February 24, 2016
Pitching IT Business Continuity To Management
Many IT professionals struggle to “sell” the importance of disaster recovery and business continuity technology to C-level executives. The reasons why vary, but there are a few common themes.
BCDR technology isn’t free, and disasters don’t happen every day. So, many executives consider a disaster to be a low-level risk. However, most “disasters” aren’t far-reaching, catastrophic events. In other words, a leaking pipe can be a disaster if it’s dumping water into a server. Others may assume everything is “all set” since you are performing regular backups. What they fail to realise is that recovery from traditional backups can be time-consuming and the associated downtime can be substantial. If this sounds like your company, the following tips can help get management on board.
Speak their language
Disaster recovery has traditionally been an IT activity—protecting data so applications can be brought back online following an outage of any kind. While spinning up applications in the cloud for DR sounds slick to you, your CEO is focused on the bottom line. So, it’s essential to present the business value of DR in your pitch. One way to do this is to use a recovery time calculator to illustrate the cost of downtime. If users or customers do not have access to critical data and applications your business is losing money. Executives understand lost revenue, so this can be a particularly effective tool. In other words, put a dollar value on an outage and management will be more likely to listen.
Don’t ask, engage
If you are just getting started with BCDR, engaging management from the get-go is a good move. Business continuity isn’t just an IT task, it requires a look at the business as a whole. Business risks could be anything from a power surge to a supply chain disruption. So executives and department representatives should be involved in the planning process. If your IT department is already actively involved in BC/DR planning, it’s never too late to engage management in the process. Conducting a DR test or tabletop exercise might be a good opportunity to involve management and identify weaknesses in the current plan.
Find common ground
As noted above, business continuity and disaster recovery technologies do not exist in isolation—they are just one piece of the BCDR puzzle. Looking for areas where IT overlaps with additional parts of the business can help justify its cost. For example, businesses of all sizes are subject to a variety of laws and regulations. Ensuring that businesses remain in compliance with these rules is obviously a key responsibility of management. The Data Protection Act 1998 (DPA) requires data controllers to protect personal data against unauthorised or unlawful processing and accidental loss, destruction or damage, and applies to all businesses. Risk management is another area that ties in with business continuity and disaster recovery. Management may overlook or underestimate the risk of human error—accidental (or intentional) data deletion, damage to computer hardware, poor security habits etc. For example, a recent CompTIA study found that 94% of respondents routinely log into public wifi, in spite of security risks. And, 69% of this group accesses work-related data over public wifi.
Business continuity is a company-wide responsibility and failure to protect data can impact everyone. Getting management on board might be as simple as asking them what would happen if a database containing sales leads was deleted and it couldn’t be restored for 24 hours. What if it was 48 hours—how would that impact the business? Identify areas in which essential business and IT concerns overlap and present BCDR in context.
For even more great content, download our new eBook: CEO? Here’s Why You Care About BCDR.