There’s been no shortage of threats to business continuity over the past decade; terror attacks, hurricanes and tornadoes are constant reminders of the need for a well-honed disaster recovery plan. But the era has also featured two devastating recessions and a rash of corporate downsizings, leaving executives with fewer resources to guarantee the timely restoration of critical business operations and databases.
“The events of the past decade have taught us that businesses must deal with disaster recovery in a pragmatic way,” says Kerwin Myers, senior director of product management at SunGard Availability Services. “Otherwise, companies may make critical mistakes and may never recover from a disaster. Conversely, overspending on disaster recovery can also pose a threat to your company.”
Smart Business spoke with Myers about how to ensure business continuity by taking a realistic approach to disaster recovery.
How have the events of the last decade impacted disaster recovery?
Executives seldom thought about disaster recovery before Sept. 11. Now, they recognize the need for planning, but restoring a network and recovering data require professionals with specialized skills, and the rigorous process often takes a back seat to day-to-day operations. Additionally, companies must now adhere to governmental regulations and industry mandates designed to ensure organizations develop business continuity plans.
What are the typical pain points that organizations face when recovering from a disaster?
Recovering from a disaster hinges on accurate and current disaster recovery procedures. Many organizations fail to recover or take longer to recover because these procedures are not accurate or not current. Production Information Technology environments are constantly changing. This means that an effective change management practice that includes a process for updating recovery procedures and recovery configurations is a crucial component to successful restoration. Changes in the production environment happen daily, impacting recovery. As a result, the recovery plan must be kept up to date with day-to-day production changes.
In many cases, organizations depend on the same staff for production and disaster recovery. This requires production to be redeployed to restore critical applications and data during a disaster. But the event may prevent workers from reaching the facility or inflict personal hardships or injuries that keep them from working.
Last, IT professionals spend most of the time maintaining and updating applications, so restoration efforts may be hampered by a lack of knowledge of restoration practices.
What are the key planning elements to help ensure a seamless recovery?
Recovery plans should be customized to individual businesses but should include these critical steps to ensure effective recovery.
* Create specific and sequential recovery processes and procedures. Employees need clear procedures to restore critical IT services.
*Establish priorities. Some mission-critical applications and technical functions must be restored immediately to minimize financial loss. Consider cost/performance trade-offs, estimated recovery times and business needs when establishing post-event priorities.
* Close skill gaps. Staff members must take on specific roles and duties during recovery, but there’s no time for training once disaster strikes. Inventory the required skills to execute the plan and close gaps through training or by contracting with external providers.
* IT organizations must ensure production changes are being replicated in recovery configurations and procedures.
What mistakes may impede or prevent a complete recovery?
An outdated recovery plan can stymie recovery. Companies need to reconcile the plan with the changing technical configuration and update procedures and priorities to align with the business requirements on a quarterly or semi-annual basis, as recovery may fail if the plan elements aren’t tested and refined.
Should all data be recovered in the same way?
Most data centers are a collection of new and legacy systems and applications from multiple vendors, which means all data can’t be recovered in the same way. For example, data from critical tier-one applications may be replicated on servers in other locations, which is expensive, but the investment practically eliminates down time after a disaster.
Applications that run in the cloud can be accessed from any location and the provider assumes responsibility for disaster planning and recovery. Tier-two apps could run on separate servers and are restored from tape backups or a virtualized environment.
How are virtualization and cloud-based solutions impacting backup and recovery processes?
The emergence of the cloud and virtualization has created new rapid recovery options at a better price point. Applications that run on Web-based platforms can be supported by third-party providers with hundreds of servers, so recovery can be as simple as switching to another site. The best providers take a holistic approach by considering the interdependency between legacy and Web-based applications and offer a comprehensive solution.
What should an IT manager look for in an outsourced disaster recovery service provider?
Beyond price and equipment, an IT manager should evaluate the following criteria.
* Experience and expertise in processes and procedures.
* Commitment and conviction backed by guarantees and SLAs.
* Track record. Has the firm been tested by a real disaster? Was the recovery successful?
* Testing and audits. A provider should conduct hundreds of tests and audits each year, so ask to review its documentation before committing.
Kerwin Myers is a senior director of product management for SunGard Availability Services. Reach him at [email protected]