Companies can replace or recover most assets of the organization, but in many cases, “most” is not good enough. The mass amount of data generated over the years is far too valuable and irreplaceable for companies not to have intact. Accordingly, data recovery has evolved from an internal necessity to a strategic and sustainable competitive advantage.
The move towards a tightly integrated, just-in-time supply chain places very stringent requirements on the organization. In order to ensure that Service Level Agreements (SLAs) are met, business continuity and resiliency during a disaster are now regarded as standard business practices. As such, it is important for manufacturing executives to explore their organization’s role from an external perspective – from the point of view of the supply chain ecosystem of which they are a link. When looking at the firm from that vantage point, the critical factor to ensure is that the organization does not become the “weakest link” within the chain. Otherwise the company affected by disruptions (whether disaster-related, human-induced or planned system maintenance) faces not only the obvious financial and non-financial impacts of downtime (direct production outage costs, damaged reputation, etc.), but worse yet, being replaced by a competitor that understands the value of business resiliency as a strategic competitive advantage.
In addition to financial blows stemming from delivery penalties and contract breach expenses down the road, financial auditors frequently require proper disaster recovery (DR) and business continuity (BC) plans. In fact, not having such plans in place can be seen not only as neglect, but as failure to fulfill fiduciary duties to stakeholders, which can expose the business, as well as its executives, to severe penalties. Because the stakes are high and disruptions can have rippling effects through the supply chain, these factors contribute to the emergence of more stringent requirements placed on organizations’ DR solutions in the form of enterprise-level governance, risk and compliance (EGRC). They also result in the need for an integrated approach toward more standardized business continuity management practices, which include the introduction of global ISO standards for BCM and similar initiatives.
These shifts in business management lead to information and communication technology becoming not just an expense factor for businesses to “deal with,” but rather a critical contributor to meeting business objectives – one that drives real, tangible business benefits by assisting with data mining and business analytics, consolidation and data archival for compliance requirements.
Process and People Considerations
It is important for an organization to consider its business continuity efforts as a holistic, strategic initiative with the necessary due process and analysis. Disaster recovery is best evaluated in the context of how it can integrate into EGRC and other initiatives as opposed to employing a traditional daily tape backup process with suboptimal RPO and RTO characteristics that would hardly satisfy the needs of any modern supply chain and corporation.
When disaster recovery is viewed as an ongoing program, not a one-off project, it is more likely to be refined as business requirements evolve. From this strategic perspective, program implementation, on-going monitoring, testing and maintenance, as well as periodic audits and certifications, are important steps of a successful execution.
One major trend in data protection has been the shift in strategy by organizations and their IT departments away from thinking in terms of disaster recovery towards a more comprehensive disaster resiliency. This change ensures that the business can not only recover from a disaster, but that it can do so enduring minimal interruption, risk and adverse impacts to the supply chain.
With respect to the people aspect of business continuity, disaster recovery practitioners are often asked about outsourcing in both SMB-type organizations and large enterprises. Outsourcing is neither inherently good nor bad, but due to resource constraints, it is the right strategy in certain instances. There are, however, consequences that should be considered before seeking outside help. First, there are ever-present cultural differences and nuances that can result in major misunderstandings when working with an outsourced supplier. Unwittingly, the company may enter the world of international risk management in such possible minefields as political climate and unrest in the foreign country, foreign relations, etc. – risks that need to be recognized and managed, mitigated, accepted or hedged. These factors can have significant ramification for the company’s disaster recovery and business continuity risks.
During the last decade, there have been several technological trends impacting data protection and recovery. The disaster recovery industry witnessed significant consolidation, with specialized vendors taking center stage. This realignment was accelerated by the recessionary business cycle. There has also been a shift in pricing and availability. Advanced disaster recovery and high availability (HA) solutions that once only larger companies could afford are now within the financial reach of small- and medium-sized businesses (SMBs). Relying on outdated tape backup methodologies is no longer the only option since affordability and ease of use of disaster recovery solutions have markedly improved.
For example, logical and host-based replication, continuous data protection, and the virtualization options to achieve high levels of utilization on available hardware all became important building blocks of disaster recovery solutions.
IT executives of manufacturing firms of any size have several choices when it comes to disaster recovery solutions. Most commonly, the business purchases a complete solution from a vendor. What is important to consider is the comfort-level with the vendor. Accordingly, the due diligence process should include consideration of the longevity, size and financial strength of the provider.
In rare instances, a manufacturer will rely on a DR solution developed in-house. While this may appear to be an inexpensive solution, it inherently has a few problematic issues, such as outdated IT capabilities, inferior RPO and RTO, as well as the lack of ongoing maintenance. Furthermore, when there is the need to go through a disaster recovery exercise, no vendor is available for assistance.
Recently there has been much coverage of cloud-type offerings for disaster recovery. There is an enticing value proposition in the on-demand nature of cloud offerings. That’s because they can shift the balance from capital expenses to operating expenditures and can avoid overburdening existing meager manufacturing IT resources. Virtualization advancements led to the ability to consolidate at a greater degree, which opened a window of opportunity for DR specialist firms to market virtualized computing resources over private or public clouds. This shift means that DR and HA can now more readily be procured on a pay-as-you go basis. While hosted DR solutions have long been an accepted practice, utilizing cloud solutions for DR in the enterprise segment is still in its early stages with various details to be ironed out. Among these are security concerns and cloud vendor’s prioritization of clients when resources get tight in reaction to a regional disaster.
A Strategic Initiative
These are some of the major issues today’s manufacturing IT executives face as they work to ensure that they meet their fiduciary duties to stakeholders and position their organizations for greater agility in a dynamic and globalized manufacturing environment. As such, it is important to approach business continuity and disaster recovery as a holistic strategic initiative that can drive real, positive bottom line impact. To do this successfully requires careful consideration of people, processes and technology along the journey, thereby further positioning the IT infrastructure as a strategic asset and advantage to the company.