As a whole, small businesses are tremendous economic engines--creating jobs, stimulating growth and fostering innovation. Unfortunately, their size makes them especially vulnerable to catastrophic incidents such as fire, flood and extreme weather events, as well as to more localized problems including equipment failures, theft, and cybercrime.
Anxiety about the impact of these risks on SMB clients can keep MSPs and IT solution providers awake at night, and rightly so. The cards aren’t stacked in the SMBs’ favor. For example, according to the Federal Emergency Management Agency (FEMA), 40 percent of businesses don’t reopen after a disaster, and another 25 percent fail within one year following the catastrophe. Fortunately, MSPs and IT solution providers are uniquely qualified to help their SMB clients prepare for any impending disaster, whether natural or man-made, and have the tools and processes in place to ensure that catastrophes--should they strike--don’t spell the end to the business.
A strategic service that MSPs and solution providers can offer their SMB customers is Business Continuity and Disaster Recovery (BCDR) planning. This is a service that is extremely valuable for their SMB clients, and one that offers a recurring stream of revenue that drives profitability for the MSP.
Fact is, while most SMBs understand the value of BCDR planning, many simply don’t know where to start. Deploying automated backups of the client’s data is a great place to start, but protecting business operations--not just data--from unplanned outages and disasters requires a customized solution for each business client.
The good news: There is a systematic approach you can take to help your clients safeguard their business operations. Here are three steps that we encourage MSPs and solution providers to follow when setting up a BCDR plan for their clients:
1. Identify and Evaluate
Work with your business clients to identify all business-critical applications, taking time to note the local infrastructure and cloud-based resources supporting them. Work with each client to rank these applications in order of criticality. It’s important to understand how each application contributes to business operations, as well as the competitive advantage each brings your client. Next, look into the volatility of the data associated with these applications. Those with the highest rate of churn (for example, OLTP databases, inventory data and financial transactions) will need more frequent backups, while those whose change is more gradual (such as file data) can typically get by with longer intervals between backups. As a final check, verify with your client which applications are interdependent. You may need to protect and recover linked operations (for example, purchases, inventory refreshes and customer databases) as a unified group in order to keep the business healthy after an event or outage.
2. Define RPO and RTO
For each application or application group, work with your client to set a Recovery Point Objective (RPO) and a Recovery Time Objective (RTO). An RPO is a measure of how much data (as measured in time--often hours or days) a company can afford to lose in an outage scenario. Operationally, the RPO translates to how frequently application data must be backed up. An RTO is a measure of how long a company can go without an application before sustaining critical business loss. In other words, the RTO dictates how soon after a failure a business needs to recover an application in order to maintain healthy operations.
3. Document, Test and Review
As with any undertaking of this type, it’s imperative that you track your findings, decisions and plans at every junction along the way. As a best practice, I always recommend that our partners document these and deliver them at specific project milestones for client review. These interim reports mark progress, and offer a vital sanity check for sound protection of applications and their environments. The reports also inform the business continuity plan you draft up and share with your clients’ key employees and stakeholders. With the business continuity plan in near-final state, it’s absolutely essential to test, rigorously following each instruction to the letter. Testing both backups and recoveries provides the ultimate assurance that the plan will meet your client’s required RPO and RTO targets. Finally, bear in mind that business strategies, workflows and business processes evolve constantly over time. For this reason, you need to schedule audits of the business continuity plan at least annually, to make any revisions necessary to keep these operations up and running.
The bottom line is that no company should go out of business due to the loss of critical data and infrastructure. With the right planning and preparation, you can help prevent the unthinkable from happening. Plus you’ll be able to leverage the knowledge you’ve gained to help other clients protect their business processes and livelihoods.
Neal Bradbury is VP of Channel Development and a co-founder at cloud-based backup and disaster recovery provider Intronis. Working closely with the company’s MSP partner community and alliance partners, he is responsible for generating greater business value for the company’s MSP partner community and alliance partners. Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.