I was listening to a podcast last week (I admit, I’m addicted to them) and one of the guests, Jocko Willink, a former Navy SEAL, said “Two is one and one is none”.  He was referring to redundant systems and plans within the context of his military service, but it’s applicable everywhere that an outcome is critical.

If you have a system that you absolutely cannot live without, you need at least two.  It doesn’t necessarily mean they have to be identical, but it means that there must be more than one way to solve a problem.

Your car, for instance.  Not many of us have an extra car, just sitting in the garage, gassed up, air in the tires, ready to go at a moments notice if your primary car breaks down.  But you do have redundant systems that can fill the required role.  Can you call a cab?  Lyft?  Uber?  The bus?  A bicycle?  What things could you absolutely NOT do if your car broke down?  How much time, effort, and money are required to have a redundant system ready to go, and how quickly can you get that system in play?

Obviously, in IT, there are well defined tools for redundancy.  Critical servers may be literally duplicated on identical hardware, available at a moments notice.  They may be replicated to a remote location.  Maybe both.  In the world of virtualization, there are nearly infinite possibilities for redundant systems.  We are able to provide identical logical environments in physically disparate locations, and have the ability to utilize them nearly instantly.  Instantly can be expensive…

Lets say you have a database server, and that the database runs your entire business, whether its a patient record database, a case management database, or a contact database.  If you have 30 employees relying on this database to work, how long can it be unavailable?  Consider the variables.  If your building is flooded, or burns down, how long until you MUST have access to the data?  One day?  One hour?  One minute?  How much does it cost your business to be down?  How many employees are sitting idle, unable to work, and what is the hourly cost of that down time in salary?  What is the cost of that downtime in lost revenue?  Can you “make up” that time in the near future?

Most small businesses make the decision to take the relatively small risk and implement a bare minimum of risk mitigation.  Traditional backup, every night, to tape or hard drive, in the same room as the server being backed up.  Most of the time, this works.  Most of the time, there is no call to recover data beyond minor file deletions.

Can you afford to take the risk?  If your car breaks down tomorrow, what would you do?  If you dropped your cell phone in the sink, what would you do?  If your patient database crashed, what would you do?  If your server was infected with ransom-ware, what would you do?