Business Continuity Planning — World Towel Day…

In recent years, the importance of a business continuity / disaster recovery plan for every size business has increased. Increased vendor management programs (due to regulatory pressures) and the attacks and tragedies around the world have made BC / DR planning and testing a critical component to all businesses, and a critical part to a company’s overall security architecture.

But first, a bit about towels (from Douglas Adams’ Hitchhiker’s Guide to the Galaxy):

The Hitchhiker’s Guide to the Galaxy has a few things to say on the subject of towels.

A towel, it says, is about the most massively useful thing an interstellar hitch hiker can have. Partly it has great practical value-you can wrap it around you for warmth as you bound across the cold moons of Jaglan Beta; you can lie on it on the brilliant marble-sanded beaches of Santraginus V, inhaling the heady sea vapours; you can sleep under it beneath the stars which shine so redly on the desert world of Kakrafoon; use it to sail a mini raft down the slow heavy river Moth; wet it for use in hand-to-hand-combat; wrap it round your head to ward off noxious fumes or to avoid the gaze of the Ravenous Bugblatter Beast of Traal (a mindboggingly stupid animal, it assumes that if you can’t see it, it can’t see you-daft as a bush, but very ravenous); you can wave your towel in emergencies as a distress signal, and of course dry yourself off with it if it still seems to be clean enough.

More importantly, a towel has immense psychological value. For some reason, if a strag (strag: non-hitch hiker) discovers that a hitch hiker has his towel with him, he will automatically assume that he is also in possession of a toothbrush, face flannel, soap, tin of biscuits, flask, compass, map, ball of string, gnat spray, wet weather gear, space suit etc., etc. Furthermore, the strag will then happily lend the hitch hiker any of these or a dozen other items that the hitch hiker might accidentally have “lost”. What the strag will think is that any man who can hitch the length and breadth of the galaxy, rough it, slum it, struggle against terrible odds, win through, and still knows where his towel is is clearly a man to be reckoned with.

Hence a phrase which has passed into hitch hiking slang, as in “Hey, you sass that hoopy Ford Prefect? There’s a frood who really knows where his towel is.” (Sass: know, be aware of, meet, have sex with; hoopy: really together guy; frood: really amazingly together guy.)

Today is World Towel Day — a celebration of the works of Douglas Adams (it also happens to be the REAL Star Wars Day, but I already wrote about that earlier in the month — on the fake Star Wars Day). The towel, as you can see above, is the ultimate tool in the disaster planning kit of the hitch hiker.

Just like Star Wars Day, a BCDR Administrator (or, more often than not, a Security Administrator) can use Adams and World Towel Day as a reminder of the importance of business continuity and disaster recovery planning to the employees of their company.

Here are some BCDR basics that all businesses / employees should know:

Understand Your Role. In an emergency, it is likely that an employee will have a part to play in the BCDR plan, depending on their position. Reading the BCDR plan is an important step for every employee, understanding what is expected of them based on their responsibilities is even more critical.

Communications. Communications is the easiest and seemingly most difficult part of any BCDR plan. It is also the most critical, and the most likely to be used. Update and test call trees and auto-call systems at least quarterly, as a company has likely changed employees in that time frame, and employee contact information may have also changed. Also, communications testing also involves how businesses, vendors, customers and the media may be notified when a company has an emergency. Contact information for those groups should be updated and checked quarterly as well.

Include Employees in the Testing. All BCDR plans should undergo regular testing, with recorded results and remediation plans for any failures. Often, the testing only includes a couple of BCDR administrators, who run some tests and generate a report. One of the best ways to test a BCDR plan is to include random employees to be part of the testing, and switch the participating employees from test to test. Not only does this increase awareness of BCDR processes, but also provides more realistic outcomes for the BCDR test.

Evaluate The Testing Results. Once you have tested your BCDR, it is important to understand what the results mean. Very likely, the test will not be perfect — you will miss an employee on a call tree, a DR system was not ready to accept a load, etc. The BCDR testing results should be evaluated, not only from an immediate tactical perspective, but also from a more long term strategic view. From a tactical view, maybe the contact list needs to be updated more regularly, or the procedure that was used to update the contact list needs to be re-evaluated. From a Strategic perspective — DR equipment and policies often fall behind from a technological perspective, and may not be able to adequately handle production workloads.

The great news is that BCDR planning is becoming easier in at least one aspect: many companies have migrated at least some of their workloads to a cloud environment. And by migrating to the cloud, most of the availability considerations that are associated with BCDR should have been eliminated (but this doesn’t excuse a company from testing how their cloud provider deals with a BCDR type situation — make certain this is understood when selecting a cloud hosting provider and agreeing to an SLA).

Take this made up holiday — albeit an extremely important one — to have a look at what your company does for business continuity and disaster recovery planning. It may not be quite as good as having a towel at your side, but it could help you and your company if there is an emergency.