such as pens and notepads, when a disaster strikes. Test your plan once or twice a year to make sure you'll have the smallest details ironed out.

For more tips on preparing for a business interruption, download our Business Continuity Plan Checklist.

College Station Welcomes the Annual Texas Fire Training School

Brayton Fire Field Prop 43 during a fire training session
Watching your company go up in flames is bad, but not having a tested business continuity plan in place is even worse.

Each year in the U.S., firefighters respond to more than a million fires that threaten homes and businesses. And, as we've said before, it's important for you to not only prepare but also to test your disaster recovery plan ahead of time so your employees won't be in the dark about what to do in the event of a fire.

Our headquarters, located in College Station, just so happens to be the home of the Texas A&M Engineering Extension Service (TEEX), the leading firefighting academy in the state. The firefighters that train at this academy each year know a little something about the importance of testing.

This week the Annual Texas Fire Training School hosted a week-long training course for industrial and municipal firefighters at the largest facility in the world, the Brayton Fire Training Field. During these training sessions, thousands of firefighters learned the importance of safety, adaptability and teamwork and took the opportunity to teach the community techniques on how to extinguish fires.

This school is a prime example of the importance of disaster education. In the same way you want firefighters with prior experience and proper training to show up if your business catches fire, your customers want to do business with a company that has a business continuity plan (that's been tested).

While you can't prevent unexpected business disturbances, you can prepare for them so your business doesn't waste unnecessary time, money and reputational damage.

Not prepared for a fire? Check out our Wildfire Preparedness Checklist to get started.

BC/DR for Small, Medium and Large Businesses — Part 3

In Part 1 and Part 2 of this three-part series, we discussed the best disaster recovery options for small and medium businesses, respectively. Our final topic is BC/DR for large businesses.

We live in a world where you, as a large business, must protect your company from both planned and unplanned outages to preserve your brand and shareholder value. With deeper pockets and more manpower than both small and medium businesses, you have a wider range of BC/DR options. You have the capability to outsource nearly all recovery activities, but having more employees reduces the need for everything to be outsourced.

Taking these two factors into consideration, we've mapped out the best BC/DR options for large businesses.

Business and Mobile Recovery Centers


SkyscrapersWe've already mentioned that our Business Recovery Centers (BRCs) and Mobile Recovery Centers (MRCs) are beneficial for both small and medium businesses, but they're also a good recovery option for large businesses. As a large business, you can't afford to take a break if a disaster renders your facility unworkable. To continue business operations, consider using a BRC or MRC as an alternate facility.

If a disaster strikes your building and it's unsafe to work in, you can continue business in one of our fixed-site BRCs. This is the best option for an alternate workspace if you and your employees must relocate and need a facility equipped with voice and data technology, as well as office resources. Our BRCs will provide the hardware and technological infrastructure to ensure you can resume daily business.

If your employees must stay near home, a mobile facility may be a better option. Our MRCs can be deployed to any location you specify, which prevents your employees from relocating. The mobile units will be configured with the data and communications you require so you can continue business as usual and serve your customers during or after a disaster.

Rentsys Continuity Manager (RCM)


Federal mandates require many businesses to have BC and emergency management plans. Even if your business isn't required to have a plan, you still need one to assure their stakeholders and customers that business operations will continue following a disaster.

One of the most challenging aspects of creating a plan is outlining clear action points and goals for every possible scenario that may develop during a disaster. Rentsys Continuity Manager (RCM) software will cover every aspect of a business continuity plan so you can be sure that you're prepared for anything that may crop up during a business interruption or disaster. RCM also generates intelligent risk analysis reports based on your data and will create mitigation strategies for your BC/DR planning and testing.

Professional Planning Services


Although your business may have a BC/DR specialist, it's still tough for a single employee to cover every aspect of BC/DR planning and testing. To make sure nothing is left out of your BC/DR strategies and processes, consider hiring professionals to review and offer recommendations on your plan.

One of the benefits of using professional business continuity consultants is that they will provide your BC/DR strategist with updates on government regulations so you can be sure that your plan complies. Rentsys consultants can also act as your RCM system administrators to design your BC/DR plan, define process dependencies and assign recovery team tasks. By outsourcing these duties, you can be sure that you cover every contingency in your plan.

No matter the size of your business, it's crucial to be prepared for a business interruption. Download our disaster recovery plan checklist to make sure you cover every possible solution. As soon as you have an idea of which solutions you'd like to outsource, contract your recovery services so you're prepared before a disaster strikes.

[PODCAST] Disaster Recovery Is a Lot More Than Data Recovery

Disaster recovery is a lot more than data recovery.
Road sign that says "Disaster Recovery"

This is one of the points David Tedford, National Sales Manager for Rentsys Recovery Services, emphasizes in a recent podcast interview with David Littman, Director of Business Development for Truth in IT.

During the interview, Tedford answers some key questions people have about the types of solutions Rentsys provides. We've highlighted a few of them below, but be sure to listen to the full podcast on Truth in IT’s podcast page.

How Is Rentsys Different From Other Disaster Recovery Providers?


"We provide the hardware, the software and the services related to BC/DR."

In the podcast, Tedford mentions that not all recovery vendors offer solutions to meet all of a business’s recovery needs. He highlights Rentsys’ primary services:

  • Cloud services
  • Colocation
  • Communications recovery
  • Workspace
  • Quickship
  • Business continuity software

Will You Be Able to Recover My Business If There’s a Regional Disaster?


"Our clients… know they have a solution that’s going to work when they need it."

Tedford confidently tells Littman that Rentsys has "the lowest customer-to-asset ratio in the industry." As a result, he explains, we’re not over-subscribed, so we’re able to provide our clients with the services they need when they need them.

What Businesses Are a Good Fit for Rentsys?


"When your environment changes and you want to grow with your solution provider, you want to make sure they have those other solutions already in place."

When Littman asks if Rentsys has a vetting process for customers, Tedford reiterates how important it is for a vendor to meet a customer’s needs versus adding digits to their number of subscribers. He points out four areas they look at when speaking with potential customers:

  • Executive buy-in
  • Past incidents involving systems, data or employee downtime
  • Compliance requirements
  • Budgetary guidelines

To hear what else Tedford has to say about disaster recovery versus data recovery, working with clients to meet their recovery needs and more, listen to the full podcast here.

How to Protect Your Business After a Wildfire

Smoky wildfire at night
On June 9, the Bend wildfire in Oregon marked the start of the 2014 wildfire season. The flames arrived three weeks ahead of schedule, catching residents and businesses off guard.

You might feel you're prepared for a wildfire because you've read about how to prevent wildfires and reduce the risk of your business being destroyed by a fire (especially if your office is located in an area prone to drought).

But do you know how to protect yourself and your employees after a fire? 

Just because a wildfire has been extinguished doesn't necessarily mean that your business is in the clear. To keep your employees and business safe, it's important to be aware of the aftereffects of a wildfire.


Avoid Wildfire Smoke


Following a wildfire, keep an eye on local air quality reports. In 2011, the Natural Resources Defense Council (NRDC) reported that almost 212 million people lived in areas across the U.S. that were affected by wildfire smoke (which can last for about a week after a fire has died down).

It's important to note that the smoke that lingers after a fire is different from other types of fumes, because it carries a mixture of gases and fine particles from plant materials. These particles are dangerous and can cause health problems such as pneumonia.

If the local air quality reports for your area are unsafe, you may need to consider relocating your employees to an alternate fixed-site facility or a mobile unit outside the affected area.


Prepare for Power Outages


Wildfire season also began early for California this year, leaving 5,800 San Diego Gas & Electric customers without electricity for at least 24 hours. If your business were affected by a power outage, could you avoid downtime? By keeping data backed up at an alternate location, you can access business-critical data whenever you need it, regardless of the disaster.

Anticipate Flooding


According to FEMA, wildfires can increase the risk of flooding, because they destroy the vegetation that usually helps absorb water. Flash floods are especially dangerous, so check your area's flood risk and elevation before bad weather arrives. It's also a good idea to purchase flood insurance and inform employees of relocation plans in the event that your business is damaged.

Wildfires, as with any disaster, aren't always preventable. The key to surviving them is to be prepared. For more safety tips and details about wildfires, visit ready.gov/wildfires.

Tornado Season Isn't Over Yet

Tornado
Nearly 40 percent of tornadoes occur between June and August each year. These tornado-heavy months require you to be prepared for severe thunderstorms and high-velocity winds. Here are some steps you can follow to prepare for, react to and recover from a tornado.

Prepare

  • Make sure your disaster recovery plan includes provisions for tornadoes. Practice this plan with your team periodically to avoid confusion in the event of an actual tornado.
  • Have enough water, nonperishable food and medical supplies to last at least 72 hours. 
  • Look for the following danger signs:
    • Dark, often greenish sky
    • Large hail
    • Low-lying clouds (particularly if rotating)
    • Loud roar, similar to a freight train
  • If you see approaching storms or any of the above danger signs, be prepared to take shelter immediately.

    React

    • Listen to a battery-operated radio or television for important weather updates.
    • Know the difference between a tornado watch and a tornado warning.
    • If indoors, stay away from windows and glass doors and go to the lowest floor of the building. Seek shelter in a small center room, under a stairwell or in an interior hallway with no windows.

    Recover

    • Account for all employees and address any staff injuries. For the severely injured, contact 911.
    • When conditions are safe, inspect your building for damage. Take pictures for insurance purposes.
    • If you come across any loose or dangling power lines, keep away from them and inform the power company immediately
    • Refer to your detailed disaster recovery assessment to determine the next steps for continuing business operations.

    Check out our Tornado Preparedness Checklist for other items you should gather before a tornado.