Plan for the worst Featured

8:00pm EDT March 26, 2009

When you think of disaster recovery, you might envision physical threats, like fire, flood, tornado or some other kind of devastation that wipes out the data center. But, with everyone’s increasing reliance upon technology, a “disaster” can be any event that makes the organization’s data unavailable, even for a short period of time. It could even be someone unplugging a cable or the network becoming unavailable.

Regardless of how you define a disaster and the threats that can cause it, having the proper systems and a plan in place to preserve and recover data is a vital endeavor that’s different for every company.

“The real key to a successful disaster recovery plan involves honestly answering questions about your systems and data,” says Dave Sullivan, general manager, Technology Solutions Group, Park Place International. “Then you need to understand the cost of the disaster recovery technology and what it provides you within that continuum so you can make the right trade-off for the company.”

Smart Business learned from Sullivan how a business can ensure it has the right plan in place to protect its data when the worst happens.

Where should a company begin when designing a disaster recovery plan?

Companies need to evaluate every business system that they have and answer two questions: How long can the business afford to have the system unavailable after a disaster? And how much data is a business willing to lose, and recreate, after the disaster?

Answering the first question tells a company what disaster recovery systems it needs and how quickly they must be deployed. And answering the second question lets you know if your current systems are backing up your critical data often enough.

Any plan needs to include periodic testing to ensure it can be successfully executed. As things change, then the plan needs to change accordingly in order for it to be relevant if and when a disaster ever hits. IT infrastructure is pretty complicated and people are continually adding to and changing things associated with their systems, storage and networks. You don’t want to be figuring it out on the fly after a disaster.

How do disaster recovery systems differ from company to company?

Financial institutions, for example, may not be able to afford any downtime, so they really need disaster recovery systems and processes that are constantly and continually backing themselves up and that they can switch over to immediately. When I talk to customers, a term they use is ‘flipping the switch.’

Other companies may be able to run really well without their computer systems for a day or even days. It depends. You’ve got to understand what the business requirements are, what is technically feasible from an infrastructure requirement and then, finally, what’s the cost. It may cost a financial institution millions of dollars for every hour that its systems are down. Therefore, it’s easy for them to invest millions of dollars in infrastructure that prevents that. Other companies may not have that luxury, and may not have that need. Any investment decision has to be factored against the business benefit versus the business cost.

Can disaster recovery systems be managed effectively by a third party?

Absolutely. I think if you talk to organizations today that perhaps don’t have plans in place, oftentimes it’s because people are busy doing their own jobs and they really don’t have the time, much less the expertise, to put a plan in place and keep it updated. And certainly the ISO will have the skills and resources to help a company do that. I’m also a proponent of ownership and involvement by the organization itself. If you don’t own it, it probably won’t work when you need it. So you need to couple the outsourcing to an ISO with the ownership that is ultimately going to be yours when disaster hits.

An ISO can help you develop a plan, understand your options, and walk you through the justification process of what you’re willing to spend versus what you could lose in the event of a disaster. And then, of course, they will assist you in the execution of a plan should a disaster occur.

The ISO doesn’t have any hidden agendas in helping you redeploy existing equipment as part of a disaster recovery strategy. The ISO is really motivated by what makes sense to the customer.

DAVE SULLIVAN is general manager of the Technology Solutions Group at Park Place International. Reach him at (800) 729-0313 or dave_sullivan@parkplaceintl.com.