Companies in the SMB (small and medium-sized business) market segment (between 100 and 1,000 employees and less than US$1 billion in annual revenue) often don’t have the expertise or financial resources to formulate and then implement formal business continuity and disaster recovery (BCDR) plans like larger enterprises.
In a recent Aberdeen Benchmark Report, Business Continuity: Implementing Disaster Recovery Strategies and Technologies, it was reported that more than 44 percent of companies with 100 to 1,000 employees did not have a BCDR strategy in place. These organizations are truly vulnerable and risking much. However, even companies that have a formal plan may not have the degree of readiness that assures business continuance in face of a disruption.
Business Context
There are numerous potential events, both natural and man-made, that can be catastrophic to a company, confounding attempts to develop and implement a BCDR strategy. It is difficult to comprehend the devastation of a future event, let alone create a comprehensive approach to meet and survive it. So far, companies in the SMB market segment have been somewhat lax in developing a comprehensive BCDR plan.
SMB companies are dichotomous in their approach to BCDR, with a similar amount stating that they are planning to implement as those stating that they have had a plan in place for the past two years.
In general, SMB companies have demonstrated a distinct personality in their approach to BCDR from the issues that drive them to implement a strategy through the criteria employed in selecting a BCDR vendor.
BCDR Strategy Implementation
Developing, implementing and maintaining a BCDR plan requires a commitment of time and resources. The critical concern driving an SMB company to allocate these resources is the risk of business interruption. Eighty-six percent of SMB companies agreed that this is the top concern, followed — at a distance — by the loss of critical business data.
Although many SMB companies fear a business interruption and the possibility of losing critical data, there are challenges that these companies identify that have limited a significant percentage of them from undertaking this activity. The most critical challenge — identified by almost 58 percent of SMB organizations — was in understanding the scope and complexity of the requirement.
In addition, 33 percent mentioned anticipated costs as a gating item. Understanding the length and depth of the BCDR problem is the key inhibitor to implementation. Training and education is a need to have for that 42 percent without a strategy.
Supporting Activities
The significant minority of SMBs without a BCDR plan are in need of training and ROI assessment. Those with a plan in place need to conduct a number of functions to support and maintain this activity. By far, the most important function is backup. Ninety-six percent of SMBs reported the backup of physical server data as an important activity followed closely (at 88 percent) by regular file-level backup and by backup of the server operating system (80 percent).
An accurate and timely backup system is a key component to recovering from an unplanned system outage of any size or origin. While a significant majority of SMB organizations back-up daily, only 22 percent back-up in real time.Several technologies are being deployed by SMB for backup, the most popular of which is physical tape library (84 percent) followed by disk-to-disk backup (46.7 percent) and disk mirroring (46.7 percent).
Addressing Business Continuity Issues
In addition to supporting activities, there are also some distinct actions taken by SMBs to address issues with business continuity and anticipate potential problems and bottlenecks. The actions undertaken by the most SMB companies are creating infrastructure to support business continuity (57.8 percent) and establishing/maintaining a BCDR plan (42.2 percent). The prominence of these two base activities over the more advanced issues such as standardizing procedures (24 percent) and establishing remote worker strategies (4.4 percent) is indicative of the primitive state that most of the SMBs find themselves within on this function.
Having a BCDR plan is a good first step, but only a first step. If the plan is not tested regularly, organizations will have no idea whether it works as expected or even at all. While testing is imperative to be truly prepared, it is also extremely difficult and disruptive. Oftentimes, companies must plan a test some time in advance, hence insuring that all groups are prepared for the system shutdown. This in itself results in a test occurring in optimal conditions, hardly what would be expected in a real emergency. However, SMB companies do not test their plans that often. Only 20 percent test their plans quarterly or more frequently, while 24 percent do not test on a regular basis at all.
Even the best and most comprehensive BCDR plan gets stale over time. Conditions change, new threats emerge and old threats evolve to the point that plans can easily get out of date and become ineffective. A BCDR plan is not a “build it and forget it” activity. Those SMB organizations with a formal BCDR plan update them infrequently. Sixty four percent update their plan annually or less frequently.
As stated before, 44 percent of SMB companies do not have a BCDR strategy in place. There is no question about their vulnerability. However, those with a plan in place often appear to be unjustifiably complacent. The combination of infrequent testing and even less frequent updating does not describe a highly prepared segment.
Key Takeaways
Most SMB companies continue to ignore the benefits of a BCDR plan. These companies now need to:
- Implement a BCDR plan sooner rather than later;
- Establish the infrastructure to manage and update this plan on a regular basis; and
- Incorporate plan testing as a periodic event but test under as realistic conditions as possible.
The SMB segment needs to be particularly concerned with company wide system shutdowns. They can not wait until a disaster of company ending proportions occurs before allocating the resources to do this right. Unlike their bigger competitors, many SMB’s will not be able to weather a major disruption. A well tooled plan could be their key to continual survival.
Click here to read the full Aberdeen Benchmark report.
Jeffrey Hill is a senior research analyst in the data management and storage practice group at the Aberdeen Group. He can be reached at [email protected].
David Evancha is a research editor in the technology markets group at Aberdeen. He can be reached at [email protected].
Tom Karol is a research associate in the Aberdeen Group’s technology markets area. He can be reached at [email protected].
When we decided to make the switch from a "technology solutions" company to a Business Continuity Company, our Managed Services business grew tremendously.
Lester Keizer
CEO
Ron Cook’s Connecting Point
Las Vegas NV.