What is the true cost of downtime?

January 5, 2011

When your systems are unavailable and the applications that your users are not accessible most business leaders suffer from a cold sweat and sick feeling in their stomach. HOW MUCH LONGER ARE WE GOING TO BE DOWN! Do you know how long you would be down if your systems failed? What is impacted? What would it cost your business?

This is a tough question to answer and certainly could vary from industry to industry and specific seasons of certain types of industries. For instance the cost of downtime for a Tax or CPA firm during the first quarter of the year will be drastically higher than the cost during the third quarter (in most cases). There are other costs that are hard to see… for instance if your clients are delayed in getting back their tax returns or if you can’t service them because your systems are down for several days that client is very likely to search out a different provider.

There is also the cost of poor image, this is the worst in most cases. For instance with a security breach some users of your system or service will seek out another provider out of fear that your system isn’t secure. This is more likely with your high profile clients, the top 10 clients in most cases. What would happen if you lost your top 10%-20% of your clients because of a result of a security breach or system outage for a prolonged period of time?

Then there is the cost of employees sitting idle waiting for the system to come online, loss of billing hours, the cost of possible overtime hours to enter in the data from the back log that accumulated during the outage, etc. You are also likely to incur some negative moral… I know how I would feel if I were required to work longer than expected hours because the firm I worked for didn’t make investments to prevent outages or have a plan to survive an outage.

Don’t roll the dice… hoping and praying only goes so far. Know what your downtime will be and make necessary investments to prevent them. Protect your image and your business and get proactive.


Budgeting for IT

December 22, 2010

How much will your 2011 budget cost you? That’s right! Budget for IT expenses incorrectly and you could end up paying big for the mistake!

By now most business leaders have or are fine tuning their budgets for 2011. I have always found budgeting for the big ticket expenses are always the same… the more risk I take the harder to budget and the more risk my provider takes the easier to budget. I have service plans for all of my vehicles because I couldn’t keep up with it, cars going without oil changes, expired tags and the list goes on. My techs were getting stranded, I was spending time delivering vehicles to the repair shop and then walking back to the office, need I say more? I tried giving my local repair guy a shot at helping me but he didn’t have a program offering so naturally it fell back into my lap and of course my problems where still there. After one of my vans died because I didn’t have the oil changed for a year I called another provider to help. They too didn’t have a program to offer but when I told him I would work with them to create one and I would purchase my vehicles from them they were happy to help. Travis Barton and Kenny Dunn at Victory Nissan in Mechanicsville (now Sheehy Nissan) worked hard and took the risks away and now I have a budget. Yea! I was also able to get rid of a position in my business so I actually solved a problem, reduced my risk and saved money!

Unless your provider can provide a fixed monthly fee to provide the services and not provide a traditional T&M (Time and Material) relationship you can’t budget. The reality is that T&M or “Break / Fix” is a reactive way to keep your systems operational. I like to call it “hoping and praying” which by no means will ever make sense if your business depends on the information that your systems contain. ARE YOU KIDDING ME! Seriously, you are going to hope and pray that your data isn’t compromised, your servers don’t fail unexpectedly and you are not going to have any clue how long your businesses critical applications, the ones that make business happen, will be unavailable all because it didn’t fit into a budgeted number. Where did this number come from anyway? Based on what? Why did you come to that amount, why not less or why not more?

The more risk the provider takes on the higher the cost and of course vice versa, for example… if your agreement includes 24/7 monitoring but does not include remediation of these alerts you cannot know how many alerts will pop up, the severity of the alerts and how much the fees will be. If you buy into 24/7 monitoring and include all remediation for a fixed fee then you will know exactly what you will be paying for. Here are some other security, business continuity and support services you should be looking for in your agreement if you want to have a fixed budget for IT.

Support
– Helpdesk (remote) & Onsite support
– Network administration
– Consultation / Strategic planning

Disaster Recovery
Minimized downtime & data loss factors (near zero)
– Data retention
Hosted services

Security
– Security licenses
– Intrusion Detection
– Internet content controls
– Email Security
– 24/7 monitoring with remediation

Remember… it is all about risk.


Questions and concerns facing CPA businesses in 2011

December 21, 2010

Last week we spent a few days at the Don Farmer CPA event in Richmond. We hosted a booth and after-hour party for the attendees. In speaking with many of the business leaders that we met several had the same concerns . Since we specialize in helping CPA firms most of these were similar to the concerns we have heard in the past.

1. How can we ensure our data is secure?

2. How can we minimize down-time and data-loss if our system experienced an unexpected failure?

3. Should we consider moving our data into a hosted or “cloud” providers data center?

4. How can we make sure our systems will perform optimally during this critical time?

5. Can we setup our system to be securely and easily accessible from our home systems?

6. How can we be sure home systems are secure if they belong to our employees and not the firm?

7. I heard about the TeleworkVa grant, how do I learn more about this?

8. How can we control and monitor internet usage on our systems to ensure our employees aren’t getting trapped in time wasters like Facebook?

Most of these questions have been addressed in my previous posts and I will continue to address these concerns as they exist in most businesses that we work with.


The backup only strategy is not enough

December 18, 2010

Back on backup again… this is such an important aspect to your data protection strategy. You just can’t afford to get this wrong. I want to retrain the way you think about backup so let’s forget about the word backup all together, delete it from your thoughts!

What you NEED is a disaster recovery or better yet a business continuance strategy. If you only concern yourself with making sure the data is backed up you never give yourself a chance to consider what is going to happen when you actually need to recover! Backup is easy, it is the recovery that is difficult and quite honestly most backup strategies I have seen don’t even give you a chance to recover at all! Tape drives, off-site backup services, external hard drives, blue ray discs, and alike are probably not even backing up your data properly much less allow you to recover promptly after a failure or disaster.

If your business can tolerate a total loss of data then stop reading this because you are still kidding yourself and only experiencing the event might help you justify the importance. Losing your data will possibly result in your business failing, typically within 12 to 24 months, and if you survive the loss you will certainly feel the impact. If you feel you can’t afford the solution then cut out your 401k, lower your salary, take cheaper vacations and do whatever you can to make this fit into your budget. If I told you that you only had 6 months to live unless you got what seemed like expensive surgery you wouldn’t say it wouldn’t fit into the budget, right?!

Change you mindset and stop looking at backup options and start creating a “plan to stay in business” solution that will protect your digital assets and business.


Backup – What do I need?

December 13, 2010

Deciding on a backup solution to make sure your critical information, think of your data as digital assets, is recoverable in the event of some type of failure could be one of the most important business decisions you can make. Knowing your risks of how much downtime should I expect and how much information could I lose is vital.

Recently I had a client call me looking for ways to reduce his IT expenses (see my post Cutting Costs out of IT) and was also faced with having to replace his tape backup system that was no longer big enough to get the job done. I pleaded with the employee that was assigned this task to not make the decision he was leaning towards but it was too tempting and he did. It was cheaper, no major upfront investments and it was automated. He signed up for an offsite backup solution that would be around $100 per month. Sounds like a great decision, right!?

Let’s review the questions to ask yourself, I’m speaking to the person that owns this data. If you don’t own the data then you should absolutely get this person involved in this decision. You will want the data owner to have a clear understanding of what the risks vs rewards will be.

Questions:

1. Is this process automated or is it dependent on someone remembering to rotate media (tapes / hard drives)?

2. If data is lost or deleted at what point will it be gone forever? (example: if you have 5 tapes/discs that you rotate and overwrite on a daily basis you will only have one week to go back in time to recover information, after that the media will be overwritten and the information will be lost forever.

3. How is the information being transferred or moved off-site? How often?

4. How often will you test the backup to make sure you can recover? How long will the test take (this will demonstrate your downtime in a real event)? Is this easily done and how often should we test it?

Often times when I’m reviewing this topic with organizations the value of the information or the length of down-time is challenged. I hear comments like “Our data isn’t that important” or “We can be down for several days without a problem” or ” We haven’t ever had a problem so why worry about it now”. Don’t make this mistake, don’t under value your data and don’t delegate your decision because you aren’t interested, don’t understand or don’t have the time to get involved.


%d bloggers like this: