Sometimes, there is no way to prevent a serious event from occurring. A common example would be a natural disaster, fire, or even a bombing. These incidents often occur instantaneously, leaving you no time to move your valuable digital assets to safety.

There is a strategy you can implement in your business to provide continuity even in extreme scenarios like the ones listed. An Alternate Site is a secondary location, preferably a decent distance away from your main facility, that has the resources necessary for continuing business operations in the event of a serious crisis. A properly implemented alternate site will allow you and your employees to continue business as usual, at least as far as digital workloads are concerned. When the crisis has been resolved, you can migrate your staff back to the main facility and leave the alternate site as it was, ready for other future crises.

There are three main types of alternate sites:

  1. Hot Site: A site that is a fully functioning and operating mirror of your primary site's digital infrastructure, ready for failover almost instantaneously.
  2. Warm Site: A site that has all the necessary hardware, electricity, and networking in place. However, it will require some basic setup to begin operating during a serious event.
  3. Cold Site: A site that has functional equipment and necessities in place. However, it requires significant work to install equipment, configure devices, and get a network online.

For an average small business, implementing an alternate site is rather simple compared to implementing one for a large business. Since you have a smaller number of employees, you can implement an alternate site in each employee's house. By implementing cloud-based device and identity management for your workstations, you can have your employees log into their work account profile on their own PCs and continue working from home. This approach makes even more sense if your organization heavily utilizes remote work to begin with.

However, providing workstation continuity is only part of the equation. All the important servers and data in your organization need to be available as well. To fulfill this, you can utilize your cloud platform of note and spin up virtual servers that mirror the ones in use in your organization. In terms of data, this framework's documentation on Backups recommends keeping at least one copy of your backups in the cloud in case of crises that damage or destroy physical backups. With a backup maintained in the cloud, you can pull the data down to your VM servers and have your employees connect to them from their devices.

To go even further with the cloud alternate site, you could create some VMs running copies of your host operating system, fully configured with all of your organization's necessary software. You could then keep both your server VMs and the OS VMs in a saved state. All you would need to do is resume the VM state during a crisis, and have your employees log on to the OS VMs to continue their workflows. Keep in mind that your cloud provider charges for the resources you consume. It is up to you, your financial team, and the cybersecurity team to decide whether to have the VMs constantly running for a hot site approach or keep them shut down for a warm site. Since we are talking about "small" businesses here, the warm site approach should suffice without requiring a lot of work to make it operational. However, if your organization heavily uses data and computing power in its daily workflow, you might want to consider the hot site approach.

Of course, you could always implement a very basic cold site. This would likely be just an office or two in a distant building with electricity and network connectivity. During a crisis, you would have to go to the facility, turn on the power and networking, and set up any devices you need. I would only recommend this as a sustainable solution if you work by yourself or have just one or two employees.

Once you have chosen and implemented an alternate site solution, make sure to check in on it regularly. Keep the systems updated and ensure that your cloud backups are functioning correctly. As part of employee training, give instructions on how to access and use the resources if ever needed.