Disaster Recovery, Business Continuity Efforts Mitigate Risk

MBA (4/16/2008 ) Palaparty, Vijay
Downtime negatively affects industries such as financial services, driven predominantly by information technology. Organizations find themselves amidst a growing threat landscape as they shore up disaster recovery and business continuity efforts.
“Downtime must be minimized even in disaster situations,” said Donna Scott, vice president and analyst at Gartner Inc., Stamford, Conn. “When disaster strikes, it shouldn’t be crippling or fatal to organizations.”

Scott outlined recovery management maturity, reporting that a recent Gartner Research study found that a majority of organizations fall between Level 1 and Level 2. Level 1 maturity is defined as disaster recovery management in the projectphase. “The danger of this level is that there is potential for organizations to lapse back into Level 0 without any plan or lack of confidence to implement it,” Scott said, suggesting that a project-oriented approach could be too limited and finite.

Fifteen percent of companies reported having no plan for management at all—Level 0—down from the 50 percent reported by organizations in the mid-1990s. Gartner recommends organizations achieve Level 2, which is a process phase for disaster recovery management. “In Level 2, you are driving a continual process including more frequent testing,” Scott said.

Integrating business continuity management—Level 3—was reported by only 15 percent of organizations. Scott said this level is not required by more than 20 percent of organizations. “Organizations at this top level tend to be companies like financial services companies, for example, where the business is information technology and the business and risk management are part of the critical infrastructure planning for the countries in which they operate. From that perspective it drives the attention of executives from the board of directors all the way down to the individual departments and employees, from a planning perspective,” she said.

Scott urged businesses to conduct a business impact assessment to determine the impact of an outage. In classifying applications in order of importance—the top tiers should have the highest-level service applications which would require the shortest recovery period for functionality. Additionally, lower-tiered applications could also impact higher level applications, she said.

“Twenty-five percent of applications are mission critical today,” Scott said. “It’s becoming that way as more applications are getting integrated. The top tier is expanding. Data center strategies must evolve depending on what is happening to the enterprise—it’s not something you set once.”

In implementing data centers, organizations face questions of how many data centers they should have and where they should be located. The tradeoffs relate to cost and performance, Scott said, along with legal considerations.

“Most organizations opt for hosting data centers in the same region as their company,” Scott said. “They like to share employee resources. In the event of a disaster, if the secondary source is too far apart, then employees will not be likely to travel to secondary site. If the secondary site is within reason, they are more likely to go to a secondary site and share employee base.”

Moreover, distance could create latency as network connections grow further apart between primary and secondary centers.

“The number and placement of data centers has impact on their design,” said Jeff Allen, vice president of offer management for the business markets group at Level 3 Communications Inc., Broomfield, Colo. “Financial services firms that need to back up trade information require a synchronous process and the backup cannot be more than 150 kilometers away."

From a legal perspective, he said that the backup system should be on a separate power grid and watershed to mitigate non-natural disaster events. “If you think about placing a data center in North Carolina and California, you may be mitigated from natural disasters, but you have to think about the network. It will cost more to string networks and also introduces latency and network performance issues." Allen said.