The best way to plan for disaster is to make sure it does not happen in the first place. But unfortunately it does not matter how secure you make the system, or what you do to reduce the impact of deliberate or accidental damage to your IT infrastructure, disaster can still strike without warning.
This was demonstrated by the harrowing events of September 11 2001. Many businesses that might have had a chance of survival after that day were instead completely wiped out by the total loss of their computing resources and, more crucially, the data they contained.
Many lessons were learned. Businesses, especially in the financial sector, started taking the threat of disaster seriously and made plans to cope in the event of the unexpected. But, for many, that is as far as it went.
At every level, there was much talk about business continuity and disaster recovery, but much less action.
Research suggests that even today as few as 25% of companies (and these mostly financial) have a completely effective plan in place, and perhaps only half of these have tested that plan. And without effective testing you only find the faults when it is too late.
The financial industry is one of the most sensitive to disruption from a serious IT failure. However, all types of businesses can be affected, and breakdown does not have to be of catastrophic proportions to have a serious and possibly permanent effect. At the most basic level there is a cost in terms of lost or dissatisfied customers for every hour that your website is down. There is the impact on productivity if your staff cannot access the internet, e-mail or telephone for ten minutes, an hour or a day. Disruption may not even be the result of outside influences.
Problems like these are common side-effects of routine maintenance. While you cannot avoid them, you can significantly reduce their impact.
Analysis and planning
The first step is to analyse the impact on your business of any potential downtime. Risk management companies provide this service, putting a real value on the cost of losing key systems and providing an often alarming indication of just how expensive even a minor disruption can be. Add to this the unquantifiable elements, such as customers that have moved on, and the negative effect on brand reputation, and the need for an effective disaster recovery solution becomes very clear. Faced with the facts, companies in the financial market and most other industry sectors can see that the investment needed is not a matter of choice, but one of necessity.
So what are the core requirements of any plan? First and most obvious is backup. In the financial sector and other industries where time really is money it needs to be a live backup. This means real-time replication of data to a remote site so that it can be retrieved at a moment's notice.
An added benefit of this is that it is possible to switch between local and remote servers during maintenance operations, leading to considerably less downtime for routine servicing.
To achieve this it is not necessary for a company to create its own duplicate site - an option usually restricted to very large businesses. There are two other options to ensure data safety.
First, companies can invest in a data replication and server failover system, which allows quick and easy data recovery so that business-critical information can be restored. This allows the complete redundancy of data on one server and continuous access to data and applications on a secondary, remote, server. This type of product can be installed off-site and used to back up major servers. It can give organisations high resilience, increased application availability and continuous data protection within a relatively low cost solution.
Unlike tape backups which run periodically, data replication software continuously captures data and makes it immediately available. In fact, this type of solution can provide up to 99.99% system availability and less than 50 minutes downtime per year - quite impressive, since most large, online businesses average one to five hours of downtime each month.
Over and above this, it may be worth considering one of the many disaster recovery providers that offer this service at one of their own managed sites. This has the benefits of a company-owned facility at a lower cost, coupled with the advantage of experienced professionals able to advise on the appropriate solution. A further advantage of outsourcing is the ability to change the nature of the protection at short notice, in response to the evolving needs of the business. For a self-managed site this could result in delay, but a reputable provider will be able to monitor the needs of your business and react quickly to any change.
An experienced provider will also be able to create a complete business continuity system, allowing your company to operate through a disaster by providing online connectivity, duplicate data, applications - even desks and telephones if required. Location is important here. There is little point in having your disaster recovery site in the same city or area as your head office, as it may well suffer the same fate. Recent power blackouts in the USA, UK and elsewhere demonstrated the reality of that particular threat. Along with an office of similar size and infrastructure to your own, business continuity providers can install generators. With everything available in a set-up familiar to them, your staff can if required quickly relocate and continue working with little interruption visible to the outside world.
The need for a proven and tested plan backed by a robust system is clear.
The benefits of improved maintenance, the ability to display a resilient business structure to your customers and sheer peace of mind make a compelling argument.
Ian Masters is UK country manager at Sunbelt System Software, Tel: 01905 745711, E-mail: firstname.lastname@example.org