Proactive planning and effective business continuity tools keep organizations safe in an unpredictable climate.
Calvin HennickCalvin Hennick is a freelance journalist who specializes in business and technology writing. He is a contributor to the CDW family of technology magazines.
Listen PauseThe bigger the company, the more it has to lose.
Infrastructure and Energy Alternatives, an Indianapolis-based construction company specializing in energy and heavy civil infrastructure, has grown by more than 500 percent over the past five years. This sort of growth is, of course, a dream scenario for most business leaders. But Brian Newgent, IEA’s senior vice president of IT, realized that one side effect of a bigger business is an increased risk profile.
To mitigate this risk, IEA engaged with CDW to analyze the company’s systems and operations, create a comprehensive business continuity plan, and implement tools and practices that will help the company navigate the unforeseen.
“It was admittedly a game of catch-up,” Newgent says. “But we didn’t just want to catch up, we wanted to be cutting-edge. We were already very good at being reactive, but we switched gears to a much more preventive posture than we had in the past.”
From the increasing frequency of natural disasters to ever more determined hackers, organizations need to be prepared to handle an array of potential disruptions.
Most IT and business leaders realize that it’s vital to have a carefully crafted disaster recovery strategy in place, powered by the right technologies.
But too often, those efforts get pushed off, says Naveen Chhabra, a senior analyst at Forrester.
“The pandemic did open many IT and business leaders’ eyes to what-if scenarios,” says Chhabra. “However, they also tended to choose the easy path; for example, public cloud options where resilience is not baked into the platform. Disaster recovery needs to be engineered. It needs to be architected.”
Newgent says it was important for several reasons to get an outside set of eyes on IEA’s environment.
“You get a much more neutral look at your systems and your blind spots,” he notes. “Also, we just don’t have the staffing necessary for someone to dedicate the months that it takes to put together a good business continuity plan.”
The engagement with CDW helped IEA officials to reprioritize which of their systems they would need to get back up and running immediately in the event of a disaster.
For instance, Newgent previously assumed that the company would need to get both its accounts receivable and accounts payable systems back up immediately. However, conversations with line-of-business stakeholders revealed that it was much more important in the short term for the company to be able to meet its payroll and pay its bills, and that collecting on money owed to the company could wait a few days.
“As a technology team, we see the business through a different lens,” Newgent adds. “We see it as providing the technology that people need to do their jobs, but then we really don’t know what people’s day-to-day processes are. CDW dug into that, and we were really surprised in some areas.”
Back to the article Autoplay Full Screen Grid View Exit Full Screen Back to the article Autoplay Full Screen Grid View Exit Full ScreenRevelations like these helped to inform the 90-page business continuity plan that CDW spent several months creating for IEA.
That plan outlines who is responsible for which emergency-related tasks, where employees will work if an office becomes unusable, and even granular details such as contact information for local emergency services in each of the areas where the company operates.
Along with drafting the plan, Newgent says, CDW helped IEA make better use of its existing Microsoft Azure tools, such as the Sentinel security information and event management feature. With better application of solutions like this, Newgent notes, IEA can avert disasters resulting from cyberattacks.
Travis Otting, the CDW business consulting analyst who led the business continuity planning for IEA, notes that the company had already moved most of its infrastructure to the cloud before the planning process started.
However, he says, many organizations stop there and fail to create a robust plan that can help them navigate disaster.
“Moving to the cloud doesn’t take into account what might happen to a location, and it doesn’t take into account employee safety,” Otting says. “It only covers the technology, not the business.”
Pentagon Federal Credit Union, one of the nation’s largest, categorizes its IT infrastructure and applications into five disaster recovery service levels, says Ken Brock, director of enterprise business resiliency.
“As an industry best practice, the higher the service tier, the higher the availability and the resiliency requirements and the stronger the testing,” says Brock. “The higher the service level, the less downtime we’ll tolerate. This is necessary to best serve our members.”
This delicate balance illustrates how disaster recovery and business continuity are just as much business challenges as they are technology challenges. PenFed uses a range of tools to help ensure business continuity in the wake of a disaster.
PenFed has private data centers in different regions, following industry best practices, and has developed a mix of private data centers, colocation centers and private cloud solutions. The current strategy relies on an array of solutions and partners.
“There are many applications or platforms with high availability, and most of them are focused on improving the resiliency capability,” Brock says.
Ken Brock, Director of Enterprise Business Resiliency, Pentagon Federal Credit Union
Ultimately, though, much of PenFed’s disaster recovery planning is focused on the people and processes required to get back to business.
Brock recalls when Hurricane Maria hit Puerto Rico in 2017 and the organization raced to support its 49 employees on the island. The credit union’s operations there are housed in a building with a backup generator.
“We were able to get back online and get our capabilities up and running within 24 hours,” Brock says. “At the time, we were one of the only financial institutions up and working on the island.”
Brock says that “truly understanding your business” — including specific service requirements for different services or applications — is a major component of disaster recovery.
“It is a journey, and it typically doesn’t get built in a day,” he says. “It’s something that you evolve and build out as an organization.”