HOW TO SELL DISASTER RECOVERY TO SENIOR MANAGEMENT

💥EXECUTIVE SUMMARY 💥

If you’re like many organizations and you have an inadequate disaster recovery (DR) program that leaves you vulnerable to risks, such as loss of revenue or penalties and fines, not to mention the potential for negative impacts to your business reputation due to downtime or data loss, then this article is for you. 

Despite these risks, you’re likely having a difficult time justifying an adequate investment in DR to your senior management. You may feel like the only way you can attract management’s attention to this issue is to manually pull the plug on your data center on a regular basis.
This article gives you strategies for getting on the same page as senior management regarding DR. 

These strategies include: 

• Striking the use of the term “disaster” from your vocabulary, making sure management understands the return on investment (ROI) of IT Recovery;
• Speaking about DR the right way - in terms of risk mitigation;
• Pointing management toward a specific solution.

---

💥HAVING TROUBLE SELLING DR TO SENIOR MANAGEMENT?💥

One reason relates to common attitudes towards risk. While people are risk-averse and willing to pay to mitigate risk, they do so only when their own money is at stake. When company money is on the line, they’re far more willing to take risks. As a Senior Analyst at Forrester Research said, “Organizations are willing to accept far more risk than I would have ever thought possible.”

Another reason for this challenge is that organizations, like yours, believe that they have a comprehensive DR program when, in fact, their program is incomplete. Organizations often install backup/recovery hardware and software but fail to consider the processes necessary to implement a DR solution.

This includes:

• ✳Mapping business processes to all the supporting applications and IT systems so the DR plan protects the entire business process rather than isolated applications;
• ✳Develop complete recovery processes to ensure that the data at the center is fully recoverable;
• ✳Fully testing DR plans with end user and application stakeholders' involvement;
• ✳Pre-configuring and validating end-user access;
• ✳Using the results of testing to optimize recovery plans;
• ✳Implementing comprehensive processes for change management to sync recovery processes to changes in IT systems;
• ✳Categorizing business criticality with application tiering
• ✳Educating and collaborating with management on tiering structures for better RTO and RPO outcomes and the business impact.

---

💥HAVING AN INADEQUATE DR PLAN CAN NEGATIVELY IMPACT YOUR ORGANIZATION💥

What happens when you have an inadequate DR plan:

• ✳Interrupted service - During Hurricane Dorian in 2019, data centers throughout the Southeastern U.S. and Canada experienced interruptions due to flooding.
• ✳Lost sales and revenue - In 2019, American Airlines confirmed there was an issue with the Sabre flight reservation and booking system, used by several major airlines-including WestJet, Alaska Airlines, and JetBlue. Any type of downtime can cause millions of dollars in lost sales and revenue. 
• ✳High costs - 93% of companies without Disaster Recovery who suffer a major data disaster are out of business within one year. 
• ✳Potential supply chain disruptions - Disruptions to one partner can cause problems for partners up and down the supply chain, which means that a company may not be able to deliver products due to events that occur around the world.
• ✳Loss of reputation due to bad press about an outage - For example, on February 7, 2019, Wells Fargo tweeted, “We’re experiencing a systems issue that is causing intermittent outages, and we’re working to restore services as soon as possible. We apologize for the inconvenience.” Many customers returned with tweets bashing the bank which affected Wells Fargo’s reputation and ultimately their business.

Despite these risks, many IT organizations continue to face significant challenges in persuading senior management to provide the budget necessary to implement comprehensive DR programs.

---

💥CAPTURE THE ATTENTION OF SENIOR EXECS💥

So how can you get your executives to pay attention to DR so you can protect your organization from data center interruptions? 

The following strategies can help you achieve this goal:

• ✨Strike the term “disaster” from your vocabulary. When people think about disasters, they imagine low-probability events, such as widespread regional outages caused by floods, earthquakes, and acts of terrorism. Yet most downtime is caused by mundane events, including hardware failure, severe weather, human error, or power outages. In addition, there has also been a rise in malicious employee-based incidents and external security events causing havoc in IT environments. Senior management is far more likely to pay attention to high-probability events. By excising the word “disaster” from your vocabulary, and referring to this challenge as IT Recovery, you can prevent senior management from seeing DR as something necessary only for unlikely events.
• ✨Refer to IT recovery in terms of risk mitigation. C-level executives understand the concept of risk and are comfortable thinking in terms of risk mitigation. Talk about the risk of losing thousands to hundreds of thousands of dollars in revenue due to the interruption of a mission-critical application. One way to approach this would be: 
  • 📒Identify all the risks. 
  • 📒Prioritize them by probability and business impact, which is defined as the hours of downtime multiplied by the cost per hour of downtime. Remember that costs can vary seasonally. The cost of downtime may be greater when the organization is working on end-of-year financials or during peak holiday seasons. 
  • 📒Ask executives to identify the risks they’re willing to mitigate versus the risks they are willing to accept (leave unmitigated).
  • 📒Work with executives to develop a program that starts with mitigating the highest-probability, highest-impact risk, but that then evolves over time to address lower-probability events.
• ✨Explain the benefits of IT Recovery. Make sure management understands the benefits they can achieve from IT recovery, including:
  • 📒Get a competitive advantage. A customer experiencing one frustrating event can easily move their business elsewhere. 
  • 📒Generate more revenue. At the most basic level, faster recovery means your mission-critical, revenue-supporting applications stay, well, up. But you can also turn IT recovery into a revenue-generating mechanism. For example, an outsourcing customer is charged one price for hosting an application-as-a-service and a higher price for recovering that application. 
  • 📒Address supply chain demands. When your organization is part of a supply chain, your customers may demand to know what will happen if you go down. By implementing an IT recovery program, you can respond to these customer demands. 
  • 📒Meet regulatory and compliance requirements. Many laws and regulations require organizations to implement risk mitigation policies, practices, and procedures. An IT recovery program allows you to meet these requirements. 
  • 📒Fulfill service-level agreements (SLAs). Many business agreements include SLAs that specify penalties for noncompliance or non-performance. An IT recovery plan helps organizations avoid these penalties. 
  • 📒Meet fiduciary responsibilities. C-level executives commit to implementing practices and programs that protect their business. CFOs must be responsible stewards of their shareholder’s assets. 
  • 📒C-level executives can go to jail or receive personal fines if they don’t comply with these requirements. This is why C-level executives’ roles require them to think about IT recovery.
• ✨Point Management to a Specific Solution. It may work best to not simply focus on the fact that management needs to spend more on IT recovery but rather to recommend which applications require an active recovery plan. To simplify implementation, think about cloud IT recovery just as you would any other business process.

---

💥SHOULD YOU PERFORM IT RECOVERY IN-HOUSE OR OUTSOURCE?💥

Outsourcing can play a key role in implementing your IT recovery process. To help you determine whether this is the appropriate course for your organization, ask yourself the following questions:

1. Do you face any regulations that would prohibit outsourcing❓➡ Even if such regulations exist, you may be able to outsource strategically. Look at your organization and determine whether you have any tasks that you are permitted to outsource. By offloading these tasks, you can focus internal resources on areas that are highly regulated.
2. Do you fear a loss of control❓➡ By employing an outside party to provide IT services, you may be concerned that you are letting another group of individuals access your data and systems. To mitigate this risk, make sure that the outsourced service provider has safeguards to protect information against unauthorized access or false manipulation during creation, transmission, storage, and retrieval operations involving third parties. Also, be sure the outsourcer understands and addresses your compliance requirements.
3. Are you concerned about increased risk❓➡ Some cloud service providers are viewed as taking control away from your organization’s IT department, which may cause concern about whether you are truly protected. If you are concerned with loss of control, select a cloud service provider that operates as an extension of your IT organization under your guidelines.
4. Do you want to lower your total cost of ownership (TCO) for your IT recovery program❓➡ With traditional on-premises DR solutions, you need to purchase hardware, software, and other infrastructure according to a 1:1 scale for your production data center, and then you will need to purchase more as your data grows. The overall TCO for an outsourced DR solution-including the program, hardware, and recovery software significantly lower than for in-house solutions. Lower hardware and software costs result from the outsourced provider’s ability to achieve economies of scale when acquiring technology for use by a large number of customers as well as specialized expertise in implementing and maintaining these solutions. Outsourced service providers reduce program costs by investing in automation technologies, including libraries and templates of run-books and procedures, that dramatically reduce the time it takes to develop. At the same time, the expertise, pre-developed procedures, and automation that service providers deliver all work together to make IT recovery programs more effective.

---

💥DO YOU WANT TO FOCUS ON IT RECOVERY INSTEAD OF BUSINESS STRATEGY?💥

Many organizations find that having in-house staff perform IT recovery diverts valuable IT resources from supporting the organization’s core business activities. Faced with the high costs and substantial staff necessary to design and implement an IT recovery plan, many organizations are turning to managed service providers to perform these tasks rather than do so in-house.

With considerable expertise specifically devoted to IT recovery, cloud service providers can help you achieve the following:

• Speed ➡DRaaS provides much faster, automated, and more reliable recovery options than traditional DR approaches with years of DR expertise. 
• Lower cost and improvements to reliability ➡ Many IT services traditionally performed on-premises are now available as a service, eliminating the additional costs of investing in infrastructure and capital expenses. 
• Improved administration ➡ Lowers the administrative burden placed on IT and frees up team members to handle tasks that provide greater business value. 
• Seamless redundancy and scalability ➡ Provide peace of mind with no loose ends to chase or worry about. Services provide cost-effective redundancy for all critical business information systems but also enable routine validation testing. 
• Global standardized solution ➡ One provider, one technology, and one solution can give you global accessibility from one interface.

---

💥ARE YOU CONFIDENT THAT YOUR SYSTEMS AND DATA ARE RECOVERABLE?💥

Given the risks you have identified, can you prove to your board of directors that you can recover when you need to? Usually, the best way to provide this proof is through regular testing or third-party audits (for companies in highly regulated industries).
⏰Testing is essential to ensure a DR plan works properly, but it can take days to manually adjust and retest, shutting down both production and recovery sites. Businesses can take about 50 hours 
for test planning, on average. Setting up and tearing down the test environment takes anywhere from 80 hours for a small organization to 768 hours for a large enterprise. 
⏰Testing also requires a sizable team for test planning, startup testing, ongoing testing, and setup and teardown of the environment. A test team for a small business includes about 13 engineers. A large enterprise can need as many as 103 engineers.

---

💥SUMMARY/CONCLUSION💥

Following the strategies outlined in this article will allow you to justify the investment in IT recovery to senior management. Checking into a cloud solution provider can make it easier for you to point management to a specific, proven, and comprehensive solution.

---

🙋‍♂️💻More about Autor 🖱️💻