A big part of recovery planning is identifying and mitigating single points of failure (SPOFs). SPOFs are the bane of disaster recovery and high availability for IT and the business as a whole. And it’s no trivial matter to determine where SPOFs lurk, what risks they actually pose, and how best to mitigate them.
Consider utilities and services provisioning, which are key to IT and functional business continuity planning.
Understanding how power is provided to your facilities will help identify existing SPOFs. For example, is all your power coming from a single feed/single substation? If so, that power station is an SPOF. Do you have dual commercial power feeds from different substations coming onto your campus, but they meet at a single transformer? That’s an SPOF. What if you have multiple power feeds from multiple substations going into multiple transformers, but from there it all goes through one power conditioner on your site? SPOF. A true “dual feed” power system with no SPOFs is a hallmark of a Class 4 data center and is costly to create.
If you have a diesel backup generator to remediate vulnerabilities associated with power-related SPOFs, will it provide the backup you need? Do you rely on a single company to provide your diesel fuel? If so, how is your vendor risk management program addressing that potential SPOF?
How likely is a water outage and what affect would that have on your operations? Would it impact a mainframe cooling system, for example? These are just the surface-level questions to consider in the context of eliminating SPOFs.
By now you’re probably hoping that the job of disaster recovery coordinator doesn’t fall on your shoulders. This is a hands-on role and requires a true “people person” with a ready smile and a strong backbone—one who can build trust and support across all levels and departments throughout the organization, as well as with vendors.
People skills are essential because without them it’s difficult to earn trust. Without trust, chances are high that you won’t get the true picture of existing vulnerabilities and SPOFs. If a recovery coordinator isn’t able to connect the dots and get a clear, valid picture of how critical systems relate and where the risks and SPOFs are, the consequences for the organization in the event of a disaster could be, well, disastrous.
The other thing a DR coordinator needs besides a charismatic personality is deep expertise in disaster recovery planning and risk analysis. Many SMBs don’t have these skills in-house, and therefore should consider outsourcing DRBCP to a trusted partner.
To help you understand the gap between where you are today and where you want to be with business continuity management and disaster recovery, contact Pivot Point Security.