|
|
|
To sign-up for the Disaster Resource GUIDE, go to: Three Recovery Exposures Your Organization Is Facing — By Rebecca Levesque Growth and profit-—it’s the mantra of today’s aggressive business executives. With market pressures mounting and stockholder value in the balance, busy executives continue to seek unique solutions to customer challenges in an attempt to establish competitive differentiation. However, the very drive and ambition that pushes your organization forward may be putting you at risk. Many company executives we speak to put so much energy into the development of innovative infrastructures and environments to provide better service and greater customer insight that they forget about developing the strategies and tactics to ensure it can all be recovered. The siloed approach separating business management and IT management often does not allow the insight into how IT departments are ensuring that critical business processes can continue after an event. Business managers don’t require a crash course in IT management to see how their applications and data are managed, but they certainly should understand the opportunities and exposures related to recovering those critical resources. John Morency, a research director at Gartner, has noted that “for many organizations, time required to recover critical business processes...has dropped by roughly an order of magnitude from what it was 10 years ago.” We have seen similar trends; the business continuity market has notably shifted in the past few years, with greater focus on availability and recoverability, as well as intense interest in auditing and validation. Identifying when and why A business impact analysis (BIA) can help assess the business impact of data loss when a rapid recovery does not occur. However, it’s important to note that the static nature of a BIA can prove problematic, especially if the analysis involves a high degree of speculation. As such, companies run the risk of missing the full impact of potential disasters. And, without an accurate assessment of the possible business impact of a potential incident, it is extremely difficult—if not impossible—to assign the right level of attention and detail to the planning process. In today’s increasingly competitive and regulated marketplace, achieving an ironclad, dynamic data recovery strategy is the price of doing business. However, with the increasing costs associated with securing successful backup and recovery, accomplishing that goal is more difficult than ever. Meeting regulatory compliance directives and sorting through the “noise” regarding your data management options—while making sure that you get the most impact for your dollar—is a growing challenge for even the most knowledgeable continuity managers and planners. We believe that most recovery exposures can be separated into three categories; and if properly addressed, will significantly enhance recoverability.
While most companies have documented recovery procedures for retaining and recovering information across the enterprise, those processes often fail during testing and real-life recovery efforts. According to Gartner, more than 50% of all DR tests fail and 95% companies never complete DR testing. The primary reason for these failures is the lack of knowledge about physical and virtual systems, storage, applications, and data, as well as their interdependencies. In addition, many DR plans do not highlight the most critical and sensitive applications and processes that would be immediately required after an event. Therefore they do not prioritize those applications for immediate recovery so that the business can continue these operations. That means the critical applications and data you believe to be backed up and recoverable may indeed be a major exposure to your continuity. Compliance requirements are often causing some of these challenges. Retention policies are often at the top of many compliance rules and audit requirements, and companies are turning to complex mirroring and redundancy efforts to ensure data is stored and secure. However, creating duplicate copies of all data also replicates any errors or corruptions. In addition, it can extend the time-to-recovery because all that redundant data needs to be recovered and restored—regardless of importance or its impact on your business operations. We always recommend a complete assessment of application and data interdependencies, especially as it relates to the most critical files and data your organization would need immediately following an event. That assessment needs to be very flexible, as the data sets you require on a quarterly, monthly, and even daily basis may change often. 2. New technologies can actually increase your recovery risk Applications and databases are often installed across multiple physical servers, and could be located in different physical locations. An event that disrupts the normal processing capabilities at any location will put your new application at risk. However, because DR plans are often only updated yearly, you may not even know the extent of your current exposure. Even worse, the implementation of new IT initiatives like consolidation and virtualization that are intended to reduce operation and management expenses may actually cost more in business loss and compliance fines later on. Virtualization, which offers tremendous benefits by separating applications from their physical servers and providing greater management capabilities, can greatly reduce application recovery if not managed correctly. With many new and legacy application and data interdependencies scattered across multiple virtual machines, your ongoing recoverability is directly tied to your IT department’s ability to track and manage those interferences. 3. Few companies can consistently prove they’re recoverable. Most backup applications can provide a list of storage locations for backup data. However, focusing too strongly on auditing and reporting on data volumes—without obtaining access to the type of information that can provide real business value and insight—can prove problematic in creating a solid long-term business continuity plan. That’s why the only proof some organizations can offer is to point at their mirror site with all their redundant data and plead for understanding. In the wake of compliance requirements and the competitive exposures that come along with them, executives and business managers should have the ability to prove that their processes and workflow are recoverable through audits and verification reports that provide reporting on demand. That means establishing a documented process for monitoring critical applications and files, tracking their backup location, and providing a critical path for the immediate recovery of those resources when needed. So where do you go from here?
Business managers and executives can work together with the IT organization to address these areas and close the gap to recovery. About the author:  |