Report identifies gap between IT and senior management expectations
Senior business managers in UK organisations have unrealistic views on how long their organisation could survive without their critical IT systems. This is according to over 400 IT decision makers as part of Databarracks’ annual Data Health Check report.
The report, released in September 2015, revealed that the majority of IT teams would estimate their organisation’s maximum tolerable outage as 48 hours. Despite this, the majority of IT professionals questioned also predicted that their senior business managers would actually put this figure at a much lower four hours.
Oscar Arean, technical operations manager at Databarracks, says this gap can put unnecessary pressure on IT teams but is easily avoidable:
“Maximum tolerable outage is the maximum time your IT systems can be offline before the effect on the business is irreparable. It’s not all that surprising that IT leaders would predict a difference in opinion between themselves and their business managers. It’s understandable for the managing director of an organisation to have an emotional reaction to a disaster affecting their business. IT team tends to have a much more pragmatic approach to recovery, as they have the in-depth knowledge as to what is actually physically possible.
“This disconnect between IT and the rest of the business isn’t ideal as it can put unnecessary pressure on an already fraught disaster recovery situation. But there are some really simple steps organisations can take when conducting their disaster recovery (DR) planning to overcome these differences.
“It might sound like a cliché, but it all comes down to communication. If there is a disconnect in expectation, it is because the sides haven’t had the discussion and reached an agreement. No one in the business understands technology like the IT department does. Every department head will have different priorities in terms of recovery of systems, but only the IT department has an overview of how each system affects the overall running of the organisation. As a result, it’s extremely difficult to get everyone to agree on what they consider to be acceptable recovery times. Your IT manager might say he can only get you back online in a week, where as your MD wants to be operational within two hours – the key is bridging that gap and getting to a place where both sides are happy.
“Faster recovery inevitably costs more, but the answer isn’t always just to throw money at the problem, the budget needs to be spent correctly. When writing your disaster recovery plan, find out what the organisation’s ideal Recovery Time Objective (RTO) is, and then ask the IT team what the actual RTO would be within their given budget. Then, ask them to put costs on the ideal RTOs as outlined by senior management, and present these figures back. Usually there is a lot of room for manoeuvre between the ideal and the actual time, but a dialogue between IT and the senior business management is the only way to find what is both affordable and realistic.”[su_box title=”About Databarracks” style=”noise” box_color=”#336588″]Databarracks provides ultra-secure, award winning Disaster Recovery, Backup and Infrastructure services from UK-based, ex-military data centres.
Databarracks is certified by the Cloud Industry Forum, ISO 27001 certified for Information Security and has been named as a “Niche Player” in Gartner’s 2015 Magic Quadrant for DRaaS.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.