Running Head: Business Continuity and Disaster Recovery

Business Continuity and

Disaster Recovery
JUNE 1, 2018

Prepared for: Professor Terence Linkletter

Prepared By: Eric Strasik and Alexander Torson
 1
Business Continuity and Disaster Recovery

Table of Contents
Executive Summary....................................................................................................................................... 2
Introduction to Business Continuity and Disaster Recovery ........................................................................ 3
What Risks Require a Business Continuity and Disaster Recovery Plan ....................................................... 5
Notable Instances of Failed Business Continuity and Disaster Recovery ..................................................... 5
Mitigation and Uptime Strategies in Organizations...................................................................................... 8
Conclusion ................................................................................................................................................... 11
Works Cited ................................................................................................................................................. 12
 2
Business Continuity and Disaster Recovery

Executive Summary
Business Continuity and Disaster Recovery are two of the most important concepts for

large corporations to ensure that their success is not hindered or damaged in the case of an

emergency. As cyberthreats increase and other risks continue to pose a threat, the tolerance

for downtime decreases. How do organizations both small and large ensure that their business

maintains uptime and production through any disaster. The purpose of this report is to make

recommendations and display the results of what successful and unsuccessful business

continuity and disaster recovery plans looks like. To best determine what this looks like, we

have developed the following research questions that will help answer this growing issue.

 What is a Business Continuity and Disaster Recovery Plan?

 What risks exist that require these plans?

 What are some notable instances where not having these plans resulted in disaster?

 What are the best ways to mitigate these and upkeep business?

There are many ways in which a business continuity or disaster recovery plan can be

implemented and funded. Each plan is unique as well depending on the risks it is trying to

protect against. There are also laws in place that require certain aspects of these plans to

maintain certain information confidentiality. At the end of this report will be a detailed

conclusion that outlines the best reasons and methods to maintain a business continuity and

disaster recovery plan.

 3
Business Continuity and Disaster Recovery

Introduction to Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery are closely related principles that are used to

describe an organization’s readiness for unforeseen issues that would hinder the ability to

continue normal operations. More recently, there has been trend of combining the two terms

into a singular idea that helps others recognize both the importance and efforts that need to be

put forth by organizations to have fully functioning plans.

Business Continuity is the more proactive approach and refers to the process and

procedures the organization will implement to ensure that critical functions will continue

during and after a disaster. This means that business continuity is more comprehensive and is

generally long-term based for the challenges an organization might face to be successful

(Rouse).

Disaster recovery is a more reactive approach and comprises of steps that an

organization can take to resume operations following an incident. This response time can

generally take anywhere from a few seconds to a few weeks. Studies have shown that many

organizations fail after a significant data loss without proper disaster recovery in place (Rouse).

The specifics for what is needed in a business continuity and disaster recovery plan are equally

as important as understanding the two. A business continuity plan must include contact

information, management change procedures, guidelines on how and when to use the plan,

step by step procedures, schedule reviews, testing, and updating (Rouse). A disaster recovery

plan will be featuring a summary of key actions and steps to take after the incident has

occurred. These include defined responsibilities of all employees, guidelines for when to use

the plan, the disaster recovery policy statement, goals, incident response and recovery steps,
 4
Business Continuity and Disaster Recovery

authentication tools, and geographical risks. The best business continuity plans and disaster

recovery plans are clear and concise about the varying levels of risks to the organization as well

as provide well defined steps for recovery. The most important assets to protect for any

organization are the employees, facilities and brand, communications, and important data. A

good business continuity and disaster recovery plan will include those assets as a top priority

(Rouse). Below is a picture of BCDP planning priorities (Rouse).

 5
Business Continuity and Disaster Recovery

Risks That Require a Business Continuity and Disaster Recovery Plan

There are many different types of disasters that can cause an organization to need to

deploy the business continuity. Some of the most common disasters that could result in the

business continuity plan include geologic hazards, meteorological hazards, biological hazards,

human- caused events, and intentional disasters. These are the categories that can result in

business continuity reforms. The most common of the disasters listed above are the geological

hazards, meteorological hazards, and intentional disasters. Geological hazards involve

earthquakes, tsunamis, and other natural disasters. Meteorological disasters are also mainly

nature disasters. Intentional disasters are another one of the more common disasters and this

can include cyber terrorism or cyber-attacks (Elliot). Often cyber-attacks are some of the most

devastating disasters that can target a company. That’s one of the reasons it is so important to

have a good and stable business continuity plan (Rossi).

Notable Instances of Failed Business Continuity and Disaster Recovery

Having an effective disaster recovery and business continuity is very important and is

crucial for large organizations. There have been many companies and organizations that did not

have proper disaster recovery and business continuity protocols which could lead to

devastation. Some companies never fully recover, and others take a major financial hit because

the effects can be severe. One example of an organization with poor disaster recovery and

business continuity efforts is Target corporation. Target fell victim to a large data breach back in

December of 2013. This was one of the largest breaches to date and occurred from a cyber-

attack. According to the article “A Look Back at the Target Breach’, by author Eric Dezenhall, he

explains that this breach occurred as a result from criminal hackers who potentially gained
 6
Business Continuity and Disaster Recovery

access to 40 million target customer credit card information This was a huge breach and was

said that up to 100 million people could have been affected by the breach and as many as 60

million people could have had personal information stolen from them” (Dezenhall). This

created a huge disaster that would need a proper business continuity plan in order to keep the

company leveled. Target failed to properly develop an effective disaster recovery and business

continuity plan which led to a handful of issues. Target failed to recognize the threat of

malware and they failed to give their systems the security blankets that they needed and

deserved. Target had many of opportunity to prevent this from happening, but they did not

take the prior steps necessary which led to this disaster. It resulted in the CEO of target

stepping down, millions of peoples personal and financial information, and loss of customers

which all could have been avoided if the proper steps were taken.

Target was one of the biggest and most talked about business disasters that has

occurred but there have been many other companies who also failed to effectively put into play

a disaster recovery or business continuity plan. Another company that failed to properly input

these business systems is Metro Bank. A disaster occurred when MY Metro Bank lost all their

data on their preliminary web site. The bank had a disaster recovery protocol in place and this

included protecting mission critical applications with replication. According to the article ‘Tales

from a Disaster Recovery Graveyard’, the author Laurie Elliot states, “This disaster recovery

plan accounted for 20% of the company’s data and applications which means that up to 80%

was unprotected” (Elliot). This means that this disaster recovery and business continuity was

ineffective because it halted operations and caused other businesses to be affected by this

disaster. This resulted in many other businesses were affected by this event and it took the
 7
Business Continuity and Disaster Recovery

Metro Bank weeks to recover their tapes from the archive set. This was just one of the aspects

that occurred from this event. Moreover, Metro bank had to wait weeks to recover the lost

information and reboot the lost applications. This was devastating to the bank because they

lost out on a lot of potential money and it halted operations which caused a series of negative

implications. If Metro Bank had a better, more detailed disaster recovery and business

continuity plan, than this event could have been much smaller and not as big as a deal. One of

the reasons that this disaster was so brutal was because the company never actually tested the

disaster recovery protocol which basically set the organization up for failure. Disaster recovery

plans need to be implemented and tested before a disaster occurs. For this certain scenario, a

business continuity plan is essential because an event such as the one that occurred at metro

bank could have the potential to completely Derail an organization if the damages are severe

enough.

Another organization that was struck with poor disaster recovery and business

continuity efforts is the company Blackberry RIMs. In this situation, Blackberry RIM’s

experienced a network switch failure that caused an outage for three straight days. According

to the article “BlackBerry Outage for Three Days Caused by Faulty Router Says Former RIM

Staffer”, published by ‘The Guardian”, the author states “The outage still had the power to

impact 70 million users across Europe, Middle East, Africa, Canada, South America, India, the

United States and more” (Baxter- Renolds). This event occurred in October of 2013 and was one

of the most well-known outages over the past decade. When the company shifted the data as

part of a fail over transaction, the different databases experienced problems which then

negated their ability to do the fail over. Blackberry RIM’s had to then rely upon a system
 8
Business Continuity and Disaster Recovery

restoration process from a previous version. The huge backup of data is what caused it to take

three days to clear the backlog. If the disaster recovery and business continuity was better

prepped for, the outage could have been much shorter, and damages could have been minimal.

One of the biggest issues that went wrong in this situation was the organization did not

properly test and check this disaster recovery plan until the time came that they needed to

implement it. This was a huge issue, because when the disaster occurred, the organization was

not able to implement the disaster recovery and business continuity plan that they had

originally planned for. This created difficulties and made the process of recovering much more

complex. Disaster recovery and business continuity protocols are something that every business

should account for and is crucial when working with large organization.

Mitigation and Uptime Strategies in Organizations

There are a few things that can be done to increase uptime of businesses. New

technologies and operational changes can be made to increase productivity and increase

uptime of businesses. Every business needs to evolve over time, so it is essential than

organizations and companies continue to advance in technologies and operational changes to

evolve and advance. one technology that can help with this and increase uptime in businesses

is an enterprise asset management system.

In the article titled ‘Enterprise Asset Management (AEM)’, written by Margaret Rouse,

she explains this technology as: "A software used to plan, optimize, execute and to track the

needed maintenance activities with the associated, priorities, skills, tools and information”

(Rouse) This system can be used to save a company so much in both time and revenue, which is

a reason why many companies are converting to a system that is similar. This is because the
 9
Business Continuity and Disaster Recovery

program can be used to monitor so much, leaving the organization without the worry that

might come along with stressful operation. This software can improve an organization is almost

every aspect and would change everyday operations for an organization that might not quite

have a similar system in play. Without the use of this type of system, it creates much extra work

and can cause an organization to waist money on work or upkeep that they wouldn't otherwise

need. Below is a picture of a process for determining proper disaster recovery sites (Rouse).
 10
Business Continuity and Disaster Recovery

Another thing that can be done to increase the uptime of businesses through

operational changes is to transition to cloud computing. Cloud computing is currently the best

way to store information and is managing to save companies tons of money and time. This is

one of the newest and most innovative technologies that has completely changed the way

businesses operate. Not only does cloud computing require less attention and supervision but it

also is cheaper and more secure than other forms of storage. Converting to the cloud can save

businesses much time and revenue, as well as increasing uptime in businesses (Rouse).
 11
Business Continuity and Disaster Recovery

Conclusion and Recommendations

Overall, business continuity and disaster recovery plans are vital to the success of any

organization and will continue to play a part in maintaining uptime for all organizations. The

purpose of this report was to analyze the specifics of the plans and outline the reasons for

maintaining functioning plans in the case of a disaster. From all the failed disasters, it is clear

that business continuity and disaster recovery will always play a vital role in maintaining

productivity and the ability to maintain a mission statement in this age of technology.

Our recommendations to all organizations that hold valuable assets of any kind is to

make sure that the organization and its employees understand the business continuity and

disaster recovery plans in order to be prepared for when an incidence strike. Statistics show

that many organizations fail after a major disaster, however these plans are designed to be

utilized and save those organizations. As long as these organizations have proper management

and funding, they will continue on the path to success being protected by their business

continuity and disaster recovery plans.

 12
Business Continuity and Disaster Recovery

Works Cited
Baxter-Reynolds, M. (2017, December 1). BlackBerry outage for three days caused by faulty
router says former RIM staffer. Retrieved from
https://www.theguardian.com/technology/2011/oct/14/blackberry-outage-faulty-
router-suspected (Links to an external site.)

Dezenhall, Eric. “A Look Back at the Target Breach.” The Huffington Post,
TheHuffingtonPost.com, 6 June 2015, www.huffingtonpost.com/eric-dezenhall/a-look-
back-at-the-target_b_7000816.html.

Elliott, L. (2014, February 27). Tales from the Disaster Recovery (DR) Graveyard. Retrieved from
Forbes: https://www.forbes.com/sites/sungardas/2014/02/27/tales-from-the-disaster-
recovery-dr-graveyard/#62a775131276

Leatherby, D. (2007). IT Disaster Recovery and Business Continuity Tool-kit: Planning for the
Next Disaster. NASCIO: Representing Chief Information Officers of the States.

Rossi, B. (2018, March 14). BCI reveals top 10 threats to business continuity. Retrieved from
http://www.information-age.com/bci-reveals-top-10-threats-business-continuity-
123457778/

Rouse, M. (2017, July). What is business continuity and disaster recovery (BCDR)? - Definition
from WhatIs.com. Retrieved from
https://searchdisasterrecovery.techtarget.com/definition/Business-Continuity-and-
Disaster-Recovery-BCDR