Helping clients manage their technology for over 30 years.

Security that works starts with the right business decisions

Effective information security is gravity-fed: It starts at the top and works its way down, always beginning with a strategy explicitly designed to protect business value. That strategy then gets implemented via an over-arching security policy or plan.

Developing information security strategy and policy centers on making the right business decisions. Once you do that, what seems the most daunting part of information security — choosing the appropriate technologies — becomes much more transparent.

Continue reading

What happens when disaster strikes the DR guys?

Traffic sign indicating disaster

It was a stormy Wednesday morning commute with intense wind and driving rain, when a driver lost control of her car, struck a utility pole and ultimately caused eight to fall all along the road in front of the Quest building. The power went out, and live wires and downed transformers blocked traffic. Everyone in the office was trapped.

This wasn’t a “major” event — not the kind of incident we typically think of when we talk disaster. Yet even something this mundane could have put our company completely out of operation for at least several days.

We executed our own disaster recovery plan

As a Disaster Recovery and Business Continuity services provider for scores of clients, Quest was better positioned than most companies to handle just such a disruption.

Initially, battery and generator backup provided phone and Internet capabilities. By utilizing resources at several other locations, Quest was able to continue functioning until they got the all-clear to evacuate, and fortunately no one was injured — that’s when we began executing on Quest’s own Disaster Recovery procedures.

By three o’clock the same afternoon we were fully operational at remote locations, with some of our staff at our Business Resumption Center and others working from home. Customer service calls, billing, email, phones — everything we needed to keep functioning was operational.

No operational disruptions

For the Quest team, the event was an unqualified success—not a drill, but the real deal providing employees with a window to what the company does for clients. As for Quest customers, they didn’t experience any difference in service.

There’s nothing Quest could do before that we can’t do now. That’s precisely why we have Disaster Recovery capability.

If you never drill, it’s just theory

“Part of the success of the plan’s execution,” says Quest CTO, Mike Dillon, “came from disaster recovery drills, which Quest does quarterly.”

“Drills make a huge difference — we already knew what we needed for our critical systems to function,” explains Mike. “If you never drill, it’s just theory. Every drill we do teaches us something, makes us smarter about our own operations, and smarter about the operations of our clients.”

Quest’s disaster recovery experience is a big advantage for clients. Most companies, even those with a plan, don’t take disaster recovery drills seriously. Even for those that do, the disaster will still be a first-time event. Our business is helping companies, including our own, recover from disasters. Our clients have that experience to lean on.

Be prepared for the mundane and the catastrophic

Every event, real or drill, is a learning experience. It’s a sentiment shared by Quest COO Kathy Campbell. “One of our ah-ha moments came when we had to address some issues that occurred at the corporate office during our absence —no power to the employee refrigerators and freezers, and no one in the office to feed the fish. Continuing our business operations at a remote site turned out to be the easy part.” And it allowed the city, county, and power company to do their clean up for as long as necessary

Reflecting on lessons learned, I put a priority on keeping all staff up to date about what’s happening. The need-to-know rule applies to everyone in your organization. My primary take-away? Even little disasters can have a huge impact. You need to be as prepared for a mundane disruption as you are for a catastrophic one.

Downed telephone poles in front of the Quest office

How cloud computing and VoIP make IT disruption avoidance easier — and less costly

Nobody stays in business long if their business-critical data and apps are lost. So pardon me if I sound like my replay button got stuck, but I’ll say it again: make sure your critical data and apps are replicated to a secure remote environment that’s always accessible from anywhere.

You’re at least halfway there if you’re using a cloud-based backup replication service — but, of course, you need to make sure you’re dealing with a provider with a secure, scalable, fail-safe environment and plenty of flexibility when it comes to service options.

Continue reading

Steps 3 and 4 to mastering business IT disruption: Testing and reviewing your disruption-avoidance plan

So here you are with a solid How-We’ll-Stay-In-Business-Plan. Time to relax, right?

Well, not quite — although this is the point at which many stop paying attention to their disruption-avoidance plan.

Step 3 to mastering business IT disruption requires that you test your plan often. This is essential because change has a way of sneaking up on organizations, and those changes can upend your carefully laid plan to overcome disruptions. Fortunately, the right service provider will include regular testing in the price of your service.

Continue reading

Step 2 to mastering business IT disruptions — continued: The 3-part path to implementing cost-effective disruption recovery solutions

Before you can implement the best disruption recovery solutions, you have to know what they are. This entails a three-part process that requires business continuity/disaster recovery expertise:

  1. Figure out the minimum applications and data necessary to sustain your business and the timeframe(s) within which your necessary apps and data must be restored. How long, for example, can you function without email? How long can you make it without voice communications?
    Continue reading

Step 2 to mastering business IT disruptions: Include employees in your planning

By definition, no event that interrupts your organization’s operations is trivial, so your plan should address all emergencies that could disrupt your business.

This requires some serious thinking about how your business works, which you can’t accomplish without your employees. Their cooperation can be inspired with the reminder that if a disruption puts the business at risk, their jobs are at risk, too. Your disruption-avoidance planning should:
Continue reading

Introducing the 4 steps that can mitigate IT disruptions and save your business

Your organization’s ability to thrive depends on resilient information technology and data that’s available 24/7. You certainly can’t afford unanticipated downtime, a sustained system disruption, or losing your data forever.

Even comparatively brief disruptions wreck employee productivity and the ability to communicate with customers. And 60% of companies that suffer permanent data loss end up shutting down within six months.

Continue reading

Beware: Downtime can cost your business thousands of dollars per day

For any business leader, the “D” word — downtime — tends to cause lack of sleep. For many businesses, downtime can be a show-stopper. And the 2011 Disaster Preparedness Survey* conducted by Applied Research for Symantec reveals just how quickly downtime can wreck a bottom line.

According to the survey of more than 1,800 businesses and their customers, the typical small business surveyed experienced six outages during the last year. Downtime cost them a median of $3,000 per day. That rose to a median of $23,000 per day for mid-sized businesses.

Continue reading

Three ways you know you’re caught in the IT Product Trap

The Product Trap. That’s where your IT guys and their product vendor buddies come to you with a neat little story about how this here latest-and-greatest gizmo should be deployed company-wide because it’ll save a gazillion dollars. Except that…

  1. They don’t have meaningful data or metrics to back up the claim.
  2. They neglect to mention that making it actually work in the real world requires significant changes to a raft of related processes and organizational structures.
  3. Continue reading

Three decisions you shouldn’t leave to your IT staff

Many people who run organizations often completely defer decisions about technology to their IT people. So what decisions do the people in charge of the business need to keep for themselves when it comes to IT? In my experience, there are three that matter most:

  1. Which business and infrastructure processes should IT focus on?

    Some projects will be business-critical but technically mundane; others will be breathtakingly state-of-the-art but merely nice to have. This decision is bet-the-business strategic and it should always be decided by the person(s) responsible for the whole enterprise, not just IT.
  2. Continue reading