Greek philosopher Heraclitus said “the only thing that is constant is change.” Those of us who manage IT resources know this has always been a truth. In the past, we could lock down environments and enforce our standards on our end users, and the only changes we really needed to deal with were vendor upgrades and patches. Who would have imagined that our end users and customers would revolt, and demand to be connected twenty-four hours a day, seven days a week, from anywhere, with the device of their choice?
That is the exact environment that we find ourselves in now. In fact, a survey by Ernst & Young found that instead of IT driving the roadmap, “employees’ priorities and preferences will dictate what the future workplace will look like.” Workers joining the workforce increasingly are more skilled, in fact a McKinsey and Company report expects highly skilled workers to become 75% of the workplace by 2025. The same report found that our current workforce is hyper-connected; they spend 61% of each week engaged in digital communication. These workers (the end-users we support) see IT as a utility. They don’t care what it takes, they expect to be always online, connecting and collaborating in a secure, fast environment.
With this massive amount of change in expectations, the question becomes: are we ready to provide the services our end users are demanding? According to a new Forester report (Many Firms Are Overconfident in their Disaster Recovery Ability), we probably aren’t. The report asked folks who had had experienced a disaster or major business disruption to name the reason for that disruption, and the number one answer was mismatched business expectations with IT capabilities.
As we’ve discussed in the last two semesters of Backup.U, we need to be sure that we understand what our stakeholders expect to happen if our IT environment encounters a disaster scenario. This is the secret to obtaining true business continuity and resiliency. You simply must be align with your business to have any chance of allocating your scarce IT resources to meet the expectations of your business. Here are some basic steps to get you started:
- Put your applications and data into tiers:
Pro tip: you need to have the buy-in for your business on how you categorize your applications and data, otherwise you’ll end up with mismatched business expectations.
- Within each tier, establish RPOs (recovery point objectives) and RTOs (recovery time objectives).
Again, these points should be negotiated with your business stakeholders. You must negotiate with them at this stage in your business resiliency planning. The stakeholders may want an RPO of zero and RTO of 60 seconds for every application and all data, until you advise them of the costs. Your job as an IT department is to provide IT services to your users while making the best use of your resources. This means negotiating with your business stakeholders to get the protection required at a price the business can absorb.
- Once the tiers have been agreed upon, formalize the agreements with SLAs (service level agreements).
Once you have done this work, you know how exactly to spend your scarce IT resources to ensure the data and applications are available when the business expects. This information at hand, now you are ready to look at the different types of data protection software that will help you meet your SLAs.
Let’s face it, we are going to be dealing with constant change in IT environments for the foreseeable future. But we’re at a unique time in our history. IT doesn’t have to be seen as a roadblock to getting business done because business expectations are mismatched with IT capabilities. It’s time to collaborate with the business so that we can give them the always connected, collaborative, secure IT service the business wants with the resources we have right now.
To read more about disaster recovery planning research done in a recent Forrester report, click the link below.