Chances are that your company’s executives don’t spend a lot of time thinking about Active Directory (AD). So, how can you convince them to invest in an Active Directory backup and recovery solution in case disaster strikes?
It can be an uphill battle. That’s because of a belief that you can recover Active Directory simply using backups if needed.
Unfortunately, this is often not the case after a cyberattack. As my colleague Martin Fitzsimons explains, the hackers will target Active Directory and the backups. Recovery can be long and painful, at best.
But the “bad things could happen” argument can be tough to make in the boardroom.
What should you do instead?
First, forget the tech talk. Focus on the business requirements and how an Active Directory backup and recovery solution will help make sure they’re met.
And yes, we also need to talk about the business impact of a failure to quickly restore AD.
To help you make the case, here are the five key messages you need to deliver.
Active Directory Is Central to Business Recovery
Start the conversation by asking executives which parts of the business and its operations are critical. How much downtime, if any, can they tolerate in each area?
This is also a good opportunity to review the environments that contain sensitive data requiring extra protection against attack.
While you’re listening, take notes on the business functions that rely on Active Directory. Chances are, it’s all of them.
Now explain how Active Directory controls access to the systems that support critical operations. If AD gets hacked, the company will be locked out of everything. Keeping AD up and running all the time is primordial.
That’s why recovering AD is the first thing that must be done for business to resume.
It can also help to share a real-life example. I recall one incident where it took three weeks for the U.S. division of a large, global company to stand up its environment again. It illustrates why investing in a solid Active Directory backup and recovery solution should be a top priority.
The Business Impact of Downtime Is Severe
To demonstrate your business case, be prepared to present the financial cost of an Active Directory breach.
We know that these costs are rising. According to the Cost of a Data Breach Report, which analyzes research by the Ponemon Institute, the average cost of a data breach in Canada was $6.75 million in 2021. That’s the highest it’s been since the survey began seven years ago.
You can also use this downtime and recovery cost calculator to estimate the costs of an AD outage for your company. Ask your executives whether the business can afford it.
Reputation Is Everything
It must be noted that the calculator does not take into account the impact of an AD breach on the company’s reputation.
No one wants to be front-page news because of a failure to protect their most fundamental assets.
How will customers react if your company can’t deliver its products or services for three weeks? And what if you can’t even communicate with them?
This scenario doesn’t end well.
With the Right Solution, Active Directory Recovery Is Guaranteed
On the positive side of the ledger, you can advise your executives that AD recovery is guaranteed if they choose a provider that offers a service level agreement. For example, Itergy guarantees that we’ll make AD available for authentication within four hours or less. That’s the first step to a full recovery.
We’ll also test the solution four times a year to make sure it’s working well. What’s more, we’ll share the test results so that you can reassure company leaders that Active Directory is secured.
An AD Recovery Solution Will Save Time and Resources
Finally, your business case presentation should include the savings from outsourcing your AD backup and recovery solution.
These benefits include a fast implementation, completed within four weeks.
It also addresses the alarming talent shortage the industry is facing right now by allowing you to fill in the gap with 24/7 access to the deep Active Directory expertise needed. Moreover, it will most likely be at lower cost than hiring on demand resources should you be the victim of an attack.
And, once the solution is in place, your team no longer has to spend time testing or worrying.
Sample Elevator Pitches
Here are some quick notes you can use with various executives to make the case for an AD recovery solution.
|CISO, CTO, CIO||We know that hackers will go after the Active Directory backups as a prime target. Let’s fill this gap in our security and be the heroes in a crisis.|
|CFO||Our business case shows that the financial impact of failing to secure Active Directory is $X if and when a breach occurs. Outsourcing the solution will save time and resources for our company.|
|CEO and nontechnical board members||Securing Active Directory is essential to supporting the business operations that are most critical. If we fail to do so, the impact on the bottom line and our reputation could undermine the company.|
Contact us to talk about how you can guarantee a quick recovery of AD after a cyberattack. Learn more about our Active Directory backup and disaster recovery solution. Donald Bauer is the Chief Technology Officer and cofounder of Itergy.
We’re Active Directory experts. We’ve been monitoring, managing and recovering Active Directory in 65 countries, 24/7 on behalf of our customers for over 20 years. Some of our Active Directory services and AD managed services include health checks, strategic consulting, migrations, consolidations, M&A and divestitures, Active Directory Security, and Active Directory disaster recovery (AD backup and AD restore).
We make Active Directory the agile, secure, mature business application it was intended to be—the one your enterprise needs to succeed throughout all your business operations.