Defending your data Featured

11:56am EDT November 20, 2003
A black box was keeping Stacey Harris awake at night.

The box is a server at the offices of C.S. McKee in Gateway Center that holds the firm's book of business, including critical customer account information.

Harris, manager of information systems for the investment manager, solved her firm's problem, but too many companies fail to prepare adequately for an event that could interrupt their normal course of business and compromise relationships with their customers and vendors.

Craig McLellan, line of business general manager for business continuity and disaster recovery for Inflow Inc., which provides IT outsourcing at its secure data centers for companies with critical business needs and network applications, says most companies spend 90 percent of their continuity budget addressing catastrophic events that have about a 1 percent chance of occurring. Industry research indicates that businesses are more likely to plan for events like floods, hurricanes or fires, which represent only about 3 percent of all data-affecting disasters, than for more common events.

Potentially more damaging are what McLellan calls clinical events, such as a hacker who breaks in and creates a denial of service that prevents access to a company's network, hardware or software failures, e-mail viruses, human error or a disgruntled employee who sabotages the system.

McLellan says that in the case of a catastrophic event, one that would affect multiple businesses or destroy a company's facilities, vendors and customers would likely be more sympathetic to an interruption in service or access than they would be in the case of a hacker incident that creates a similar result.

Clinical events can have a powerful negative effect on a company, says McLellan. Goodwill with customers and vendors can be eroded if service is denied or payments are delayed because of a breakdown.

McLellan cites a Liberty Mutual Insurance study that found that 80 percent of companies that experienced an extended disaster were out of business within five years; 30 percent of businesses that enacted documented disaster responses were out of business within two years.

At the least, a business is almost certain to suffer some loss of revenue, productivity, and, in some cases, a damaged reputation.

In C.S. McKee's case, there were multiple opportunities for problems. The most critical information resides on a proprietary system that is difficult to recover. The building has no backup generator, leaving the system vulnerable in a power outage.

Half of all interruptions, says McLellan, are caused by plumbing or electrical problems.

Harris decided to locate a second server at Inflow's facility in the Strip District that would operate as a duplicate of the one at the firm's Downtown offices. Inflow's facility and C.S. McKee's offices are on separate power grids, making it unlikely that both would be affected by a power outage. In the event that both grids are affected by power failures, Inflow has a dedicated emergency power generator.

A high-speed broadband line connects the offices. If C.S. McKee's offices become inaccessible to its employees, Inflow can provide space at its building for key employees to work on the duplicate server.

When it comes to data preservation and recovery, Harris rests a lot easier these days.

Says Harris: "I have it in a location that's secure and at a location where I can get at it when I need to." How to reach: C.S. McKee, www.csmckee; Inflow, www.inflow.com