How to Sell “Disaster Recovery” to Senior Management.

Contents

Executive Summary 01

Are You Having Trouble Selling DR to Senior Management? 02

Strategies for Lighting a Fire under Executives with Regards to DR 04

Should You Perform IT Recovery In-House or Outsource? 06

How iland Can Help 09

Summary/Conclusion 09

Discover the iland Difference 10

01

If you’re like many organizations, you have an inadequate disaster recovery (DR) program that leaves you vulnerable to risks such as loss of revenue, penalties and fines, not to mention the potential for negative impact to your business reputation due to downtime or data loss. Despite these risks, you’re likely having a difficult time justifying an adequate investment in DR to your senior management. You may feel like the only way you can attract management’s attention to this issue is to manually pull the plug on your data center on a regular basis.

This white paper gives you strategies for getting on the same page as senior management regarding DR. These strategies include:

• Striking the use of the term “disaster” from your vocabulary making sure management understands the ROI of IT Recovery

• Speaking about DR the right way—in terms of risk mitigation• Pointing management towards a specific solution

We will then offer guidance to you on the best way to implement DR by migrating to the cloud. You will then learn more about iland’s market-leading Disaster as a Recovery Service (DRaaS).

02

One reason relates to common attitudes towards risk. While people are risk averse and willing to pay to mitigate risk, they do so only when their own money is at stake. When company money is on the line, they’re far more willing to take risks. As a Senior Analyst at Forrester Research has said, “Organizations are willing to accept far more risk than I would have ever thought possible.”

Another reason for this challenge is that organizations, like yours, believe that they have a comprehensive DR program, when, in fact, their program is incomplete. Organizations often implement backup/ recovery hardware and software, but fail to consider the processes necessary to implement a full solution. This includes:

Are You Having Trouble Selling DR to Senior Management?

• Mapping business processes to all the supporting applications and IT systems so the DR plan protects the entire business process, rather than isolated applications.

• Developing complete recovery processes to ensure that the data center is fully recoverable

• Fully testing DR plans with end user and application stakeholder involvement.

• Pre-configuring and validating end-user access.

• Using the results of testing to optimize recovery plans.

• Implementing comprehensive processes for change management to sync recovery processes to changes in IT systems.

• Categorizing business criticality with application tiering.

• Educating and collaborating with management on tiering structures for better RTO and RPO outcomes and the business impact.

03

Having an inadequate DR plan can negatively impact your organization leading to:

Despite these risks, many IT organizations continue to face significant challenges in persuading senior management to provide the budget necessary to implement comprehensive DR programs.

• Interrupted service During Hurricane Dorian in 2019, data centers throughout the Southeast U.S. and Canada experienced interruptions due to flooding.

• Lost sales and revenue In 2019, American Airlines confirmed there was an issue with the Sabre flight reservation and booking system, used by several major airlines—including WestJet, Alaska Airlines and JetBlue. Any type of downtime can cause millions of dollars in lost sales and revenue.

• High costs 93% of companies without Disaster Recovery who suffer a major data disaster are out of business within one year.

• Potential supply chain disruptions Disruptions to one partner can cause problems for partners up and down the supply chain, which means that a company may not be able to deliver product due to events that occur around the world

• Loss of reputation due to bad press about an outage For example, on February 7, 2019, Wells Fargo tweeted, “We’re experiencing a systems issue that is causing intermittent outages, and we’re working to restore services as soon as possible. We apologize for the inconvenience.” Many customers returned with tweets bashing the bank that affected Wells Fargo’s reputation and ultimately their business.

04

Strategies for Lighting a Fire under Executives with Regards to DR

So how can you get your executives to pay attention to DR so you can protect your organization from data center interruptions? The following strategies can help you achieve this goal:

Strike the term “disaster” from your vocabularyWhen people think about disasters, they imagine low probability events, such as widespread regional outages caused by floods, earthquakes and acts of terrorism. Yet most downtime is caused by mundane events, including hardware failure, severe weather, human error, or power outages. In addition, there has also been a rise of malicious employee-based incidents and external security events causing havoc on IT environments. Senior management is far more likely to pay attention to high-probability events. By excising the word “disaster” from your vocabulary—and referring to this challenge as IT Recovery—you can prevent senior management from seeing DR as something necessary only for unlikely events.

Refer to IT recovery in terms of risk mitigationC-level executives understand the concept of risk and are comfortable thinking in terms of risk mitigation. Talk about the risk of losing thousands to hundreds of thousands of dollars in revenue due to the interruption of a mission critical application. One way to approach this would be:

• Identify all the risks.

• Prioritize them by probability and business impact, which is defined as the hours of downtime multiplied by the cost per hour of downtime. Remember that costs can vary seasonally. The cost of downtime may be greater when the organization is working on end-of-year financials or during peak holiday seasons.

• Ask executives to identify the risks they’re willing to mitigate versus the risks they are willing to accept (leave unmitigated).

• Work with executives to develop a program that starts with mitigating the highest-probability- highest impact risks, but that then evolves over time to address lower-probability events.

05

Point management to a specific solutionIt may work best to not simply focus on the fact that management needs to spend more on IT Recovery, but rather to recommend which applications require an active recovery plan. To simplify the implementation process, think about selectively cloud IT Recovery just as you would any other business processes.

Explain the benefits of IT RecoveryMake sure management understands the benefits they can achieve from IT recovery, including:

• Gain competitive advantage: A customer experiencing one frustrating event can easily move their business elsewhere.

• Generate more revenues: At the most basic level, faster recovery means your mission-critical, revenue-supporting applications stay, well, up. But you can also turn IT recovery into a revenue-generating mechanism. For example, an outsourcing customer charged one price for hosting an application-as-a-service, and a higher price for “DR”-ing that application.

• Meet supply chain demands: When your organization is part of a supply chain, your customers may demand to know what will happen if you go down. By implementing an IT Recovery program, you can respond to these customer demands.

• Meet regulatory and compliance requirements: Many laws and regulations require organizations to implement risk mitigation policies, practices and procedures. An IT Recovery program enables you to meet these requirements.

• Meet SLAs: Many business agreements include SLAs that specify penalties for non- compliance or non-performance. An IT Recovery plan helps organizations avoid these penalties.

• Meet fiduciary duties: C-level executives have a fiduciary responsibility to implement practices and programs that protect their business. CFOs must be responsible stewards of their shareholder’s assets. C-level executives can go to jail or receive personal fines if they don’t comply with these requirements. Thus, C-level executives’ roles require them to think about IT recovery.

06

Outsourcing can play a key role in implementing your IT Recovery process and to help you determine whether this is the appropriate course for your organization, ask yourself the following questions:

Should You Perform IT Recovery In-House or Outsource? A Checklist:

Do you face any regulations that would prohibit outsourcing? Even if such regulations exist, you may be able to outsource strategically. Look at your organization and determine whether you have any tasks that you are permitted to outsource. By offloading these tasks, you can focus internal resources on areas that are highly regulated.

Do you fear loss of control? Some cloud service providers are viewed as taking control away from your organization’s IT department, which may cause concern about whether you are truly protected. If you are concerned with loss of control, select a cloud service provider that operates as an extension of your IT organization under your guidelines.

Are you concerned about increased risk? By employing an outside party to provide IT services, you may be concerned that you are letting another group of individuals access your data and systems. To mitigate this risk, make sure that the outsourced service provider has safeguards to protect information against unauthorized access or false manipulation during creation, transmission, storage and retrieval operations involving third parties. Also, be sure the outsourcer understands and addresses your compliance requirements.

07

Recovery TCO:

Do you want to lower TCO for your IT recovery program?With traditional DR solutions on premises, you will need to purchase hardware, software and other elements according to a 1 to 1 scale for your production datacenter as well as for when you need to purchase more as your data grows. The overall total cost of ownership for an outsourced DR solution—including the program, hardware, and recovery software—is significantly lower than for in-house solutions. Lower hardware and software costs result from the outsourced provider’s ability to achieve economies of scale when acquiring technology for use by a large number of customers as well as specialized expertise in implementing and maintaining these solutions. Outsourced service providers reduce program costs by investing in automation technologies, including libraries and templates of run books and procedures, that dramatically reduce the time it takes to develop procedures. At the same time, the expertise, pre-developed procedures, and automation outsourced service providers deliver improved IT Recovery program effectiveness.

Program Costs • Application Mapping • Procedure Development • Test Planning and Execution• Post Test Analysis• Recovery Lifecycle Management • MRP Costs

Annual Hardware Costs • Space• Power• Servers• Storage• Networking equipment• Hardware Maintenance Management

and Monitoring • MRP Costs

Dr Software Costs • Backup Software• Backup Software Maintenance • Backup Appliances • Disaster Recovery• Security• Management and Monitoring • Network• Backup Space and Power

08

With considerable expertise specifically devoted to IT recovery, cloud service providers can help you achieve the following:

• Speed: DRaaS provides much faster, automated and more reliable recovery options than traditional DR approaches with years of DR expertise.

• Lower Cost and enhanced reliability: Many IT services traditionally performed on-premises are now available as-a-service eliminating the additional costs to invest in infrastructure and capital expenses.

• Improved administration: Lowers the administrative burden placed on IT and frees up team members to handle tasks that provide greater business value.

• Seamless redundancy and scalability: Provide peace of mind with no loose ends to chase or worry about. Services provide cost-effective redundancy for all critical business information systems, but also enables routine validation testing.

• Global standardized solution with one provider, one technology, one solution with global accessibility from one interface.

Do you REALLY want to develop IT recovery as a core competency? Many organizations find that having in-house staff perform IT Recovery diverts valuable IT resources from supporting the organization’s core business activities. Faced with the high costs and substantial staff necessary to design and implement an IT Recovery plan, many organizations are turning to managed service providers to perform these tasks rather than do so in-house.

Are you confident that you are recoverable?Given the risks you have identified, can you prove to the Board that you are recoverable? Usually, the best way to provide this proof is through regular testing or third-party audits (for companies in highly regulated industries).

Testing, essential to ensure a DR plan works properly, can take days to manually adjust and retest, shutting down both production and recovery sites. According to research, on average, organizations of all sizes take about 50 hours for test planning while setting up and tearing down the test environment takes anywhere from 80 hours for a small organization to 768 hours for a large enterprise. Testing also requires a sizable team for test planning, startup testing, ongoing testing and setup and teardown of the environment. Other research has found that this team ranges from approximately up to 13 engineers to meet the needs of a small business to 103 engineers for a large enterprise.

09

Organizations must address IT Recovery by creating a comprehensive program that encompasses people, processes and technology. iland’s Disaster as a Recovery Service (DRaaS) delivers the complete set of essential services your organization needs to deliver effective testing and recovery. Based on more than 25 years of recovery expertise, iland DRaaS can mitigate the root causes of your recovery challenges by systematically helping you manage every stage of the process so your organization can be confident it hasn’t missed a critical step in recovery procedure development, implementation or operation.

• IT Recovery test planning and execution, so you can demonstrate recoverability, as well as any post-test analyses of gaps

• Actual execution of the recovery at time of test or actual disaster, which reduces the number of IT staff who will need to travel away from your primary site, where they are most needed

• The ongoing lifecycle management of your recovery program, including change management (ensuring that changes to your production environment are reflected in the recovery environment)

• A single point of contact or the ability to use our Secure cloud Console to have the ability to augment your technical staff and will work with you to handle your unique needs

How iland Can Help

Following the strategies outlined in this paper will enable you to justify the investment in IT recovery to senior management. Checking into a cloud solution provider can make it easier for you to point management to a specific, proven and comprehensive solution. By choosing iland’s DRaaS, you can allow your IT organization to control the provided services, dramatically reduce the TCO for your recovery needs, focus on your business’s core competency, all while having the confidence that your business processes and IT solutions are fully recoverable.

Summary/Conclusion

10

IaaSOrganizations running their workloads in the iland Secure Cloud have peace of mind that security and compliance are always our priority. We uphold a variety of global certifications and standards. So, no matter what industry and region you work in, we have ensured that the proper controls are in place. Coupled with built-in security reporting around vulnerability, network intrusion, malware and virus scanning, you can rest assured that the iland cloud environment is as robust as your own.

BaaSiland offers cloud-based backup to adhere to your goal of 3-2-1 resiliency. Leveraging encrypted communication and application trusted tunnels, this off-site, “air-gapped” version of your backup will be available to you if something were to happen to your local recovery. You can recover entire virtual machines, applications or files directly from the cloud.

DRaaSWith DRaaS, iland enables organizations to meet their disaster recovery needs without requiring a secondary data center, additional hardware or even additional staff. With industry leading disaster recovery software and very tight RTO and RPO available, you can be assured that in any disaster (ransomware included) you can bring your environment online quickly with virtually no disruption.

Discover the iland Difference

11

iland’s world-class support is there with you for every step of your journey. Our indepth, consultative sales and onboarding processes ensure that you are as comfortable with your new cloud environment as you are with your own data center. iland support is always included and available by phone or through the iland Secure Cloud Console. iland engineers can help you with everything from managing DNS to invoking backup recovery and DR.

Office 365Your Office 365 emails and documents are safe and protected with iland Secure Cloud Backup for Office 365. It directly integrates with Office 365 to provide flexibility in how you protect your Exchange Online, SharePoint Online, and OneDrive data. You can quickly restore your mailbox items directly to your Office 365 mailbox by exporting them to a PST file, emailing them as an attachment, or save them locally. This provides protection from deletion and data loss, gaps in retention policy parameters, Malicious insiders, and departing employees.

Object StorageSeamlessly extend your on-premises storage to the cloud and efficiently secure and manage your data for long-term retention of business and mission-critical data. Built for resilient digital businesses, iland Secure Cloud Object Storage offers industry-specific security and compliance, guaranteed availability and all-inclusive pricing. Managed through the iland Secure Cloud Platform, iland delivers an integrated experience with our other data protection services such as DRaaS and BaaS for a streamlined experience.

About iland

iland is a global cloud service provider of secure and compliant hosting for

infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

They are recognized by industry analysts as a leader in disaster recovery. The

award-winning iland Secure Cloud Console natively combines deep layered

security, predictive analytics, and compliance to deliver unmatched visibility and

ease of management for all of iland’s cloud services. Headquartered in Houston,

Texas, London, UK, and Sydney, Australia, iland delivers cloud services throughout

North America, Europe, Australia and Asia.

North America: +1.800.697.7088

UK: +44 20.7096.0149

Netherlands: +31 10.808.0440

Singapore: +65 3158.8438

Australia: +61 2.9056.7004

iland, the iland logo, and all other iland product or service names are registered trademarks or trademarks of iland Internet Solutions. All other registered trademarks or trademarks belong to their respective companies. ©2020 iland. All rights reserved.

Thank you.

Learn more at iland.com