These are the most common reasons companies and individuals have for not creating a formal disaster recovery (DR) plan, testing it, refining it if necessary, and implementing it.
All three are valid (if not defensible: Just ask anyone who's had a disaster without effective recovery plans in place.) answers that each of us can understand.
Each holds the potential for making a disaster unrecoverable.
And each can be dealt with with a little application:
Time: It takes time to review your business practices (and the technology required for their operation) and then to translate your findings into an effective step-by-step plan that will bring at least your most critical systems and data back up quickly.
But not that much time. You can start with just a few minutes' imagination, considering how (and how quickly) you would be able to restore business functionality if your facilities were rendered unavailable.
From there, it's a matter of a fairly small amount of time to poll appropriate personnel about their DR needs and expectations, review existing backup strategies with an eye toward restoration of data (and related matters such as communications) if primary systems are inaccessible or worse.
That polling process is a perfect opportunity to create a formal DR team which will put together, in writing, the formal plan that can save your company from business catastrophe when physical or digital disaster strikes.
Money: Times are tight, budgets are tighter. And that becomes an integral part of your DR team's challenge: finding ways to incorporate DR needs into existing IT (or IT security budgets..
Perhaps you turn to Software as a Service for your DR needs and free up staff for other pursuits.
Conversely, as your business grows, it may be more cost-effective to bring backup-and-restore in-house, or to split the difference and achieve savings by employing outside services to manage the backup/restore process while you maintain the hardware/software in-house.
The point is that there are any number of ways to approach the budget challenge; look hard enough and you'll find the one that suits you -- and your budget.
Unlikeliness: Nobody, as Monty Python said, expects the Spanish Inquisition, either.
But the "It won't happen to my business" mentality only works if it never happens to you.
In other words, you're making a bet -- a large one -- that your business will forever be somehow immune to the disaster (whatever form it may take) that you've avoided so far.
Just bear in mind that the wager you're making puts your business on the line.
During next week's bMighty bSecure SMB On A Budget event we'll be looking more closely at these and related issues, and before that I'd love to hear from you about how you implemented your company's formal DR plan -- or why you haven't got one.
Got any questions about DR? How to budget for it? What goes into an effective plan? Share them, along your stories and insights with us.
And don't forget to register:
bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.
I look forward to hearing from you.