We help IT Professionals succeed at work.

Back Up and Recovery Resource Help

klsphotos asked
Hi Experts,

I am hoping you can help me and I hope this makes sense.

I work for a small business and have for several years.  Prior to my arrival there were no back ups.  We now currently have almost everything backed up, almost.

In researching and preparing our next Phase of the disaster recovery plan that I wrote up, it's time to purchase.
I laid out 4 different options and what we could need, all the options and comparisons and cost.

Now my superiors want to see how my plan compares to other big companies plans and standards.

How do I even do this or explain it?  It's different for everyone and no company is the same including ours?

Thank you,

Watch Question

The vendors you are planning to purchase from will definitely have "white papers"-slash-"case studies"  that will help your cause.  (Both software and hardware vendors)  Reach out to them, explain you need something to take to management - they will have tons of stuff for you to use.  They pay salespeople for a reason - give those folks an opportunity to earn their pay - they will be happy to provide you with this stuff.

Even looking at a vendor's website will yield lots of stuff like this - you can do this for vendors you are not considering purchasing from.

Then, it's up to you to find amongst this pile some that may be applicable to your situation and present this.
IT Manager
A direct comparison with other companies will probably not be too helpful, as everyone is unique.  Also, a lot of plans contain confidential information which would be useful to a potential attacker, and so won't be shared.

We have offices around the world, and some are in areas that are subject to powercuts and hurricanes, and others are in high-risk areas for civil unrest, etc - eg Middle East.  You may work in manufacturing, and so have strong dependencies on supply chains, or be in media - where reputational risk is critical.  They need very different plans.

It sounds like your management want some justification on the spend you're planning.  Can you produce some cost figures for what a day/week/month of downtime would come to?  A major fire is probably the most common long-term incident.

How would your different plans cope with some of the common risks from here:

Ransomware is a common threat these days - could you tolerate *all* your network files being encrypted, and you going off-line till you've tracked the source of the infection, removed it, and reloaded everything from backups.  This would probably include reloading all PCs and Servers from bare metal.  

When your management make their choice, ensure they SIGN it, preferably physically, to show that they're the ones accepting the risk level.  That may focus their attention...