The Hot New Trend in

IT/DR for 2023—Not  

RICHARD LONG
POSTED ON:JANUARY 5, 2023
UPDATED ON:FEBRUARY 15, 2023

The hot new trend in IT disaster recovery for 2023 is . . . a completely invalid
concept. The fact is, there are no hot new trends in IT/DR. There is—or should be
—only one valid approach to this critical area: doing the fundamental things
correctly all year long. 
 Related on MHA Consulting: BCM Basics: Modern IT/DR Strategies

IT/DR Is About Needs, Not Trends 

This time of year is the silly season when it comes to experts making predictions
and identifying new trends. The same is true of people making resolutions to do
better in parts of their lives. 

Trends and resolutions are fine when the topic is fashion or fitness goals, but an
organization’s data security, IT operations, and resiliency are too important to let
any part of it be controlled by something as random as the turning of the
calendar. 

It’s true that the world at large is seeing many trends that have a potential to
impact organizations’ IT operations—trends such as the rise in cybercrime,
extreme weather, global conflict, and supply-chain problems.  

However, the correct response to these from the IT/DR perspective remains the
same as it has been for many years.  

DR is not about trends; it’s about needs. 

If there’s one good use to be made of the coming of a new year in terms IT/DR,
it’s that it can serve as a prompt for people to take stock of their positions. With
that in mind, we’ll make this first post of 2023 about encouraging you to assess
your IT/DR situation and reminding you of what to look for. 

How to Assess Your DR Position 

The starting point in conducting IT/DR and assessing an organization’s IT/DR
position is to look at risks, needs, and requirements. Once you have a clear view
of those, you can put together and adjust your DR strategy. In reviewing your
current position, you should look at business requirements and then identify any
gaps (consult your Business Impact Analysis and the IT security assessment of
your data security position). Our recommendation is that organizations look
hard at true recoverability, especially around any type of cyber event.  

Some good questions to ask are: Are your backups and data protection truly
secure? Are there any gaps relating to data synchronization? If you only need to
recover data for one or two apps, how are you going to get it in sync with all the
other apps still continuing to process new data? Are you prepared if you have to
recover a significant proportion of your environment due to a cyberattack?  

Many organizations haven’t considered these sorts of questions and aren’t

prepared. 

Modern IT/DR Is About Resiliency 

In the contemporary world, IT/DR isn’t just about recovering IT data and
operations. The IT department should also work with the business continuity
team to help boost the organization’s overall resiliency position. 

For this reason, an assessment of the organization’s IT/DR position should look
beyond pure IT/DR considerations. Some good questions to ask are: What would
the organization need to run manually for an extended period of time, and how
would IT support that? What are the absolute minimum technology needs for
which no level of manual efforts exists?

IT has a responsibility to make sure the necessary technology is in place to

enable the organization to get through an extended outage. Such technology
might include alternate wifi capability or communication methods or certain
types of monitoring that cannot go down. 

Our position is, DR is not about recovery, it’s about resiliency. DR is everything
that is necessary to keep the organization functioning from the perspective of
IT. 

Cyber preparedness is a major component of  the overall resiliency position.

That preparation needs to be in place ahead of time so it’s available when the
event occurs.  

The Need for Realistic Testing 

There’s one more thing worth considering in assessing your IT/DR position: your
testing program.  

One point that MHA will be emphasizing with our clients in 2023 is the need to
get away from over-planned DR tests and move toward a more realistic, chaos
type of test.  
If your organization is doing DR testing like it’s a project, then you’re not doing
DR testing. Many people plan for weeks or months before doing a DR exercise,
and they focus entirely on making it “successful.” An exercise like this shows
that you have technical capabilities. It shows little or nothing about your ability
to recover from an unexpected disruption. To truly demonstrate your capability,
your testing needs to be realistic. This is the only way to show that you could
recover during a real event.  

A Few Enduring Concepts  

Talking about trends is seductive; for some areas, it’s even valid. However, when
it comes to IT/DR, the essentials are well-established and haven’t changed
recently. Good IT/DR is about knowing and executing on a few enduring
concepts. 

The starting point in developing or assessing an IT/DR strategy is to look at the

organization’s needs, risks, and requirements. It’s important to identify and close
gaps, and the assessment should go beyond pure IT/DR to look at what IT needs
to do to support the organization’s resiliency overall. The organization that truly
wants to demonstrate the ability to recover should move beyond over-planned
exercises to more realistic, chaos types of tests. 

Further Reading 
For more information on IT/DR fundamentals and other hot topics in BC and
IT/disaster recovery, check out these recent posts from MHA Consulting and
BCMMETRICS: 

BCM Basics: Modern IT/DR Strategies 

The Science and Art of Writing an IT/DR Recovery Plan 

Case Study: Helping A Medical Device Company Upgrade Its IT/DR Testing
Program 

Tried and True: These Classic DR Concepts Are As Valid As Ever 

What Was New in ’22: The BCM Year in Review 

 Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and
Disaster Recovery related engagements. He has been responsible for the
successful execution of MHA business continuity and disaster recovery
engagements in industries such as Energy & Utilities, Government Services,
Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer
Products, and Education. Prior to joining MHA, Richard held Senior IT Director
positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has
been a senior leader across all disciplines of IT. He has successfully led
international and domestic disaster recovery, technology assessment, crisis
management and risk mitigation engagements.
PREVIOUS ARTICLE NEXT ARTICLE
What Was New in ’22: The BCM How to Create an Emergency
Year in Review Response Plan

You may also like

Tried and True: These Classic DR Concepts Are As Valid As Ever 

At this time of year, hot trends and shiny new toys tend to attract a lot of
attention. But when it comes to disaster recovery, the way to get the best results
[…]

BCM Basics: Modern IT/DR Strategies

This post is part of BCM Basics, a series of occasional, entry-level blogs on some
of the key concepts in business continuity management.  Organizations today
have more options than ever when crafting […]
As Easy as APIE: This Simple Disaster-Response Model Is Highly Effective

Everyone who works in business continuity should know about APIE. This simple
disaster-response model—the letters stand for Assess, Plan, Implement, and
Evaluate—offers serious benefits to any organization trying to gain control of […]
Business continuity consulting for today’s leading companies.

Company Services

Who We Are Business Continuity

Team Disaster Recovery

Clients Crisis Management

News BCaaS

Blog Training & Awareness

Contact Program Augmentation

Follow Us

Facebook

Twitter

LinkedIn

Search... 

© 2023 · MHA Consulting. All Rights Privacy

Reserved. Policy