Increased risks Featured

8:00pm EDT July 26, 2007

Businesses in Southern California are at increased risks for disaster. Is your company prepared in the event of a disaster or pandemic? How much are you depending on technology? How much are you depending on your employees? Certainly, your day-to-day operations require the best of both. How are you prepared to operate if employees can’t get to the office or if computers aren’t accessible?

According to Kevin Burton, Disaster Recovery Specialist with Agile360, “Disaster recovery needs, data protection and business continuity plans that include the end user are at an all-time high. There is the increased regulatory pressure. There are employee safety concerns. There is an overall feeling that Disaster Recovery and Business Continuity planning are part of the overall risk-mitigation picture.”

Smart Business talked with Burton for his insights on how these risks can be mitigated.

Why is Southern California different than any other part of the country?

For one thing, the United States Geological Survey (USGS) has predicted that an earthquake of 7.0 or greater magnitude will hit the area within five years. For another, there is a high concentration of technology companies and those that depend on technology centered in this area. But perhaps more alarming is the notion that terrorists are prone to target areas with the largest concentration of people and businesses they can damage. Those are the areas that are going to be hurt the most by terrorists’ actions. The areas that are at higher risk for a terror attack (and according to Homeland Security officials, Southern California is in the top five) need to consider employee responsiveness and inclusion more than others.

Why is more or better technology not the only answer?

Businesses depend on computers and people to run them. What are your plans in the event of a major disaster? Do you have evacuation plans? You are going to need people to continue the business. You are going to need paper backup and human IQ that can move that paper forward. You must have processes in place to recover information and use it to spring forth from adversity with speed and determination. Employee safety is extremely important. Employees are key to a company’s survival; Sept. 11 certainly taught us that.

But why focus on the human side of the equation if computers run today’s businesses?

Chief executive officers and CFOs are saying to the CIOs, ‘Show me the case study to justify the expense of fully duplicating our current data center.’ The CIO and the IT department require input from business unit managers and other stake-holders to prioritize business processes and then the applications that support them.

Using this data, the CIO can then map the technology to the human-driven processes that run the business. The resulting set of ‘tiers’ or levels of criticality can indicate the right-sized solution and appropriately address the risk. The bottom line is that we have to get better at tracking business value against application performance or automation.

How do you differentiate between cost and value when it comes to Disaster Recovery and Business Continuity?

Cost is just that — cost. For example, you go to the store and come home and show your wife a receipt for $900. You’re simply showing her the cost. If you come back from the store and say that you got a new washer and dryer for $900, then you have shown the value of your purchases. If there is not a value, a cost should not be incurred. In short, by aligning processes to applications, you can build a better shopping list for IT when it comes to risk mitigation. In the Risk Business, this is called a Business Impact Analysis. Leading organizations parlay these findings into Application Impact analyses that then lead to appropriate technical solutions that mitigate risk.

What should be the roles of the CEO, CFO and CIO?

They need to communicate with each other and work together to determine everything that is needed and what the long-term effects are. Rank, based on criticality, everything the business does. Mitigate risk and spend money accordingly. In some cases, High-Availability Solutions and advanced technologies such as VMW are perfect solutions — especially for high-value applications. In other cases, old-fashioned tape backup methods will do. Make individual business cases based on business value as opposed to relying on the input of vendors and flashy new technologies to fix the risk problem. Go with trusted advisers who understand your needs, have a fixed view of how your business operates and offer cost-considerate solutions on a case-by-case basis.

How can you save money while lowering the risks?

One example is the opportunity to re-purpose old hardware. Another is to spend less money on the least important things on the criticality list to be more cost effective. By increasing the dialog between the CEO, CFO and CIO and engaging a facilitator who respects your needs as a business and purveyor of technologies, you can be better assured of knowing what steps need to be taken and having the right solutions with the best value to move your company forward no matter what disaster strikes.

KEVIN BURTON is a Disaster Recovery Specialist with Agile360. Reach him at or (949) 253-4106.