From earthquakes to tornadoes to heavy floods, there has been a seemingly constant run of news about natural disasters this year. In these types of unfortunate situations, the first concern is clearly loss of life, destroyed homes, and cities and towns left in shambles -- natural disasters obviously take a tremendous human and personal toll on all affected. Businesses also suffer after a natural disaster -- not only due to physical damage, but many times because of the disaster's effect on companies' valuable data systems.
Data disaster recovery has always been a concern for CIOs, but the 9/11 terrorist attacks made data vulnerability even more real. One of the most profound examples of data loss from that time was a well known data backup services company, which had 100 customers that lost major data repositories because of the 9/11 disaster. The company dispatched 650 employees to restore massive volumes of information and luckily was able to recover 100 percent of the data that had been backed up -- but that's a story with a happy ending and unfortunately that's not always the case.
Certainly many of the data disaster recovery lessons learned after 9/11 were technical in nature. For example, post-9/11, it became a 'best practice' to ensure back-up facilities are physically "hubbed" in very separate locations -- most times in completely different cities or states. Several businesses located in or around the World Trade Center learned that lesson the hard way, because they had back-up centers just a few blocks away and the events of that day crippled both locations. Yet, one of the most important data lessons from 9/11 was that data disaster preparedness and recovery isn't just about intentions or plans -- it requires a serious investment.
It would appear as though IT executives understand and are heeding these lessons. ABI Research predicts the global business continuity and data disaster recovery market will exceed $39 billion by 2015. Still, many IT executives are not completely satisfied with their current disaster recovery plans. According to a survey of 1,600 data center managers and directors by Symantec, 32 percent describe their current disaster recovery plan as "average" and more than a third (36 percent) of those who have a plan deem it "inadequate." In fact, only 11 percent identified their plan as "excellent."
It's clear that companies need to think more seriously about their data recovery plans, and not only from a financial perspective. While 9/11 happened more than a decade ago, for many companies, data recovery is still treated as a "worst-case scenario" investment, with little careful thought given as to what would, or could, really happen in that scenario. Making sure your company is prepared from both a technical and process standpoint is critical. Here are some things to keep in mind:
- Establish a data loss threshold. Before even creating a disaster recovery plan, IT executives need to determine the level of data loss they can realistically withstand in the event of a disaster -- their 'recovery point objective'. The exercise of establishing this threshold forces companies to examine and weigh the financial ramifications of possible data loss against the cost of taking the extra measures to ensure a lower level of loss. Once a company has determined its threshold, the next step is to determine the amount of time the company can afford to spend on data recovery in the event of a disaster. This too can help determine the level of investment needed for a disaster recovery plan.
- Be comprehensive. When creating a disaster data recovery plan, it is important to get feedback from the heads of all of the functions within the company, not just IT. This will help to establish an overall understanding of each group's data needs and expectations.
- Communicate. As with other disaster plans, company leadership must communicate the details of a data disaster recovery plan to employees in every function so they can take additional, simple (and personal) steps to ensure business continuity and a minimal level of data loss should a disaster occur. For example, many employees have the habit of saving documents to their desktop. Companies should use preparedness planning as another opportunity to remind employees to always save on a central drive so that data can more easily be recovered in the event of a disaster.
- Make sure the basics work. It isn't just about recovery from a disaster. Normal backup procedures and more importantly, recovery procedures should be tested and validated regularly. Bad or lost tapes, corrupt or inaccurate backup indexes, bad failover procedures and other examples of Murphy's Law are a fact of IT life. Backup infrastructures are often 'forgotten' and don't age well. Don't wait for a disaster recovery test to make sure basic backup, recovery and failover procedures work.
- Practice. Like any other preparedness plan, data recovery should be tested and refreshed, as needed. Whether that means every six months or every two years is up to the individual company, but regardless of how often it's tested or updated, plan refresh and practice is something that is necessary. Regular practice also helps to keep the plan fresh in everyone's minds and takes into account any new staff on the IT team that may not have been involved in creating the original plan.
- Disaster and data recovery does not equal business continuity. Disaster recovery is only part of the equation. Do you know where people will work in case of a disaster that affects your location? Do you understand how the month-end close procedure must change if the data is not available, or access takes longer than usual? What absolutely MUST get done, and what can be deferred? Having access to data means little if business processes are compromised. For every disaster recovery plan, there should be a business continuity plan which covers the non-IT people and processes.
Disasters, by their very nature, are unpredictable, which is why companies have to prepare as best as possible for them. Investing in a solid data disaster recovery plan now, from both a financial and process perspective, can help companies preserve the past and prepare for the future.
Jack Cullen is president of Modis, an IT staffing firm.