You've developed a new product and you're ready and excited to take over the world. As you daydream about acquiring your first thousand customers, sealing your first million dollars in sales, or securing a healthy round of investments from cash-rich investors, it's very easy to get carried away, and understandably so. The entrepreneur's journey is grand and every aspect of your daily life is consumed with building your business and gaining new ground.
As you focus on gaining the attention of your market, it's quite easy to forget some of the basic foundations of securing business continuity such as cash flow management and the establishment of proven and replicable systems. The reality is that most founders are distracted and oftentimes overlook developing and putting in place a viable disaster recovery plan.
According to a 2013 survey, 74 percent of small businesses did not have a disaster recovery plan. The truth is that disasters are much more complex in the current age, and startups will need to plan for DDoS attacks as well as software and hardware failures as they begin to rely more on the Web for product and service delivery.
Although the average startup today will, by default, utilize cloud-based services like DropBox or Trello, whose nature offers their clients varying elements of security and business continuity features, there are certain other practices and preparations necessary.
Here are some areas of how you need to approach your business continuity plan as you aim for increased viability and defense against the unknown. Separate from the commonly discussed risk of power outages, natural disasters, or physical theft of property, these will help you develop the framework to better protect the most vital online assets in your business.
Web Security & Application Availability: What You Need to Plan For
There seems to be a new security threat discovered daily that has managed to remain hidden for years. From the recently discovered Shellshock threat to the infamous Heartbleed bug and the ever-growing strength of DDoS attacks, there is no time of peace and you should always assume your business is at risk and could potentially experience costly downtime if you're ill-prepared.
Think about this scenario: A five-minute outage of all of Google's services last year due to internal network challenges cost the company a whopping $108,000 every minute. Although your startup is not as big as Google, it shines some light on the fact that downtime is costly as existing customers are shut off from the value they're paying for, prospects are lost, and partnerships tarnished.
For this reason, it's prudent for you to have systems in place that will effectively monitor and mitigate attacks and outages in their various forms.
Managing and guaranteeing availability for the various services you're providing via the Web will require defense on two fronts: application load balancing and failover and external threat mitigation. For the average startup on a tight budget, employing the services of a cloud mitigation provider will be the best option, since this eliminates the need for investments in expensive security appliances and security staff that can easily eat up the company's entire budget in one bite.
Application Delivery Controllers: What Makes Your Plan Work
Application Delivery Controller (ADC) is a service that provides organizations with the three major must-haves of high availability: security, acceleration, and load distribution. Simply put, such services ensure that your website and web applications stay safe, run faster, and can always handle unexpected spikes and loads.
Traditionally, such services were out of reach of most Internet startups and all but the largest of SaaS (software as a service) companies. However, in recent years, the market has shifted. Today, new cloud-based services use an "economy of scale" principle to provide these services for a fraction of the cost of the old school appliances.
The acceleration factor of these services is enabled by global Content Delivery Networks (CDNs), which host HTML content, video and images on multiple data centers strategically spread around the globe. When accessed, these are delivered via an optimal route from the nearest location, saving visitors precious seconds in which they would normally wait for that content to arrive.
The security aspect is handled by centralized WAFs (Web Application Firewalls) services that protect web apps from hacking attempts. The large-scale networks also provide the perfect solution against larger-volume DDoS attacks, as they are designed--by default--to handle large traffic loads and are able to handle many gigabits (or even terabits) worth of traffic.
The load distribution aspect is handled by a combination of failover and load balancing services. The former ensures that in case of emergency, unavailable servers are skipped and--in an event of complete network failure--backup machines are rapidly activated. The latter does just what its name says; evenly spreading the computing load between multiple machines to make sure that the network performs with maximum speed and efficiency.
Since all of these solutions are offered as managed services, there are no setup fees or ownership costs, and every online organization can get onboard for just few hundred dollars a month. Considering the alternative of setting up your own multi-hundred thousand dollar network, these retainer fees provide SMEs the competitive edge they need to play on the same court with the market leaders; making them as safe, fast, and as efficient as any of their big-name and big-budget competitors.
People & Processes: How You Execute Your Plan
Accountability is what makes planning worthwhile and without the right people in place to execute when necessary, all planning is pointless. Clearly define and communicate the chain of command and workflow in the event of a disaster or attack. The plan needs to be communicated to all departments with each having its own blueprint for their jurisdiction that works in harmony with the whole. Make a list of key contact people at vendors, partners, and customers who may need to be contacted in case of emergency.
There is a tendency in business where only the heads of departments are privy to the details of disaster recovery plans. This is a huge mistake. It's a plan that works best when all are invested, and taking the time to communicate your ideas and plans to staff is vital. This welcomes feedback and suggestions for improvement based on their unique perspectives and experiences in the business.
Testing & Analyzing: How You Know Your Plan is Working
Spend time to test various scenarios to determine how much your business would lose with an hour, a day or even a week of downtime. You'd be surprised what you'll discover. Your startup may be small and loss most likely will not be on the scale of a Google failure, but every dollar lost equates to lost potential.
Based on this testing and analysis you'll discover that the cost of instituting a disaster recovery plan is justified based on what you stand to lose as you grow. A recent Forrester study determined that 57 percent of businesses surveyed had no idea what this cost was, with over 30 percent saying they experienced a disaster in the past five years. Those who did know estimated hourly downtime costs ranging from $10,000 to $3.5 million.
As you embark on running your online startup, digital threat mitigation and managing internal processes will form the foundation of your defenses. Downtime is a scar that haunts businesses' reputation in an age that demands perfection and instant gratification. Be prepared, and you'll save money.