When the lights return after seven seconds that feel like hours, you’ll forget about the few thousand dollars you invested in a generator. You’ll be grateful you avoided countless millions in malpractice claims. But most of all, you’ll have a chance to save the patient.
Determining the ROI of disaster recovery
Disaster recovery is about investing enough resources (and time and energy if you’re keeping it in-house) to keep your business running when trouble strikes. You calculate how many hours of IT downtime your business can withstand and how much data you can afford to lose.
Then you start running financial scenarios: If spending $1 million on disaster recovery protects $10 million in revenue, that’s a ten-fold return on your investment. Indeed, you could spend $1 million a year for 10 years and still break even.
Simply put, you need to base your DR investment on sound financial insight on your business, your customers, and the value of your data. You manage risk prudently and diversify your portfolio of DR capabilities. That starts with deciding what matters most and investing more in those areas.
Establishing DR investment priorities
You create DR priorities by determining recovery time objectives (RTOs) and recovery point objectives (RPOs) and tiering the importance of your applications.
Every company’s individual RTO differs. And divisions within each business have unique RTOs. A global B2B manufacturer that depends heavily on its supply chain has to figure out how long it can withstand an IT outage before problems cascade throughout its web of suppliers and vendors.
If the company calculates it can endure two hours of IT downtime before costs start becoming destructive, then two hours becomes the RTO for its supply chain operations. The human resources department, by contrast, might calculate that its systems can stay down for two days before workers start demanding to be paid, so HR has a two-day RTO.
Calculating RPO works similarly, except you’re dealing with how many minutes, hours, or days’ worth of data your IT operations can get by without. Also, you have to weigh the importance of data to your business. Some data must be protected no matter what and available all the time, while other data might not be needed for days or weeks.
As you’re establishing RPO priorities, you have to consider the possibility of data vanishing altogether. This might be an acceptable risk in one division but intolerable in another.
Investing in DR objectives might give you a competitive advantage: If you’re the only company operating in the aftermath of a hurricane, you can win customers away from your competitors.
DR is more than insurance
A lot of people talk about disaster recovery as if it’s an insurance policy: You pay your premiums and hope your policy covers your losses. But the analogy has its limits. Insurance is a fixed expense, which motivates you to compromise with a low-cost provider.
But if you look back on our operating-room scenario, you don’t want to find yourself losing the patient because you saved a couple hundred dollars on a second-hand backup generator.
Like any investment, DR requires buy-in from your organization’s financial professionals. They think in terms of managing risks and allocating resources.
Nevertheless, they see the same headlines about ransomware hitting hospitals and tornadoes taking out elementary schools. They understand disasters happen and precautions are appropriate.
Still, your financial team has a right to insist that your DR investment is based on sound fiscal judgment. That means outlining plausible scenarios for putting the most resources where they’re most needed and placing lower priorities on low-risk outcomes.
A sound disaster recovery plan depends on a careful examination of your IT resources, skill sets, experience and the expectations of your customers. You have to establish priorities for workloads and data availability that work holistically across all your technologies. And you have to design a DR program and test it thoroughly to make sure it works in a crisis.
All these considerations require expertise you might not have on your IT staff. And figuring it all out takes time away from other mission-critical IT duties. At OnX, a CBTS company, we can help you solve your DR riddles while making the case to stakeholders for investing in a comprehensive solution.
Give us a call and we’ll show you how it’s done.
Related articles
4 Questions to Ask Before Hiring a DRaaS Provider
3 Reasons to Document Your DR Testing
Ransomware Attacks: Protecting Your Business from Becoming a Statistic