If the Covid-19 pandemic has taught us anything these past 12 months, its that you must be prepared for unexpected.
And being prepared means having an updated risk register, a disaster recovery plan, and a robust process in place to regularly review and test both.
Let’s be honest, how many of us had a plan in place last March, that read: No Customers (tick) No Revenue (tick) Loss of stock (tick) Everyone work from home (tick) Sanitisation Stations (tick. Not many.
The pervasiveness of risk in the workings of everyday business means that the board of directors must factor risk as an integral part of organisational strategy. Whilst responsibility for risk ultimately falls to the board, it is the management team who are responsible for monitoring that risk on a day-to-day basis and formulating plans to deal with any problems that occur.
Every activity, and aspect, within a business from software development, accounting to employee safety carries risk. And for every risk a plan must be developed to prioritise and determine likely impact and probability.
By the end of the 20th Century, risk management was very much focused on the physical and tangible: banking of cash, security of premises, transport disruptions, adverse weather conditions and welfare of employees for example. But as technology has become central to the operation of every business, so the risks of the 21st Century have become ‘virtual’ and less easy to manage. A failure to properly manage IT risk can heighten the threat of regulatory failures, damaging reputational impact, financial losses, and critical service loss.
One of the biggest threats to any organisation is complacency and over confidence, a feeling that ‘we’ve got this covered’. And yet, multiple studies have shown that people overestimate their ability to influence events that are heavily determined by chance. How many of us sit back, satisfied that our latest software project is safe because it’s backed up to the cloud? But how many of us plan for the ‘cloud’ not being there?
A chilling example emerged last week, with a fire which, despite the brave efforts of over 100 firefighters, destroyed OVHcloud’s SBG2 data centre in Strasbourg and damaged another nearby facility.
OVHCloud is one of Europe’s largest hosting companies with over 300,000 servers in 14 data centres across Europe and 27 worldwide.
Fortunately no one was injured but the effects of the fire were devastating for thousands of organisations. Millions of websites, government agency portals, banks, shops, news websites and a large portion of the .FR top level domain, were taken offline. It is too early to determine the reputational damage to OVHCloud but the fire’s timing could not have come at a worse time, with the company readying itself for a potential IPO supported by French politicians championing it as an alternative to the US giants of Microsoft, AWS and Google.
For many organisations, the fire has destroyed valuable data and, in some cases, their business. Data that can never be recovered or replaced.
Why? Because many of OVHcloud’s customers operated and managed their own virtual and dedicated servers without backups. And many were equally impacted, by believing that using different server environments within the same facility provided them with a resilient recovery strategy. Persuaded by the convincing sales and marketing pitches about uptime, resilience and redundancy, the prospect of losing the entire data centre had never entered their minds.
As you would imagine OVHcloud was quick to respond to the emerging crisis, with the Company’s founder tweeting: “We recommend to activate your Disaster Recovery Plan.”
Sage and sound advice. Provided you had one.
If you are concerned about any aspect of your business continuity, please do not hesitate to get in touch. We’d be very happy to discuss and review your disaster recovery current plans.
Photo Credit: SDIS du Bas Rhin