Backing up Your Files for Disaster Recovery Isn’t Enough

If you’re not an IT person but are involved in business continuity and need to be familiar with your business’s disaster recovery (DR) plan, how do you know if your organization is using the right data backup and recovery solution? The specific answer will vary based on your organization’s size and industry, but one thing holds true for all organizations: You need a solution that can back up your environment, not just your files. We’ll explain why.

File-Sharing Services



Files open on laptop
End users love online file-sharing solutions such as Dropbox and Google Drive. It’s not hard to see why: The interfaces are user friendly, files can be automatically synced across devices, and data is easily accessible.

When it comes to recovery, however, file-sharing services are a mixed bag. On the one hand, being able to recover a single file or subset of files at the click of a button is great.

Recovering a large amount of data, as in the case of a total system failure, is another story. Sorting through duplicate backups and then recovering all your files can be a time-consuming process (not to mention the fact that you’ll have to rebuild your system environment from scratch). Even worse, people using file-sharing services have recounted horror stories of permanently losing chunks of data due to system bugs and syncing issues.

If your organization is subject to regulatory requirements such as HIPAA or FFIEC guidelines, file-sharing services present yet another set of challenges, because they don’t have adequate built-in measures for protecting sensitive information. For instance, even though data might be encrypted while it’s stored within the service’s interface, it’s not protected if the files are shared. One company even discovered that links to people’s personal tax returns and mortgage applications were showing up in pay-per-click ads.

While file-sharing services do have benefits, it’s important to remember that even though some vendors offer solutions that are marketed for enterprise use, they were originally designed for the individual consumer and don’t readily translate to a business-wide backup solution.

System-Based Backup Solutions


Hands typing on keyboard
Earlier we mentioned that in the event of a total system failure, a file-sharing service is only helpful for recovering files. This is one of the areas where system-based backup and recovery solutions offer a clear advantage: They create copies of your operating systems, configurations and data and then back them up to a storage appliance or cloud service.

When a total system recovery is necessary, you can recover the image to the destination hardware without having to manually reconfigure the system. To shorten recovery times, save on storage space and reduce bandwidth, you can use deduplication to back up only the unique versions of a file, as opposed to keeping copies of each file every time it’s saved.

System-based solutions can also be ideal for maintaining compliance — especially because, as FFIEC guidelines state, “The primary risk associated with data and program back-up is the inability to recover systems, applications, and data in case of a disaster or other disruptive event.” To find out if a specific solution meets compliance requirements, verify that the vendor has undergone an audit such as Service Organization Controls 2.

Best of Both Worlds



Regardless of your organization’s size or industry, relying on a file-sharing service as your DR solution won’t cut it. Fortunately there are system-based DR solutions on the market that offer the benefits of file-sharing services — portability, cross-device compatibility and ease of use — without sacrificing security. BlackVault Managed Recovery, for example, allows you to back up and restore individual files as well as full systems through a single portal interface.

Have you encountered challenges from file-sharing services that we didn’t cover in our post? Share them with us in the comments!

What to Put in Your Winter Preparedness Kit

Snowy roadThe first day of winter is almost here, and that means we all have to gear up for the colder weather and icy roads. Make sure you’re equipped by keeping a winter preparedness kit in your car. Here are some critical items to remember:

  • Ice pick
  • Snow shovel and brush
  • Basic tool kit with screwdrivers, pliers and a wrench
  • Bag of traction material like kitty litter or sand
  • Flashlight with extra batteries
  • Items to keep you warm, such as extra clothes, gloves, hats and blankets
  • Booster cables
  • First aid kit 
  • Nonperishable food items (such as granola bars) 
  • Water
  • Warning flares
  • Reflective triangles

With these items, you'll be prepared to handle the wintry roads. For more winter tips, check out our post “What to do When... There Is Too Much Snow.”

Research Shows That the Demand for Healthcare Cloud Services Is Growing

Doctor standing in front of cloud conceptIn recent years, regulatory mandates such as HIPAA have forced healthcare organizations to approach business continuity differently, particularly when it comes to big data management.

With electronic data volumes growing by about 40 percent annually, healthcare practices are having to innovate in the way they manage data, while keeping in mind objectives such as recovering data and reducing the likelihood of security breaches.

Efficient management of high-value data is also becoming important to improving quality of care. In a recent survey by the American Health Information Management Association, nearly all healthcare professionals (more than 90 percent) said that valuable information “helps improve care quality, contain costs and analyze clinical, business and financial performance.” 

Cloud solutions are making it possible for a more streamlined data management process. But are healthcare organizations taking advantage of these solutions? Do they have the resources available to do so? Recent research says yes.

A report by Frost & Sullivan indicates that by 2020 the total value of the healthcare cloud market will be in the neighborhood of $3.5 billion. In a separate survey by Dimensional Research and sponsored by Equinix, 74 percent of North American survey respondents said they expected a larger budget in 2015.

With their increased budgets, providers will look for the following features in a cloud services solution (criteria are gathered from both surveys):

  • Security
  • Operational efficiency
  • Lower up-front costs
  • Access to on-demand capacity
  • Quick deployment
  • Easier management of IT staff
  • Direct connections to cloud providers
In response, disaster recovery and business continuity vendors are launching cloud solutions that meet healthcare providers’ specific needs. Check out how one healthcare organization is using the cloud to manage their data.

[Webinar Recap] Aligning IT Disaster Recovery With Workplace Continuity: Do You Know What the Options Are?

Closeup of phone, computer, keyboard and mouseThis week we hosted a webinar with the Disaster Recovery Journal. The session addressed a topic we’ve seen cropping up more and more these days: “Aligning IT Disaster Recovery With Workplace Continuity: Do You Know What the Options Are?”

The Two Essential Components of Business Recovery


As Rentsys National Sales Manager David Tedford explained during the webinar, two of your business’s mission-critical assets are its systems — such as office technology, communications hardware and business continuity planning software — and its people.

You need both to fully recover, but sometimes your IT recovery time objectives (RTOs) just aren’t in sync with your workplace recovery capabilities. This is especially the case now that at least 63 percent of businesses have an RTO of less than 24 hours [PDF], whether due to operational needs or compliance requirements.

Bridging the Gap Between IT Disaster Recovery and Workspace Continuity


[Chart] IT Availability Continuum
Finding the right disaster recovery (DR) solution is not typically an issue. After all, most people who manage their company’s DR strategy are familiar with the IT availability continuum, from traditional backup on the low-cost, low-RTO end to server and storage clustering on the higher-cost, short-RTO end.

You know how to recover your systems, applications and processes, but what about your employees?

As David pointed out during the session, you can find workspace continuity solutions that correspond with IT recovery solutions in terms of RTO. For example, a modular workspace has a similar recovery window as traditional backup. On the other end of the spectrum, a virtual desktop interface solution can keep up with the short RTO of server and storage clustering.

To hear about the available workspace solutions, the pros and cons of each and examples of real-life applications, view the webinar here.

The Importance of Implementing a Voice Call Recovery Solution

If the voice communications network went down at your office today, would you be able to recover your phone systems quickly and efficiently?

A lineup of business telephonesVoice connectivity is a crucial factor of a business continuity and disaster recovery (BC/DR) plan, because not having the ability to receive or deliver calls negatively affects your company’s ability to do business as usual.

For instance, if a large part of your employees’ jobs involves talking on the phone with clients or prospects, not having a functioning voice communications network slows their productivity.

By the time you get your infrastructure back up and running, your staff could be forced to work overtime to deal with a backlogged workflow, incurring unnecessary expenses for your business.

In addition to the financial strain of being unavailable by phone, your prospects and clients might view you as unreliable if they can’t reach you to have their concerns addressed promptly, which could damage future client relationships.

A comprehensive BC/DR plan should include steps for implementing a voice call recovery solution during a business interruption. For tips on how to keep your voice network up, check out our post "How to Prepare for Your Phone Systems Going Down."

Most Commonly Forgotten BC/DR Items

A red string tied around a finger as a reminderIf a disaster affected your city right now, what resources would you need to keep your business operational?

This question can be answered by creating a thorough business continuity and disaster recovery (BC/DR) plan. However, implementing this type of plan can be stressful (especially if it's your first attempt).

We know it can be easy to forget some critical items along the way. We talked to a few of our DR coordinators to come up with some questions to remind you of what's important when coordinating your BC/DR plan.

How Will Your Data Be Backed Up?



We've talked about the importance of backing up your business-critical data, but don't forget to:

  • Keep a list of passwords in a secure location that more than one person can access in case the designated person is unavailable after a disturbance.
  • Arrange for on-site security to prevent someone from gaining unauthorized access to hardware containing your data.
  • Know which equipment you'll need to restore your backup data after a disaster and test it beforehand.

How Will You Supply Power to Your Building? 



Whatever type of facility you choose to use, make sure you plan how you will power it. Having a generator on hand (or using a third-party vendor to supply you with one) to keep operations running could be useful, but to make sure can keep the lights on during a power outage, don't forget to:

  • Preconstruct a manual transfer switch that allows for a quick connection of the generator to your building (if you source a rental generator).
  • Have enough fuel on hand to power generators.
  • Have a supply of low-wattage light bulbs to reserve generator power for office technology or other crucial equipment.

How Will You Communicate During a Disaster?



Being able to communicate with your employees, customers and the public is crucial during a disaster. When planning how to keep the lines of communication open, don't forget to:

  • Develop a list of employees' personal phone numbers and email addresses.
  • Plan how to communicate with your employees internally and how to address the incident with the general public.
  • Discuss with customers, investors and vendors beforehand how you will contact them after a disaster.

What Resources Do You Need at Your Temporary Workspace?



A business disturbance could leave your office building uninhabitable. You may have provisions for a temporary workspace in your BC/DR plan, but the details are what help keep your business running. When choosing a temporary office space, don't forget to:

  • Check the amount of bandwidth offered to make sure employees can work without interruption.
  • Make sure bathroom facilities are available.
  • Determine if your employees will need special accommodations such as a wheelchair ramp.
  • Coordinate the delivery of office equipment such as printers, copiers, fax machines, telephones and other office supplies.

The key to any BC/DR plan is testing. You'll learn where your weaknesses are and have the chance to solve any problems before a real disaster hits. To learn about the importance of testing, check out this video featuring our expert disaster recovery coordinators.

Natural Disasters: Real-Life Horror Films

Man backlit creepilyWith Halloween right around the corner, we’re entering the season for horror movies. Some moviegoers enjoy the rush of adrenaline that comes with watching a horror flick and leave the theater thoroughly entertained. However, while disasters can be thrilling on the silver screen, they’re not enjoyable in real life. Natural disasters can cause immense damage and generate hefty business costs.

Fortunately, with a little bit of warning and a lot of preparation, you can prepare your business for a disaster and recover efficiently. We’ve noticed that a few things that happen in horror movies also happen before real life disasters. Here are a few signs that a disaster is coming and how to prepare for it.

Your Bottom Line Gets Slashed



Small businesses, which are hit hardest by natural disasters, suffer a median income loss of $3,000 each day that operations are down. The loss of income combined with the recovery and repair expenses causes some business to close temporarily while recovering. Unfortunately, 25 percent of businesses that close after a disaster do not reopen, which means it’s essential to avoid closing for any length of time after a disaster.

The most important aspect of disaster recovery is to actually have a plan in place. Some companies underestimate the logistics required to recover successfully and quickly after a disaster strikes. This disorganization only adds chaos to the situation and could ultimately be the reason they fail. Create a comprehensive disaster recovery plan and test it regularly so you’re prepared to keep your business running after a disaster.

The Lights Flicker



When a natural disaster hits, electricity is often the first thing to go. Particularly with the aging North American energy infrastructure, power outages are increasingly common. In the event of a power outage at your office, most of your technology will be inoperative and business will cease. You might think your employees can simply work from home, but there are several logistical issues with that method, such as bandwidth, VPN concentrators, terminal server sessions and more.

Instead, prepare your business to overcome power outages by arranging an alternate workspace ahead of time, such as a fixed-site Business Recovery Center (BRC) or Mobile Recovery Center (MRC). The technology in both a BRC and an MRC can be preloaded with your company’s data. If your employees can be temporarily relocated, a BRC is your best option, as it’s a full office building. However, if employees need to stay put, an MRC can be delivered to any location you specify so you can continue work even from the parking lot of your existing building.

The Phone Lines Get Cut



High-speed wind can knock out telephone lines pretty quickly and easily. When a massive natural disaster strikes, it could be days (or even weeks, as was the case during the Hurricane Sandy aftermath) before communication lines are restored.

Contracting third-party network and voice call recovery services is the best way to give your business the resilience to recover from a communications outage. This will allow you to continue business and stay connected to your customers and partners during your disaster recovery efforts.

Don’t let these typical horror happenings put you out of business. To get started creating your plan, check out our business continuity plan checklist.

Reflections on Hurricane Sandy

Tomorrow marks two years since Hurricane Sandy first formed in the Caribbean before wreaking havoc on the East Coast.

With customers in Manhattan, we saw some of the aftermath firsthand.

We witnessed the damages that would ultimately land Sandy among the ranks of the worst natural disasters of 2012 (the damages amounted to $65 billion).

Utility trucks lining the streets of Union Square
Con Edison electrical services
preparing for Sandy in Union Square
Vehicles driving through pouring rain
East Williamsburg Brooklyn
during the beginning of Sandy
Dark, dimly lit street
14th Street in Manhattan after Sandy






















We heard about the challenges our clients faced: widespread power outages, downed voice circuits and inaccessible office space.

Throughout the affected areas’ recovery efforts, our clients — who, by the way, had comprehensive disaster recovery plans in place — and other companies have shown us that businesses are key to a community’s recovery, whether it’s donating money to relief efforts or selling critical services and providing jobs.

Was your business affected by Sandy? Share your experience with us in the comments.

Five Disasters Caused by Human Error

Man holding laptop looking horrifiedYou know that natural disasters can wreak havoc on your business. We’ve already seen plenty proof of that this year: the polar vortex in the Midwest and Southeast, the tornado outbreak in the South, the San Diego firestorm, etc.

Sometimes, though, disasters aren’t naturally occurring phenomena, but rather the unfortunate result of human error. That’s why it’s important for your business to be prepared for all types of events, regardless of the cause.

Over the years, employees’ mistakes have cost businesses downtime, reputational damage and monetary loss. Below are five notable examples.

Data for 19,000 Colorado Employees Goes Missing


Late in 2007, an employee of the state of Colorado misplaced a USB drive while transporting it between work sites. Unfortunately, the device contained nearly 19,000 current and former employees' Social Security numbers and possibly addresses. The employee was disciplined for not following protocol, and IT officials were tasked with the arduous process of determining whose information the USB drive contained so all 19,000 individuals could be notified.

Train Runs Stop Signal



In 2008, a Metrolink commuter train engineer caused a wreck considered "the nation’s deadliest rail disaster in 15 years" when he ran a stop signal in Los Angeles and collided with a freight train. The accident decimated the train and resulted in 25 deaths and 135 injuries. Investigators determined that the engineer had been texting while operating the train. His last text had been sent 22 seconds before the crash.

Kansas City Hotel Walkway Collapses



More than 1,000 partygoers at an event being held at Kansas City’s Hyatt Regency Hotel in 1981 became victims of an engineer team’s design flaw when a skywalk on the fourth floor collapsed. The structure dislodged other structures made of steel, concrete and glass, which resulted in the deaths of 114 people. The engineers were stripped of their licenses.

Incorrect Command Wipes Pixar Server



The creators of Pixar’s "Toy Story 2" nearly saw two months and hundreds of hours of hard work disappear when someone ran an incorrect command and erased the server where the movie’s files were stored. Thankfully, one of the company’s directors had a backup (the only one) stored on her computer at home, and the movie was saved.

Power Outage Affecting Millions of Customers



In 2011, an Arizona Power Service employee single-handedly caused a power outage affecting Arizona, Southern California and Mexico. The worker had been performing routine maintenance at a substation in Arizona, but instead triggered a cascade of outages affecting millions of customers across the power grid.

Human error is inevitable, but when it affects your business’s success, be sure you’re equipped to deal with the aftermath.

To start creating or re-evaluating your plan, check out our Business Continuity Plan Checklist.

The Beginning of Autumn and Business Continuity

Tomorrow marks the first day of autumn: a season with falling leaves, cooler weather and an abundance of pumpkins. Many are using this time to prepare for the upcoming holidays, but the season itself can serve as a reminder to look at your business continuity and disaster recovery (BC/DR) efforts.

In many ways, autumn and business continuity are alike. In case you don't see the similarities right off the bat, we've listed some below.

Continuous Changes


Business people walking amongst Autumn treesDuring autumn, it's well known that the leaves and temperature change along with the length of days, but what's less prominent is the fact that the starting date of the season shifts from year to year. The first day of autumn constantly changes between September 22 and 23, due to the amount of time it takes the earth to orbit the sun. It even occurs on September 24 every 372 years.

Much like autumn, your business experiences constant changes. Because of these changes, your BC/DR strategies must adapt to fit your business's evolving needs. Consulting professional business continuity planners on a regular basis will ensure that your efforts match your needs.

Equal Measures


In Latin, the term "equinox" means "equal night," which is a reference to the nearly equal amount of sunlight and darkness on the day of the autumnal equinox. This half-and-half relationship reminds us of the equal importance of planning and testing a BC/DR plan.

Planning for a disaster involves more than thinking about what you might do in case of an emergency. A concrete plan must be created and distributed among your organization. By doing so, when you experience a business interruption, you can simply reference and enact your plan instead of trying to recall from memory what you thought would be best.

Planning is most valuable when it's backed up by testing. Testing reveals problems with your plan before a disaster occurs. It's important to test before you have to implement your plan so you can fill the gaps before you're recovering from a catastrophe.

Harvests and Storage


Autumn is well known for being the harvest season. In the same way that people and animals gather food and store it for the bitter winter approaching, your business should collect important company data and store it in case disaster strikes.

The cloud is a good option for storing information because it allows your data to be secured off-site so you can still access it during a disaster. Instead of losing important data in a disaster, your business will be able to access it quickly and recover with minimal damage.

To make sure you don't miss anything critical in your BC/DR plan, download our disaster recovery checklist.

Businesses That Made a Difference After the Napa Earthquake

Photo by James Gunn via Flickr / Creative Commons License
One hundred red-tagged homes and businesses. More than 200 injured people. Seventy thousand customers without power. This was the aftermath of the 6.0 magnitude earthquake that left Napa Valley in shambles at 3:20 a.m. on August 24.

Yet despite the turmoil, the community banded together to repair the damage wrought on the places they lived and worked. Several businesses, some with damage to their own facilities, stepped forward to help residents get back on their feet again, whether by responding to emergency calls or simply serving coffee.

Pacific Gas and Electric



When 70,000 customers lost power after the earthquake, Pacific Gas and Electric (PGE) worked tirelessly to restore it. Within days of the quake, all customers were back on the grid. PGE also announced on its website that it would conduct gas safety checks at homes and businesses throughout the affected area.

Napa Public Works



After Napa sustained 90 water line leaks, Napa Public Works worked overnight to repair eight of them.

Napa Fire Department



During the first 30 hours after the 3:20 a.m. earthquake, the Napa Fire Department responded to more than 360 service calls, including 92 possible gas leaks, 50 downed power lines and 50 fires.

Queen of the Valley Medical Center



Despite sustaining structural damage to an administrative building and power loss, the Queen of the Valley Medical Center relied on backup generators to reopen its doors. The facility set up two triage tents Sunday night and resumed normal operations on Monday, allowing staff to treat the 200-plus patients that sustained injuries from the quake.

North Napa Post Office



With its facility out of commission due to damage, the North Napa post office set up a tent as a temporary mail drop-off and P.O. box pickup station so residents could still send and receive mail.

Home Depot



The damage to Napa’s local Home Depot store was not as bad as other area businesses, so the company hooked up a generator and opened as usual on Sunday morning. As residents worked to repair the damage to their homes, Home Depot’s emergency order of cleanup supplies such as water heater parts, fittings, garbage bags and water shovels flew off the shelves.

The company also supplied trucks filled with water, garbage cans and bags to a crew of about 40 people, who went house to house helping residents.

Javco Window and Glass



In downtown Napa, the buildings' storefront windows were no match for the earthquake. Employees of Javco Window and Glass spent two days replacing their own damaged glass supply and then helping nearby businesses board up and assess the damage to their broken windows and frames.

VisitNapaValley.com



Napa businesses rely heavily on tourism, so the tourism website VisitNapaValley.com immediately updated its site with information about businesses that had reported they were open. By having this information readily available, tourists were able to determine if they could move forward with vacations they’d previously planned.

Alexis Baking Company



Alexis Baking Company, a local bakery known to residents as ABC, was fortunate enough to have its power restored quickly. When the owner came in to clean up her facility, she decided to set out free pastries and coffee for the community as a way to give back.

It’s organizations like these that demonstrate how having a good disaster recovery plan helps not only the business itself but the community as well. This is not a comprehensive list, however. There are many other unsung heroes helping pull Napa back together. If you know of one, share their story with us in the comments!

Learning From Japan’s Disaster Recovery Strategies

"Post-disaster settings provide opportunities to examine the effectiveness of leadership in mobilizing people and resources in highly dynamic situations." 
— Hirotaka Takeuchi, Harvard Professor of Management Practice

Building surrounded by rubble after the Tohoku earthquakeForbes recently published a story about a Harvard MBA program that allows students to travel around the world exchanging knowledge with leaders at businesses of all sizes, from mom-and-pop shops to mega-corporations.

A subset of this program, called the Immersion Experience Program (IXP), sends about 30 students to Japan annually. There, the students learn how local businesses exercised disaster preparedness and recovery after the 2011 Tohoku earthquake and tsunami.

Here are some key takeaways we gleaned from the write-up about the students’ trip to Japan this year:

  • True resiliency revolves around a comprehensive recovery strategy as well as entrepreneurial innovation.
  • Disaster recovery involves adapting to the needs of the community, not just increasing profitability.
  • Successful CEOs pursue the business’s goals even when faced with adversity.

Read the full article here.

September Is National Preparedness Month

This month is FEMA's National Preparedness Month, which aims to educate and empower Americans to prepare for and respond to all types of emergencies, including natural disasters and potential terrorist attacks.

Prepared, not unprepared.Although we write a lot about emergency preparedness for businesses, being prepared for the unexpected is just as important on a personal level as it is on a business level.

This month, be sure to emphasize the importance of observing the four key steps of being prepared for an emergency:

  • Be informed.
  • Make a plan.
  • Build a kit.
  • Get involved.

Here are three ways you can encourage your employees to prepare for emergencies:


How are you promoting emergency preparedness at your business this month?

[INFOGRAPHIC] Tornadoes: The Power to Destroy Everything

The United States alone experiences approximately 75 percent of the world's known tornadoes, which can occur at any time of the year (if conditions are right).

Check out The Weather Channel's infographic to see how many tornadoes travel through your area each year.


Now that you know the average annual tornadoes in your area, here are some steps that you can take to make sure your business is prepared.

Could Your Business Survive a Sinkhole?

Road damaged by a sinkholeWith nearly 300 ground depressions since 2010, sinkholes are a way of life for Floridians. Due to the thick layers of limestone underneath the entire state that are slowly being eroded by acid rainwater, residents along the East Coast are all too familiar with these rapidly forming holes.

Of course, you should be aware that sinkholes are not limited to Florida. They can be found in about 20 percent of the U.S. in states such as Texas, Alabama, Missouri, Kentucky, Tennessee and Pennsylvania.

Residents and businesses located in these areas were alerted to the financial and physical damage that sinkholes can cause when in early 2014, eight classic corvettes at the National Corvette Museum disappeared into a 30-foot deep hole within seconds. (You can watch the video here.)

Disaster events such as this one may seem mysterious and unpredictable, but there are some warning signs to look for to help protect your business and your employees.

Warning Signs of a Sinkhole 



  • Fresh cracks in the foundation of your building 
  • Doors and windows that fail to shut properly (that previously did so) 
  • Small cracks in the ground around your business 
  • Trees that start to lean 
  • Circular patches of wilting vegetation
  • New ponds that form after it rains 
Though watching for these warning signs will help you identify a cave-in before it occurs, you still might be caught off guard by a sinkhole. Here's what to do if a sinkhole forms in or around your business.

What to Do If a Sinkhole Forms 



  • Call emergency officials immediately. 
  • Place colorful tape/rope around the ground depression to warn others of the sinkhole. 
  • Keep your employees away from the hole. Property owners can be held liable if someone is injured because of negligence. 
  • Have a disaster recovery plan in place to prepare for sinkholes (especially if they force you to set up temporary office space in a safer location).

Want to know how to prepare your business for similar unexpected disasters? Check out how to survive the longest day of the year.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 2

Finger pointing at question mark in the cloudsLast week on our blog we featured Part 1 of a Q&A session with two of our cloud experts: Eric Thompson, solutions architect, and Brandon Tanner, senior manager. The questions were originally included in DRJ's webinar "Using Cloud to Accelerate Workplace Recovery." Attendees wanted to know a lot about the cloud, so we decided to do a two-part blog series. Below is Part 2.

Q: How do you help organizations that operate brick-and-mortar workspaces (e.g., a call center) prepare for remote recovery during a disaster?
A: Working remotely is an option because of the flexibility the cloud provides, but users don’t have to work from home. Customers have options.

Lots of our clients virtualize the infrastructure so applications are running in the cloud. They’ll then replicate the office environment at an alternate location. We can also bring in a mobile unit with preconfigured office space so users can duplicate the back-end infrastructure in the cloud and then couple that with the alternate office area.

If you choose not to have that traditional central office space at time of event, you can have employees work from home through a virtual system using virtual desktops, softphones and other similar technologies.

Either way, it’s about prep. One thing that gets overlooked is validating solutions via test, whether you’re evaluating business functions or going and doing a mobile test. One of the important pieces of testing is that the vendor gets the opportunity to work with the client so they have a better idea of what’s involved. Tabletops are enlightening, but there’s nothing like actually doing a test to set proper expectations.

Q: In the remote DR scenario, do you offer guaranteed response times, specifically for database restoration to storage media?
A: Any vendor will have service level agreements (SLAs) around these types of products, though a lot of the SLAs we see relate to availability and data not being lost. We do have guidelines, depending on what you need to have done, but if you’ve got an RTO tied to an application, you need to validate the process and document the results to make sure it fits your business’s requirements.

Q: How do we connect to the cloud?
A: It depends on cost, compliance and regulatory requirements and what’s available between you and the cloud provider. Our customers usually directly connect to us, but we give you the option to connect through secure VPN, MPLS, the Internet, etc.

Q: If you depend too much on cloud availability, what happens when communications are disrupted?
A: Most all cloud providers have redundancy on their end through multiple carriers. However, we can’t control every point between the two end points. Even the largest providers have had issues. Setting expectations is key. Ask yourself, “What am I solving for by leveraging the cloud? If I don’t have access to it, what does it do to my business?”

Another thing to consider is whether or not the solution is being designed properly and the horsepower is being allocated properly so you don’t have problems on the bandwidth side.

Q: What are your thoughts on public cloud utilization?
A: The public cloud serves a specific sector and need. We deal more with regulated industries that need to have the assurance that their data is at a specific location, stays in the U.S. and is encrypted in transit and at rest.

There’s no straightforward answer. Organizations should do what makes the most sense for them strategically. Some go with the hybrid approach, but it comes back to business functions, applications and the type of data you’re dealing with.

Q: Any final comments on cloud services?
A: To remain competitive, organizations can’t put their head in the sand and decide they’re not going to implement cloud. You have to stay on top of it. You need to start having a cloud strategy that involves more than just one project. It’s no different than DR in that you can’t just put it on the shelf once you’re done, or it’s outdated within a month. It has to be part of the organization’s DNA and thought process to take advantage of what’s out there.

Do you have a question about the cloud we didn't address? Let us know in the comments, and we'll answer it on our blog!

Cloud Compliance: What Auditors Are Looking For

Businessman looking at landscape and maze
In today’s world, many companies are either part of a regulated industry or have been identified as a critical vendor in a customer’s supply chain. These organizations are audited by regulatory bodies such as the Federal Deposit Insurance Corporation and the Office of Civil Rights or by another third-party auditor.

If your company falls into one of these two categories, you’re likely aware that most auditors look to see if your organization has implemented sound risk management and mitigation controls for safeguarding mission-critical data and business processes.

However, as more and more companies and their vendors adopt cloud solutions, you might be wondering what factors auditors consider when evaluating whether or not a cloud solution is compliant.

As a provider of private cloud vaulting and recovery solutions for regulated industries like finance and healthcare, Rentsys Recovery Services is, in auditors’ eyes, an extension of our customers’ organizations. As such, we’re expected to protect and recover each organization with the same level of scrutiny as the institution or practice’s employees. Because it’s imperative our services are conducted in a safe and sound manner while complying with applicable laws and regulations, we've become familiar with the key areas auditors view as potential issues.

Use the guidelines below as a starting point for determining whether or not you and your vendors will pass muster with your auditors.

Security



  • How sensitive is the data that will be placed in the cloud (e.g., confidential, critical, public)?
  • What controls are in place to ensure your data is properly protected?
  • Is any data whose disclosure could harm the organization or its customers appropriately encrypted or protected?
  • Are there controls in place to ensure the integrity and confidentiality of the data?
  • Is the data stored or processed overseas?

Availability



  • Does the cloud solution have an adequate and tested plan to ensure the continuity of operations as well as its ability to recover and resume operations if an unexpected disruption occurs?
  • Does the plan account for the availability of essential communications links?

Privacy



  • Does the cloud solution meet regulatory requirements for safeguarding customer information and other sensitive data?
  • What controls does the service provider have to ensure the integrity and confidentiality of the data?
  • Have the internal controls been evaluated by another auditor?

When determining the feasibility of cloud solutions for your organization, most auditors will expect you to perform thorough due diligence and a risk assessment. Keep in mind that though security, availability and privacy are key elements of sound risk management and risk mitigation controls for cloud services, you may need to consider other elements specific to your industry. A thorough risk assessment should bring those considerations to light.

Q&A: Eric Thompson and Brandon Tanner on Cloud Services — Part 1

Cloud-shaped window in modern officeRecently we sponsored a Disaster Recovery Journal (DRJ) webinar during which two of our associates — Eric Thompson, solutions architect, and Brandon Tanner, senior manager — talked about how cloud solutions can accelerate business recovery.

At the end of the session, attendees had some excellent questions about cloud solutions. If they’re asking these questions, we’re sure others are too, so we’ve compiled a two-part series highlighting some of the questions from the webinar.

Q: How do I know if my environment is ready for the cloud and where do I start?
A: Before making a decision about whether or not you’re ready for cloud, look at your business continuity and disaster recovery (BC/DR) plan, specifically the business impact analysis, to see if it’s up to date.

Evaluate if the business functions are lined up appropriately with the systems and applications interdependencies. Also make sure you’ve assigned the appropriate RTOs from business, client and compliance perspectives. Once you’ve identified those functions and system interdependencies, cloud solutions become viable options.

Q: How do you address requirements for security and segmentation of client data, as well as return of  data at the end of engagement?
A: If you’re evaluating cloud vendors, keep in mind that any vendor needs to have gone through the Service Organization Controls (SOC) 2 audit so you’ll have visibility into the provider’s services. The audit focuses on a business’s nonfinancial reporting controls, availability of service, process integrity, confidentiality and privacy.

In terms of getting data back, companies like Rentsys will work with you to move data to another location by exporting the data to some sort of media. When people move from one platform to another (e.g., physical to virtual), data needs to be both portable and recoverable in the new infrastructure. Know up-front how a vendor handles data migrations.

Q: How is the cloud environment maintained so that it’s current with my in-house production data center?
A: Typically the cloud infrastructure is all handled by the vendor. As far as maintenance, in a traditional cloud model, the cloud vendor owns and operates the hypervisor down through the hardware stack on behalf of your company. You control systems from the OS up. If you're using a replication technology, updates in production will replicate to the cloud. If you’re recovering data, the systems will restore to the latest backup point.

Q: Can you talk about licensing considerations when discussing cloud options?
A: It varies. There are certain software applications that allow you to run a secondary copy at time of event free of charge as part of license. Others may require a separate license, sometimes at a reduced cost in the event of a disaster. Licensing considerations will also depend on the cloud vendor. At Rentsys, for example, physical workstation recovery solutions include licensing as part of the service.

Q: What is the cloud provider responsible for and what is the customer responsible for?
A: The cloud provider’s responsibilities should be documented in a SOC 2 report, and the contracts should be specific about who’s responsible for what. We would also caution you to look closely at what the vendor actually provides, because things are done differently in the cloud. If you’re open-minded, you might be able to take advantage of something you didn’t know existed that’s better for the company.

Do you have any questions about the cloud? Share them in the comments below and stay tuned for Part 2 of our Q&A series!

Why Disaster Recovery Doesn't Have to Equal Panic

crowd running
It's easy to feel overwhelmed when a disaster strikes, especially if it hits your business. As a leader in your organization, you hope to maintain control of the situation. But how can you do that if your employees start to panic?

Believe it or not, it's actually normal for people to remain calm and maintain normal social behavior during a crisis, according to research from the American Society of Safety Engineers (ASSE).

However, this research also shows that "panic is more likely to occur in environments where panic is expected." This means it's crucial to avoid emphasizing panic in your disaster recovery plan and to keep employees informed and involved. Consider your employees' natural response to a disaster and follow the tips below for a smooth recovery.

Plan Ahead



No matter what business interruption comes your way, you have to be prepared to manage it ahead of time. Create a disaster recovery plan that includes protocols for handling different disaster scenarios and make sure your employees know what's expected of them.

It's also important to consider employees' needs throughout the planning process. If a regional disaster strikes, the ASSE study points out that a person being separated from their family can be more stressful than the possibility of injury. In fact, employees are likely to delay evacuations until all family members are accounted for. To alleviate your employees' stress during these situations, you could deploy a Mobile Recovery Center locally to prevent employees from having to relocate to an out-of-town workspace.

Practice Your Plan



Once you have a recovery plan, you need to practice and test it. Without running through your plan, there's no way to know if things will run smoothly when the time comes to use it. Include your employees in these practice runs so they can respond appropriately when a disaster actually strikes.

Testing your disaster recovery plan not only helps your employees feel at ease but also reveals any kinks in your plan. You can't afford to forget minor things, such as pens and notepads, when a disaster strikes. Test your plan once or twice a year to make sure you'll have the smallest details ironed out.

For more tips on preparing for a business interruption, download our Business Continuity Plan Checklist.

College Station Welcomes the Annual Texas Fire Training School

Brayton Fire Field Prop 43 during a fire training session
Watching your company go up in flames is bad, but not having a tested business continuity plan in place is even worse.

Each year in the U.S., firefighters respond to more than a million fires that threaten homes and businesses. And, as we've said before, it's important for you to not only prepare but also to test your disaster recovery plan ahead of time so your employees won't be in the dark about what to do in the event of a fire.

Our headquarters, located in College Station, just so happens to be the home of the Texas A&M Engineering Extension Service (TEEX), the leading firefighting academy in the state. The firefighters that train at this academy each year know a little something about the importance of testing.

This week the Annual Texas Fire Training School hosted a week-long training course for industrial and municipal firefighters at the largest facility in the world, the Brayton Fire Training Field. During these training sessions, thousands of firefighters learned the importance of safety, adaptability and teamwork and took the opportunity to teach the community techniques on how to extinguish fires.

This school is a prime example of the importance of disaster education. In the same way you want firefighters with prior experience and proper training to show up if your business catches fire, your customers want to do business with a company that has a business continuity plan (that's been tested).

While you can't prevent unexpected business disturbances, you can prepare for them so your business doesn't waste unnecessary time, money and reputational damage.

Not prepared for a fire? Check out our Wildfire Preparedness Checklist to get started.

How to Protect Your Business After a Wildfire

Smoky wildfire at night
On June 9, the Bend wildfire in Oregon marked the start of the 2014 wildfire season. The flames arrived three weeks ahead of schedule, catching residents and businesses off guard.

You might feel you're prepared for a wildfire because you've read about how to prevent wildfires and reduce the risk of your business being destroyed by a fire (especially if your office is located in an area prone to drought).

But do you know how to protect yourself and your employees after a fire? 

Just because a wildfire has been extinguished doesn't necessarily mean that your business is in the clear. To keep your employees and business safe, it's important to be aware of the aftereffects of a wildfire.


Avoid Wildfire Smoke


Following a wildfire, keep an eye on local air quality reports. In 2011, the Natural Resources Defense Council (NRDC) reported that almost 212 million people lived in areas across the U.S. that were affected by wildfire smoke (which can last for about a week after a fire has died down).

It's important to note that the smoke that lingers after a fire is different from other types of fumes, because it carries a mixture of gases and fine particles from plant materials. These particles are dangerous and can cause health problems such as pneumonia.

If the local air quality reports for your area are unsafe, you may need to consider relocating your employees to an alternate fixed-site facility or a mobile unit outside the affected area.


Prepare for Power Outages


Wildfire season also began early for California this year, leaving 5,800 San Diego Gas & Electric customers without electricity for at least 24 hours. If your business were affected by a power outage, could you avoid downtime? By keeping data backed up at an alternate location, you can access business-critical data whenever you need it, regardless of the disaster.

Anticipate Flooding


According to FEMA, wildfires can increase the risk of flooding, because they destroy the vegetation that usually helps absorb water. Flash floods are especially dangerous, so check your area's flood risk and elevation before bad weather arrives. It's also a good idea to purchase flood insurance and inform employees of relocation plans in the event that your business is damaged.

Wildfires, as with any disaster, aren't always preventable. The key to surviving them is to be prepared. For more safety tips and details about wildfires, visit ready.gov/wildfires.

Tornado Season Isn't Over Yet

Tornado
Nearly 40 percent of tornadoes occur between June and August each year. These tornado-heavy months require you to be prepared for severe thunderstorms and high-velocity winds. Here are some steps you can follow to prepare for, react to and recover from a tornado.

Prepare



  • Make sure your disaster recovery plan includes provisions for tornadoes. Practice this plan with your team periodically to avoid confusion in the event of an actual tornado.
  • Have enough water, nonperishable food and medical supplies to last at least 72 hours. 
  • Look for the following danger signs:
    • Dark, often greenish sky
    • Large hail
    • Low-lying clouds (particularly if rotating)
    • Loud roar, similar to a freight train
  • If you see approaching storms or any of the above danger signs, be prepared to take shelter immediately.

React



  • Listen to a battery-operated radio or television for important weather updates.
  • Know the difference between a tornado watch and a tornado warning.
  • If indoors, stay away from windows and glass doors and go to the lowest floor of the building. Seek shelter in a small center room, under a stairwell or in an interior hallway with no windows.

Recover



  • Account for all employees and address any staff injuries. For the severely injured, contact 911.
  • When conditions are safe, inspect your building for damage. Take pictures for insurance purposes.
  • If you come across any loose or dangling power lines, keep away from them and inform the power company immediately
  • Refer to your detailed disaster recovery assessment to determine the next steps for continuing business operations.

Check out our Tornado Preparedness Checklist for other items you should gather before a tornado. 

[INFOGRAPHIC] Extreme Heat Safety this Fourth of July

The Fourth of July is coming up, and that means fireworks, hot dogs and summertime fun all around. It also means you're likely to spend more time outdoors than usual. If you're not prepared, the heat that goes along with this time of year could prove to be deadly, as it does for up to 1,000 people a year. Check out this infographic from the Center for Disease Control and Prevention to see how you can prevent heat-related illnesses and death.

CDC Infographic

 For more disaster preparedness tips, check out our  "What to Do When" posts.

[INFOGRAPHIC] Strike Back Against Lightning

This week is Lightning Safety Week, so the National Weather Service is providing some tips on how to stay safe when lightning strikes, whether you're indoors or outdoors.

If you hear thunder, you're at risk for a lightning strike and need to head inside to stay protected. The 2014 Lightning Safety Week slogan "When Thunder Roars, Go Indoors!" may help you and your employees remember this crucial tip.

Once you're indoors, you're not necessarily in the clear. For a few indoor lightning safety tips, check out State Farm's infographic below.

Strike Back Against Lightning






























Review the severe weather safety reminders to be sure you're prepared for the storms that come with summer.

How to Survive the Longest Day of the Year

The summer solstice is commonly known as the longest day of the year, but for many businesses, there's another one: the day a disaster strikes.

Disasters can make normal days seem never-ending, especially if you're unprepared. To keep disaster days from feeling endless, make sure you're prepared to handle whatever may come your way. Follow these tips to start preparing.

businessman checking off boxesPlan Ahead



If you don't have a business continuity plan, you could waste valuable time and effort rushing to recover when a disaster hits. Make sure you create a business continuity and disaster recovery plan before the need arises, so you'll be prepared for any disaster that hits your business.

Working with a team of experts will help ensure that nothing is left out of your recovery plan. After you've created your plan, make sure you test it regularly (one to two times a year) to ensure that recovery and continuity efforts will flow smoothly during a crisis.

Embrace the Cloud



It's nearly impossible to resume work after a disaster when customer and company information are inaccessible. To combat this problem, consider investing in cloud services.

Cloud vaulting and recovery allows you to continue business as usual during a disaster because your company data can be accessed from any location as long as there's Internet access. Remaining operational during a disaster can build your reputation for reliability and earn your customers' trust.

Designate an Alternate Workspace



When a disaster strikes, you won't want to scramble to find a place to continue your business operations. Instead, incorporate an alternate workspace into your business continuity plan ahead of time. There are several options for this, including work-from-home strategies, fixed-site workspaces and mobile workspaces.

Working from home after a disaster can be convenient, but it comes with its own set of challenges. For example, the additional network traffic volume can cause hiccups in uptime at best and a system outage at worst. Logistical issues may be overcome after testing a few times, but a better option might be a fully operational fixed-site workspace.

Moving your operations to a fixed-site workspace is a good solution if employees live nearby or can temporarily relocate. If there isn't a fixed-site location nearby, a mobile facility may be a better solution.

mobile workspace in front of office buildingOne of the advantages of mobile workspaces is that they can be placed at any location you specify, which allows your employees to stay close to home.

For more tips on preparing your business for a disaster, download our disaster preparedness checklists.

Are You Ready for Hurricane Season?

Trees blowing in a hurricane
Hurricane season began June 1, and the National Oceanic and Atmospheric Administration (NOAA) is predicting a mild season composed of eight to 13 tropical storms and three to six hurricanes. This is due in part to the phenomenon known as El Niño, a band of warm ocean water temperatures that changes rain and temperature patterns around the world every few years.

Though conditions are favorable for a calmer season, there are still some steps you need to take to prepare your business and employees in the event that a hurricane does come your way.

Before



  • Make sure your disaster recovery plan includes provisions for hurricanes. Run through this plan with your team and practice what to do in the event of an actual hurricane.
  • Arrange an emergency kit with enough nonperishable food and water to last all your employees at least 72 hours. You should also have bottled water on hand for sanitary purposes. (Check out our Hurricane Preparedness Checklist for other items you should gather before a hurricane.)
  • Make sure trees and shrubs around your business are well trimmed to prevent falling limbs from damaging your building.
  • If your business is located in a high-rise building, be prepared to take shelter on a lower floor in an interior room with no windows.


 During



  • Listen to a battery-operated radio or television for important weather updates.
  • Avoid using the phone, except for during a serious emergency.
  • Stay indoors, away from windows and glass doors. Don't be fooled if there's a lull; it could be the eye of the storm — winds will usually pick up again.


 After



  • Anticipate extended rainfall and subsequent flooding after the hurricane has ended.
  • Inspect your building for damage. Take pictures for insurance purposes.
  • If you come across any loose or dangling power lines, keep away from them and inform the power company immediately.

Check out more helpful tips on how to prepare for hurricane season here.

[INFOGRAPHIC] Business Continuity and Disaster Recovery

Research shows that 80 percent of businesses without a well structured recovery plan are forced to shut down within 12 months of a flood or a fire, proving that preparation really does make a difference. Take a look at this infographic from Dell to learn more about the effects a disaster recovery plan (or lack thereof) could have on your business-critical data. 



Dell Infographic "Business Continuity and Disaster Recovery"
Now that you know the importance of a disaster recovery plan, check out our best practices on how to keep your data secure in the cloud

Compliance Concerns Are Rising — Here's What You Can Do About It

digital numbers with digitized lock
According to Accenture's 2013 Global Risk Study, regulatory requirements rank as a top-five risk category for financial, government, insurance and other industries. In fact, 30 percent more companies plan to increase their compliance efficiency.

The rising concern with compliance stems from both changes in legislation (such as Basel III and Dodd-Frank) and tighter corporate governance requirements.

Compliance Challenges Businesses Face


When it comes to compliance, businesses often have difficulty keeping up with the constant changes. There are several aspects to keep up with, so it sometimes gets pushed to the back burner.

The Rising Popularity of Technology

Today businesses have the ability to use technology for most every business function, from communications to supply chain fulfillment. In many cases, technology helps businesses achieve regulatory compliance due to the requirement for disaster recovery plans.

For example, when Hurricane Katrina stuck New Orleans, LA, over 1 million paper medical files were destroyed, leaving the hospitals responsible for those records noncompliant. (Federal law requires hospitals to retain five years of patient records.) But by the time Hurricane Sandy struck, hospitals in Manhattan had a disaster recovery protocol in place with electronic files and were prepared for the storm.

The problem is, it's also become more difficult to maintain higher volumes of data and stay consistent. In fact, 99 percent of companies believe that managing compliance risk is a top priority, but only 29 percent of businesses are currently capable of managing risk activities.

Insufficient Communication With Regulators

Businesses are struggling with efficiently responding to regulatory changes, and 57 percent say a communication breakdown with the government is to blame. To help deal with this challenge, some businesses, particularly in the banking industry, are creating positions for dedicated regulatory program managers. But this creates another problem. Now 58 percent of companies report a shortage in regulatory program manager talent.

Disjointed Corporate Response to Regulations

It's essential for all business functions to mesh, especially when it comes to compliance. If only half of the departments are considered compliant, the business is still noncompliant. Yet 48 percent of companies think senior management lacks integrated responses to regulatory reform. Similarly, 40 percent of businesses think that the long-term strategies don't align with regulatory reform. 

How You Can Respond to Compliance Concerns


Accenture reports that "many industries are being forced to rethink their business models, processes, reporting and data structures to better enable effective regulatory solutions." If your business is struggling to manage large amounts of data, stay up-to-date on regulations, retain in-house risk management experts or sync your business's goals with regulations, it might be time to look outside your walls for help.

Using a professional planning consultant who's familiar with your industry can help you manage growing amounts of data, monitor regulatory changes and help your company develop a cohesive risk management strategy.


Do you have any other tips for improving compliance efficiency? 

Popular Posts