No organization is ever completely safe from disruption, and a company’s data center strategy is paramount when it comes to keeping operations running and businesses open. The critical digital infrastructure supporting businesses all over the world is the difference between an organization surviving a crisis or going under.
That’s why data center providers and managers must be committed to continuously monitoring and evaluating risks around the world that may impact operations, employees, supply chains and customers.
So what risks do they currently face? And, how can organizations create data center business continuity strategies that are fit for the long term?
An evolving risk landscape
It is advisable for organizations to develop an emergency preparedness checklist that reflects crisis planning and data center services to help protect networks and ensure business continuity in the event of an emergency.
Today, more time is being spent on civil unrest than any other single threat. For example, the devastating war in Ukraine has severe implications across the globe. It is putting strain on supply chains, severely restricting commerce in Ukraine and Russia, and limiting communications with employees, suppliers, and customers in those countries. It has also exacerbated cyberattacks, as opportunists take advantage of the conflict to disrupt organizations.
COVID, however, still remains a significant factor in business continuity planning. Even though businesses are getting back to “normal,” the knock-on effects of the pandemic haven’t gone away totally, and the widespread shift away from fixed-location workplaces to remote or hybrid models continues to cause challenges, such as tracking and communicating with employees in an emergency.
What’s more, a distributed workforce means a significant increase in network endpoints, and each endpoint represents a cybersecurity risk. If your business is shifting to remote or hybrid work models, you must increase attention on network security and ramp up employee training on IT and operational security.
Creating a workable strategy
There is plenty to consider in the world of business continuity. Following is some guidance on the components to include in successful crisis preparation.
- Risk assessment and the business impact analysis (BIA) — These are the critical first steps for a comprehensive recovery strategy. Perform the BIA to determine critical business functions and a risk assessment to identify potential mitigations or controls that could be applied. If there is an inherent risk present — for example, no physical security controls or no lightning rod in place for sites in severe thunderstorm regions — organizations need to review the impact of the risk and put controls in place to mitigate or lessen the risk.
- Increase emergency training and update plans — With more employees working remotely, businesses should introduce personal training to help employees know how to react to a crisis independently. This could include guidance on shelter locations, Red Cross resources, and who to contact if the employee needs help at home. Take advantage of weather and emergency phone apps to keep employees aware of potential weather and civil unrest concerns so they can prepare.
- Weatherproof the data center — Create a severe weather checklist and train employees how to prepare for extreme weather conditions. Severe weather is increasing globally and will continue. Consult with a data center service provider that can help harden the data center and edge facilities against severe weather threats, as certain critical infrastructure may require UPS backup power or redundant internet service providers. On your checklist, add physical procedures to be verified, such as ensure all doors and windows are shut tight, clear downspouts and drains, and remove or secure any outdoor equipment or movable fixtures.
- Backup data — The process changes as employees shift off-site. Automatic backups on-site may need to be initiated manually, and the mechanics — including backing up data to the cloud — should be hardened against cyber threats.
- Preparation for communication breakdowns — A remote workforce introduces challenges related to emergency communications. Develop lists with all available means of communication for all employees and reach out early with instructions in the event of communication interruptions.
- Emergency staffing — The preference for many companies today is to shift work virtually, but on-site staff may still be required — sometimes needed immediately.
- Contact vendors — As supply chains continue to lag, businesses should consider adding vendors and suppliers to their mass notification systems to ensure critical communications are not interrupted.
- Move away from a single-vendor approach — Critical business functions should have more than one vendor in place in the event that vendor has a supply chain issue. Don’t single source vendors — instead, have two to three vendors in your recovery plan to provide products and services.
- Build redundancy across your team — Trusting your teams is important, but it’s also critical to build redundancies into those teams. If one person is working remotely and can’t contribute, make sure there is a backup. Along with team redundancy, train team members to be prepared for various types of crisis events at work, at home, or out in the field. Conduct training, so they can react to a crisis independently by including relevant resources in the community and information on who to contact.
- Inform first responders — Many insurance providers are asking for floorplans to be shared with first responders. It’s a good idea, and one any organization should insist upon, even if the insurance provider isn’t. Taking photographs of the data center prior to a disaster event is good practice because before and after pictures make it easier to work with insurance providers.
- Consider the opportunists — Chaos provides cover for cybercriminals. Training employees on cybersecurity best practices is more critical than ever with the shift to remote work.
- Test your plans — In view of ongoing challenges, increase testing of plans and expand the types of tests you perform. For example, add more shelter-in-place and speed drills to crisis response. Testing does not need to be complicated but is the best means to get recovery plans communicated.