BCDR stands for business continuity and disaster recovery. This term aggregates the strategy and the collection of approaches that business needs to implement in order to keep at least mission-critical functions up and running during and after any unplanned event or a disaster.
And the number of such unplanned events and disasters has only been growing during the past decade; human mistakes, natural disasters and fires, ransomware attacks, and the recent disease outbreak are all forcing business leaders to take business continuity planning seriously.
In this article, we will define the difference between business continuity and disaster recovery, talk about why BCDR is an excessive term, and define how business continuity and disaster recovery basics should be used in practice.
Table of Contents
What Is Business Continuity?
Prior to the year 2020, many IT professionals saw business continuity concept as an enterprise-only collection of policies, strategies, and other paperwork-and-meeting, C-level nonsense. These IT professionals were only focused on recovering the IT infrastructure or on data recovery. However, due to the pandemic, a lot of businesses were forced to move their workloads from offices fast, and continue to work from their homes. Few were ready for such a sudden change in the business landscape, and the corporate management with their IT departments, or the MSPs running their clients’ IT infrastructures suddenly found themselves solving a number of unexpected questions, such as:
- How do you provide stable remote access to the workforce?
- How do you provide teamwork and file-sharing?
- How do you ensure business security when dozens of employees are working from their homes?
- How do you maintain and support the on-premises infrastructure?
Business continuity concept is aimed at answering such questions. It comprises a strategy, a number of policies, and plans that should minimize the risk of disruptions in any event. More specifically, business continuity includes:
- Creating a strategy. Strategy means that the corporate C-level recognizes the dangers posed by business downtime. Hence, the business continuity team is assembled and their needs are budgeted.
- Risk evaluation. After the team is assembled, they will need to evaluate all possible risks that might affect business continuity.
- Creating a plan. Depending on the size of the business and the budget, a business continuity plan can be a highly detailed and structured set of documents that overview how exactly the mission-critical workloads can be recovered to a production state in different cases. Think of it this way – if the whole office building was destroyed, your business continuity plan should be able to answer the questions of where you will relocate people and workloads, and whom you should contact and in what order so as to get back to the working state as quickly as possible.
- Plan tests and enhancements. After the plan is created, it needs to be reviewed, tested and, if it does not meet your requirements, enhanced.
- Main components of business continuity,
- Difference between business continuity and related concepts,
- Measurable metrics, and much more.
What Is Disaster Recovery?
Disaster recovery is a set of actions that need to be undertaken in order to recover the IT infrastructure of the company to a working state. Typically, the concept of disaster recovery is included in business continuity. From the strategic and planning point of view, disaster recovery is quite similar to business continuity and includes a disaster recovery strategy and a plan.
To develop a disaster recovery plan, you should first develop the granular key recovery metrics for the IT infrastructure of the organization – recovery time and recovery point objectives. These metrics define acceptable downtime and acceptable data loss respectively. By granular, we mean that these metrics should be developed for different IT infrastructure subsets on an individual basis.
Business continuity and disaster recovery plans are similar in that both are important for protecting a business from unexpected events that could cause disruption of operations. But they are distinct concepts. Disaster recovery is a key element of business continuity, which explains key difference between business continuity and disaster recovery:
The scope. The business continuity plan refers to all possible business operations, including the movement of employees, the office locations, and the communications between the company and their clients. Disaster recovery, in turn, focuses only on IT infrastructure recovery – data backup and recovery, workload replication, remote access, network resilience, etc.
The point in time. With business continuity, the company typically focuses on the processes during and right after a disaster, while the disaster recovery is geared towards processes happening after an emergency.
Span difference. Business continuity concept includes a long-term strategy for the company to reduce downtime, while disaster recovery eliminates the exact risks during a set period of time (RTO and RPO).
BCDR: Matching Disaster Recovery to Business Continuity
As we have stated earlier, BCDR is an excessive term. You already know that business continuity includes disaster recovery; hence, there is no need to separate business continuity from disaster recovery and then group them into a single term. This will only create terminological chaos.
From a practical point of view, it is best to define business continuity as the package of strategies, policies, and practices to keep the business afloat including disaster recovery. And disaster recovery, as an integral part of business continuity, should address all IT-related questions.
How You Should Change Your Business Continuity and Disaster Recovery Plans in 2020
As we mentioned earlier, the year 2020 has changed the landscape and the understanding of the business continuity for the masses. Previously, business continuity concept was popular among enterprise-grade companies or those who worked in locations with a high chance of natural disaster. These companies developed resilience and disaster recovery plans.
The recent pandemic has shown that business continuity is not solely based on disaster recovery of the IT infrastructure. Questions like, “How do you move the entire company to the home-office mode?” were solved at a very fast pace. To avoid situations like this in the future, here's what you should keep in mind:
- Work-from-home policy. Now you know that disaster strikes unexpectedly, but business downtime should still be minimized. Develop a work-from-home policy on the basis of what you've learned during the pandemic. The policy should include remote access, bring-your-own-device, and remote workforce security considerations.
- The new layer of security. One office building with dozens of employees is a challenge for cybersecurity. But once employees are at home, you have dozens of possible points of intrusion, and you cannot always directly control security. You need to create a security education program for employees, perform penetration tests, and create a security policy appropriate to the bring-your-own-device approach.
- Focus on employee safety. Your first priority should be to maximize your employees’ safety.
- Cloud migration. During work-from-home, on-premises hardware becomes a nightmare to support on-site. Thus, it's a good time to think about migrating to cloud services.
Further reading Guide to Becoming a Cloud-First MSP
- Disaster response team. When the unexpected happens, someone should be responsible for what the company does. So, create a response team that knows the business continuity action plan.
- Force majeure clauses. If you are an MSP, review whether or not your master service agreement has force majeure clauses. If not – add them.
On paper, business continuity concept is a mess of half-technological and half-business-related terms, policies, strategies, and teams. However, once you get a clear picture of business continuity vs disaster recovery difference, and once you apply business continuity and disaster recovery basics to your unique case, you will be able to work out a continuous approach to safeguarding your or your clients’ businesses from downtime.