One definition of a myth is something you know for sure that happens to be untrue. Today we’re going to look at five commonly held myths about IT/disaster recovery. These are things many people believe in their bones but which are contradicted by the facts.
Related on MHA Consulting: 5 Myths of Contemporary Crisis Management
I was recently asked what are some of the most common myths that people are hanging onto in IT/disaster recovery right now.
In thinking about it, I narrowed the criteria for selection down to three points:
After thinking about it for a day or two, I came up with five IT/DR myths that are commonly believed, incorrect, and potentially harmful.
Are the following widely accepted IT/DR beliefs “hits” or “myths”? They’re all myths.
Here’s the list:
Sometimes IT/DR exercises give a false sense of security. The conclusions that can be drawn from even a successful exercise can be limited. This is true, for example, if the exercise is narrow in scope, the organization performs the same exercise all the time, or extensive modifications are imposed on the environment to protect production (this is a necessity) or make sure the exercise succeeds. Exercises are like standardized tests for which you can study in advance. Real-life events are like pop quizzes. Just because you do well on a standardized test, it doesn’t mean you will excel at every pop quiz.
There are many other pieces to the puzzle than recovering the DC: laptops, phones, other equipment used at various locations. All of these devices can have issues. As an example, cyberattacks can strike any type of device, not just servers at the DC. IT/DR should protect and be capable of restoring the whole environment.
This myth is based on a false assumption. The assumption is that day-to-day troubleshooting is essentially the same as—and provides adequate preparation for—dealing with a large-scale disaster. It isn’t, and it doesn’t. In day-to-day troubleshooting, it’s usually one component that goes down and needs restoring. In a disaster, multiple applications might need to be recovered. The degree of difficulty is many times greater.
People often underestimate how long it will take to recover. They frequently make this mistake based on extrapolating how long it took them to recover a limited number of applications in an exercise. They’ll say, “I got 10 apps done in two hours, so I can do all 100 in less than 24.” But the more apps one has to recover, the more chances there are for significant issues and delays. Estimates of recovery time based on extrapolation from exercises are almost always overly optimistic.
This myth is based on the false assumption that events and disasters will only last for a few hours or at most a couple of days. But disasters requiring major recovery can last weeks. It’s also erroneous to assume the organization can get by without the higher-tiered environments. Over time the lack of such apps can have a growing negative impact across the organization. For example, it might be easy to go without a data warehouse for a couple of days. Longer than that and the inability to access integrated data reports can begin having a significant impact on the ability to make operational and business decisions.
These are the five IT/disaster recovery myths I have been encountering most often in the field lately.
The ideas laid out above are common beliefs that in many cases seem to have common sense behind them. But they are false. And all of these false beliefs have the potential to cause substantial impacts to an organization.
If you want your organization to be better protected—and your IT/DR program to have more “hits” and fewer “myths”—study the ideas described above and conduct yourself as though the opposite were true.
For more information on business continuity myths, IT/disaster recovery and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: