Business Continuity in a Downturn
EMEA Disk Solutions' David Spate warns that although business continuity is as vital as ever, a renewed focus on costs in a downturn means that IT managers may struggle to communicate this to their boards
The IT manager, concerned with uptime and continuous availability, knowing that their heads will be on the block in the event of loss of service, must position business continuity in terms of both potential financial and reputational loss in the event of disaster outweighing costs of implementation. As insurance in other words.
An interruption of IT services and the loss of data (customer orders, research, contracts, financial transactions, etc) can cripple a business, but the board may see the cost of implementation as too big an issue to contemplate in these turbulent economic times. The issue should not be between having business continuity IT systems in place or not having that protection; when budget is an issue it as a question of what is the level of risk an organisation is prepared to take. Once that level is ascertained the correct systems need to be sourced and implemented in line with the company plan. When more budget becomes available the issue can be revisited and adjusted to better fit the ideal risk profile the organisation would like to aim for.
An Intellect report (State of the UK Technology Sector – President's Report 2009) demonstrated that whilst the recession has tightened budgets, companies are also focusing on using IT to increase efficiency and cost reduction projects. Any organisation reappraising their risk profile in this way will certainly, or certainly should be, concerned with using this scrutiny to iron out existing problems and to implement cost effective new solutions where deficiencies are found.
If an organisation merely cuts budgets without considering impacts and making allowances for the new situation then business continuity staff may find their roles changed and important security projects postponed indefinitely. This can save costs but impair continuity plans and systems, potentially bringing underlying problems into the limelight at a difficult time.
Maximising risk reduction
For the average medium size business with a few hundred staff, the minimum technological business continuity requirements (assuming that policies and plans have been put into place in advance) include:
• A storage solution that reliably performs under all network conditions, preferably with an uninterruptible power supply to counter one of the most commonplace technical difficulties: power cuts.
• An appliance to manage service failover including real-time replication and application awareness to achieve near-zero RTO and RPO objectives. The use of an appliance eliminates the burden on existing resources that are typically already resource constrained and ensures heterogeneous interoperability with existing and new servers, storage and networks.
• Disk backup, possibly at a mirrored separate site to counter site disruption like a fire or network disruption. This allows fast acting recovery in the event of most likely business interruptions. Ideally the solution should write and read data fast and should integrate seamlessly into vendor neutral storage networks.
• Tape backup and archiving for longer term, lower cost storage in case of large-scale disaster recovery requirements. These should be highly scaleable as stored data can only grow, and should interface with every storage connector to allow flexible and fast connections to any network if offices need to move in the event of disaster.
• Tiered solutions with flexibility for upgrading and expansion which allow cost effective data storage and recovery depending on network usage and application importance regardless of location, local and/or remote.
Organisations can also benefit from utilising server virtualization to reduce physical server numbers, decreasing the network topography complexity, minimizing an IT infrastructures mean time between failure (MTBF) ratings and greatly reducing maintenance costs.
Continuous data protection can also ensure an organisation never loses data by automatically saving changes to backup areas/appliances as data is edited. In this way if disaster occurs, rollback to latest versions is guaranteed to very fine tolerances, enabling an organisation to meet its recovery point objectives with ease.
Managing the risk against the budget
The factors of budgetary pressures, risk aversion vs. allowance, technical know-how, the RPO and RTO and individual organisations' ideas of best operating practices all must be debated and worked out between IT and the board.
Posing the issues of business continuity like insurance should ensure that an organisations' planning for the worst should not be bogged down in 'IT issues'. Just because there are technical solutions to the business continuity problem does not make it a wholly IT issue or wholly IT's problem for IT's budget alone. After all, if data is lost an organisation will literally not know what its history is or at what status it may be with customers, suppliers and the law – a sobering thought.
However, IT is the most important component and the various backup technologies should be weighed and measured and chosen carefully and not stinted on for the continuing safety of the business.
Business continuity should be the proper concern of the board who need to consider the matter appropriately, plan for various risk scenarios and implement backup and recovery solutions which are a mix of IT and sound policy.
David Spate, Sales and Marketing Director, EMEA Disk Solutions, Overland Storage (EMEA)
