Mike Fraser is the CEO of Cloud Consulting firm VDI Space and guest blogger for the Recovery Zone
With a lot of organizations taking advantage of an internal IT department, many have no idea if their data is really backed up or if they have any form of protection. They put their complete trust in their IT team, whose job is to ensure that all employees can use technology to access company information and applications to do their job with as little downtime as possible. The main function of the IT department after maintaining production systems is to ensure backups are working, up to date, and verified.
I have worked with various organizations and the first question I ask when reviewing their disaster recovery plans is, “are your backups current and are they verified?” I always get a reassuring, “yes, all of our backups are working and verified.” Then I dig deeper and ask if they have a business continuity or disaster recovery plan, to which I also get a “yes” or “I don’t know.” Now, the moment of truth is when I ask to see them both. Usually there’s some back pedaling, since their responses “yes” or “I don’t know” are often given as a sort of defense mechanism. When they can’t produce documentation, I go to the C-Level of the organization to explain that they are vulnerable to data loss and business downtime. I have yet to run into a C-Level executive that tells me that data loss or business downtime is acceptable to their organization.
My point is really simple: make sure you have additional checks and balances outside your IT team. Require them to send you backup reports weekly and monthly as part of the disaster recovery plan. Remember your data is your most important business asset besides your employees. A solid business continuity plan should have accountability requirements to ensure there are checks and balances for data protection. Every business should view business continuity as an investment in protecting their data and business up time, not just an insurance policy.