A patch rollout or cloud wobble can turn an IT hiccup into a customer-facing crisis. This article explains how business continuity and disaster recovery fit together and why getting the order right matters.
Last year, in just a few weeks, we saw outages at Cloudflare, Microsoft Azure and Amazon Web Services. That’s usually when you discover your trusted provider is quietly running on one of those platforms too.
What's worrying: It only takes one provider outage to cause disruption on a scale that customers notice and remember.
Yes, the root cause is often technical. But the impact is not. An outage goes far beyond an IT issue, affecting revenue, operations and reputation. That makes it a topic for the whole leadership team, not just the CIO and a few engineers.
Whether you’re responsible for IT or sit on the board, you need to understand business continuity and disaster recovery together. Because something as simple as a patch deployment gone wrong can have the same business impact as a cyberattack.
If you want a real-world example why business continuity and disaster recovery are important, watch our Microsoft 365 cybersecurity webinar in which Paul Abbott, former director at Knights of Old, talks through the aftermath of a ransomware attack and the consequences for their business.
In plain terms, business continuity is your organisation’s ability to keep working when something goes wrong. Not perfectly. Not exactly as on a normal day. But well enough that:
What's important for you to understand is: Business continuity isn’t about keeping servers running but rather about keeping promises.
Technology is usually part of the solution, but it’s not the point. The point is whether the services that matter to your customers, staff and stakeholders can continue.
Disaster recovery (DR) is narrower. It’s about how you get your IT services and data back after a serious disruption.
That includes things like:
You can’t have credible business continuity without solid disaster recovery. If you can’t restore systems or data in a realistic timeframe, there’s a hard limit on how long you can keep operating.
But disaster recovery on its own isn’t enough to keep the business functioning. You can technically recover systems and still have staff confused, customers in the dark and regulators unimpressed.
Disaster recovery is a part of business continuity, not a separate universe. A Business Continuity Plan (BCP) should include disaster recovery as one of its core components. The four p’s of BCP are
Treating BCP and DR as the same thing creates blind spots:
The hierarchy should be:
If you get the order wrong, you’ll end up with technically impressive DR plans that don’t actually protect the business.
Where To Go Next
This article has focused on definitions and relationships. If you’re still at the “what is BC/DR?” stage, that is fine. The next step is to understand:
We will tackle those in the next article in this series.