Many small businesses and medium-sized companies resist developing a disaster recovery (DR) strategy because they don’t want to spend money that could be allocated toward more immediate concerns, such as sales, marketing, and technology that will scale the business.
But treating DR like a luxury is like treating fire insurance as merely an option: You’re only asking for trouble, or worse. The Institute for Business Safety writes, “Each year disasters such as floods, hurricanes, tornadoes, and wildfires force thousands of businesses to close. But even more common events, such as building fires, cause the same result. Our research shows at least 25 percent of those businesses that close following events such as these do not reopen.”
Even a temporary loss of the data center and network can be costly. In fact, hourly losses from 50,000e up to millions of euro are considered common.
Companies that avoid investing in DR often do so because they can’t confidently calculate the return on investment, which is understandable as accurately valuing digital assets and assessing risk is difficult. What’s your data worth? Is it all equally valuable? What can you do to ensure business continuity?
Define acceptable costs and losses in the event of a disaster
Begin by establishing acceptable recovery parameters. This means specifying a Recovery Time Objective (RTO) and a Recovery Point Objective (RPO).
The RTO is the maximum amount of time your company is willing to tolerate from the moment of disaster until when operations are back online. To determine RTO, analyze your company’s business processes and operations, as well as costs of downtime and available budget.
The RPO defines how much data your business can afford to lose, as measured in seconds, minutes, hours, or days. Enterprises typically set different RTOs and RPOs for different systems, assigning lower RTOs and RPOs to mission-critical systems, whose loss doesn’t directly impact revenue (in the short term, anyway).
If you determine that your business can afford to be offline for more than 24 hours, a “cold DR solution” – in which data simply is backed up and copies kept offsite – is sufficient. If your RTO is 15 minutes or less, you’ll need “hot DR” capabilities, including ready stand-by systems and frequently replicated data. For RTOs of seconds or less, live, fault-tolerant, and long-distance disaster recovery is a necessity.
The final step is to calculate the expected ROI. The factors to consider are:
➢ Unprotected downtime (the time required to restore operations without a DR solution)
➢ Protected downtime (restoration time with a DR solution)
➢ Hourly revenue realized (annual revenue divided by total working hours in a year)
Multiply both downtimes by hourly revenue to determine the loss for each. The difference of those represents avoided loss. Then apply this formula to estimate the ROI of a DR solution:
ROI = (Avoided loss - Cost of DR solution / DR solution cost x 100%)