Tag Archives: disaster recovery

IT/DR and the Ostrich Syndrome

Presentations from DRI2015 are now available in MyDRI.

6a00d8341ca4d953ef01a511fb6751970cThrive! Asia is highlighting “IT/DR and the Ostrich Syndrome: Lessons Learned in India, Applied Everywhere!” presented by Rakesh Pande of DRI India.  The panel provides information on creating a more efficient global travel process.

The view the presentation (and others from DRI2015) please visit our library on MyDRI (access is free)!

While there, be sure to look through our many other resources for resilience professionals.

 

 

How Much Does Disaster Recovery Cost?

DRI ANZ

To view this article in its original location, please click here.

Good disaster recovery may be what saves an enterprise from extinction. But disaster recovery planning and preparation has a cost in terms of time, effort and money. Senior management knows that a company will need to make an investment in order to build the robustness to survive an IT catastrophe. Now it wants to know how much that investment will be; not just to understand impacts on profitability, but also to be able to plan it appropriately to gain optimal protection with expenditure that can be controlled or phased over time.

There are two main ways to set about budgeting for a given expense. The first is use the last set of budget calculations and then factor in changes such as new or discontinued items and inflation. The second is to do the complete budget from the ground up (zero-based budgeting). Each method has its pros and cons. Whichever solution you choose, a good way to start is often to map out the major expenses including IT systems maintenance, specific DR items such as cloud storage or purpose-designed recovery solutions, utilities/power, and staff salaries. Additional expenses might then be rent, travel and third party assistance. Industry benchmarks where available can help to judge the realism of a budget, as can information about industry DR trends.

Next comes the question of who will pay for disaster recovery. The company as a whole pays for its own DR of course. However, the cost may be divided up among different departments according to their current use of IT resources and their DR needs (not everybody needs split-second data recovery). If your company is already running its IT department as a profit centre by billing groups according to usage, it may well make sense to finance DR in the same way. However, it is also important to maintain an overall perspective on DR expenditure to make sure that opportunities to leverage DR over several groups can be taken, thus lowering total costs and individual departmental contributions.

Where are the Likely Holes in Your Disaster Recovery Planning?

DRI ANZ

To view this article in its original location, please click here.

No disaster recovery plan is perfect. However, there is a big difference between knowing about and managing limitations; and being caught wrong-footed by a problem you never thought about. Some items seem to consistently make the ‘hit parade’ of omissions and absences in DR plans. Before spilling the beans, here’s a hint to help you guess what they might be. They each involve a lack of vision beyond the limited point of view of IT servers and applications in a data centre.

  • Getting the workforce back to work. Disaster recovery applies to IT systems in particular. But people need to know they can get back to work again after an IT outage has been resolved. Workers don’t always automatically resume operations. So make sure your disaster recovery also triggers productivity recovery by telling people it’s time to start work again.
  • Recovery for remote locations. The corporate IT centre may be vital to survival, but that’s no reason to forget about branch offices or distant sites. Your organisation may have a policy that separate business entities should look after their own resources. Make sure this does not lead to blinkered thinking or silo management. As a minimum, check that a workable solution has been defined and prepared for all parts of the business.
  • Supply chain end-to-end operations. High performance supply chain operations are finely balanced with many moving parts. If one part such as a particular software application fails, it can throw other parts out of kilter too. Damage may extend beyond a local IT outage and need thorough checking and subsequent ‘knock-on’ problem resolution in other parts of the supply chain.

To guard against such shortcomings, remember to start your planning process by clearly understanding the business objectives for your organisation. Check that your disaster recovery plan covers all entities making critical contributions to reaching those objectives and all inter-dependencies between those entities. If you find gaps, revise your plan until you have filled them.

Have You Completely Understood Your Data Recovery Needs?

DRI ANZ

To view this article in its original location, please click here.

The whole is greater than the sum of the parts. Although you may have planned for individual components of data recovery after an incident, the overall impact must also be assessed. An example is the need to recover operations that have been successfully transferred to a disaster recovery backup site, in order to have them running once again on the primary site. In some cases, this final step can be even more complicated than the initial move out to the secondary site. Or you may have forgotten to include computing systems that live outside the perimeter of ‘official’ enterprise backup. A combined top-down and bottom-up approach can help to cover all the bases.

The top-down part of your understanding is driven by knowledge of the organisation’s overall objectives and critical sub-objectives. When you know which the mission-critical activities are, you can establish which data must be safeguarded and recoverable at all times for those activities. You can map out the systems they run on, the people who use those systems and the ‘go-to’ person for the security of any given system. With this portfolio of goals and systems in mind, you will be able to define any necessary priorities and take precautions to make sure that data recovery is done as fast as possible, but without overwhelming any individual application.

The bottom-up part requires observation of what is in fact being used by different employees or departments. Bring Your Own Device (BYOD) computing may mean data being stored on mobile computing devices that have not yet been included in systematic data safeguards. Strategically important spreadsheets may be held on local systems that are isolated from your data centre servers. All these devices need a suitable path defined back upwards to bring them into the data recovery plan. When you can track every top-level goal down to its constituent systems and data, and every IT resource back up to a business activity and objective, your understanding of your data recovery needs will be measurably improved.

Building Reality into Your Disaster Recovery Plan

DRI ANZ

To view this article in its original location, please click here.

Do you have a written disaster recovery plan for your organisation? Putting disaster recovery procedures on paper or into a file to read on your computer or smartphone is a key part of good disaster recovery planning. But just by itself, it’s not a guarantee of DR success. For one thing, the outside world moves on whereas your plan does not (unless you make the effort to revise it). But adjusting for the reality of a changing environment is just one way that your disaster recovery plan needs to be kept real.

Ensure that your disaster recovery plan makes sense for your enterprise. Your plan must bring operations back to normal as quickly as required and in the correct order of priority. That means correctly identifying the core business of your enterprise. This may not be as easy as you think. In many organisations, even senior managers are unable to state clearly or consistently what the organisation’s objectives are. But if you’re in charge of disaster recovery planning, you must know. And if you don’t know, you must find out.

Make sure too that other people understand and can act on your disaster recovery plan. An untrained person (untrained in disaster recovery planning) must be able to use your plan to successfully manage disaster recovery, if you are not there. As a first test, try re-reading your own DR plan a week or so after you wrote it to see if you still understand it. Get an untrained person to read it. Consider blank looks and knitted eyebrows to be signs that you could improve the clarity and applicability of your plan! Likewise, in your regular testing of your disaster recovery plan, find different people to apply the plan to check that you’re continuing to write it in a way that makes sense to all.

Will These 4 Trends Affect Your Disaster Recovery?

DRI ANZ

To view this article in its original location, please click here.

Disaster recovery has already come a long way since the early days. Back in the 1970s, IT systems were mainframe and batch-oriented, with downtime (grudgingly) accepted of a few hours or even a few days. Since then technological advances have led to big changes in DR management. In addition, the Internet catalysed significant social changes that in turn had impacts on the way IT is used. As a result, expectations have changed from the availability of systems to the way information is communicated about problem resolution. Do the following trends now need to be integrated into your own DR planning?

  1. Geographical distancing of disaster recovery facilities. Separate DR recovery sites are a requirement for many organizations. But ‘next building’ solutions don’t protect businesses against area floods, fires or storms. Cloud backup solutions may be a good solution for mitigating this risk.
  2. Geographical limitation of DR. Sounds like a contradiction to the point above? Not really – this is about the need for many entities to now ensure their data do not move out of the same country. Somewhere between too close and too far, the right geographical separation will have to be found.
  3. Use of managed DR services. Increases in speed, size, conformance and complexity are pushing DR beyond the capabilities of many organisations. The entire DR process may be better done by specialized, reliable third party providers. Savings on in-house infrastructure and staff training may also make such managed DR services more cost-effective.
  4. Social media for communications management in DR situations. If your customers, prospects and employees are all constantly online and in touch via social networks, they’ll expect that from your company too. Email and notices on websites are a start, but micro-blogging with viral distribution (Twitter for example) is the ‘gold standard’ for good crisis and DR status information today.

These are some of the bigger waves washing over industry and government. And each sector also has its own specific needs. What have you been putting in place recently – and what positive effects have you seen so far?

Disaster Recovery is Purely an IT Function – Or is It?

DRI ANZ

To view this article in its original location, please click here.

There is a temptation to consider disaster recovery as an IT-specific activity, conducted by IT staff to get IT systems running properly again after an incident or a mishap. Part of that notion is true. Disaster recovery is a term that is reserved for computer systems and networks, and recovering after an IT outage. With enterprises and organisations increasingly dependent on information technology, that also makes DR a large and essential part of business planning. However, as IT-centric as disaster recovery may be, trying to make it the exclusive responsibility of the IT department could be a big mistake. Here’s why.

If IT systems are down, departments must be able to continue functioning. Even e-commerce websites need some backup mechanism whereby they can continue to accept orders, whether this is as sophisticated as a mirrored online store or as basic as a temporary email address on another system. Being able to continue functioning in adverse conditions of any kind is the definition of business continuity. In the event that IT systems fail, it doesn’t matter whether you call it ‘BC’ or ‘enterprise DR’. The fact is that departments and business units must plan ahead to be able to operate in the absence of computer systems. Sitting back and trusting in the ability of the IT department to get things running again is insufficient, to say the least.

And while IT is battling to bring systems and networks back up again, somebody needs to give appropriate information to stakeholders – including customers – about what happened and what is being done to fix it. There are not many IT departments that combine excellence in both technical knowhow and relationship management. To calm down external ‘interested parties’ is the job of the public relations director or, often as not, the CEO. Indeed, as ‘enterprise DR’ involves the whole organisation, who better than the CEO to lay down the DR law by which all departments must abide? So while disaster recovery is naturally IT-centric, effective DR will often involve not just the IT department, but also the business continuity manager and the CEO too.