Disaster Recovery Planning

Core disaster recovery planning questions

webmaster — Thu, 17 May 2012 08:25:03 -0600

Whether your business is a one-man operation or it employs a thousand people, the starting point is the same: identify the processes critical to your success. To do this, you should first define what critical means in your business. Rank each process according to that definition, and then ask how long can your business survive without it, who performs it, and what IT resources support it.

Questions you can ask:

Can you simply not survive without this process? This should be your primary priority. Your business continuity plan must protect all primary priorities when a disaster strikes.
Can you survive only a day or two without it? This should be a secondary priority. Your business continuity plan should address all secondary priorities after primary priorities are handled.
Can you survive a week or more without it? Add it to your list of low priorities.

Create Your Data Protection Strategy

webmaster — Sun, 29 Apr 2012 01:39:03 -0600

Create Your Data Protection Strategy key considerations:

Backup/Recovery and Staging Tradeoff - Tailoring your data protection solution to the right mix of staging and backup/recovery approaches is accomplished by defining the RTO and RPO for your various types of data based on the tradeoff between your business needs and cost.

Case for Archiving Your Static Data

First, archives provide long-term protection of data for compliance purposes.
Second, they make historical data available for repurposing in new applications.
Third, archiving can provide performance benefits for your company. These performance benefits are realized in the following ways: Once static data is moved to an archive, it is no longer mixed in with your dynamic data, and therefore does not need to be backed up repeatedly. For most organizations, this means the time and storage required to complete a full backup can be reduced significantly. Plus, separating static data from your dynamic data can also significantly reduce the amount of time required to search for files.

Backup to Disk - Using disk-based data protection techniques to protect your dynamic data and make disaster recovery copies will allow you to gain the most from your investment in data protection. Disk-based data protection enables faster recovery times and helps to dramatically reduce your administrative time and costs.

Real-Time Data Protection technologies provide your business with the maximum RTO and RPO benefits. Best-of-breed real-time data protection solutions will allow you to recover your data back to any point in time, down to the second, and some even work to provide a high-availability solution

Setting up a remote disaster recovery site

webmaster — Sat, 14 Apr 2012 07:32:30 -0600

During the disaster recovery planning process a CIO needs to establish a remote disaster recovery site, but are faced a challenge all too familiar to many enterprises: How to replicate large amounts of data across the country and still meet Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?

For example if the goal of full data recovery within 3 hours, with an RPO of 24 hours. CIOsoften are not coming close to meeting those objectives as replication process mat not able to complete across the WAN. A company simply may not be able to move that much data over long distances in a reasonable amount of time without very expensive and time consuming manual intervention.

More specifically, given the limited physical space in their data centers and the high volume of traffic that needed to be moved between data centers, the company may require a very high capacity virtual WAN optimization solution.

Cloud as a Backup Solution for a Disaster Plan

webmaster — Mon, 02 Apr 2012 14:48:49 -0600

A cloud based backup approach for a disaster recovery plan lets you determine the ideal mixture of capital and operational expenditures. For budgeting purposes, recovery capabilities can be tiered to reflect the unique value and restoration requirements of different types of data, and storage processes can easily be tuned to comply with updated business procedures.

It is the selective use of the cloud lets you choose any combination of the following, a mix you can freely adjust as your needs evolve.

Cloud or Software as a Service (SaaS) - Your data is protected in a secure data center and hardware and software is managed for you, including all necessary support and professional services. Protecting your data in the cloud also gives you the inherent benefit of offsite disaster recovery. If your goal is to make life as simple as possible for your IT team but still make sure your data is safe and easily accessible.

On-Premise - You manage all the hardware and software you need under your roof. Pre-configured, all-in-one appliances are available to simplify deployment and maintenance and speed backup and recovery cycles. You can choose to maintain your infrastructure with your own team, outsource this responsibility to a certified local provider, or take advantage of both internal and external resources.

Hybrid - With the increasingly popular cloud-connected model, certain categories of information can be stored in the cloud, while those that need to be instantly available can reside onsite - or a primary backup can reside in one (onsite or in the cloud) with replication to the other. This method offers the greatest flexibility to choose the right blend of capital and operational expenditures.

Most organizations have business continuity plans in place

webmaster — Fri, 16 Mar 2012 11:33:54 -0600

Most enterprises have disaster recovery and business continuity plans in place, however in a review of 128 companies that have recently has to activate their disaster plans Janco has found that 64% do not have and or have not followed the protocols to ensure the safety of their employees and critical security needs of their information assets.

2011 had a wide range of events that impacted the operations in many organizations around the globe. While weather was the most common cause of organizational disruption, other significant events included strikes (which caused problems for 55 percent of managers), the Blackberry outage (39 percent), the civil disturbances (26 percent), natural disasters such as the Japan earthquake and tsunami (19 percent), and international social and political unrest such as the Arab Spring uprising (18 percent).

This wide range of threats has prompted business continuity management to become increasingly. After a sharp increase in business continuity management uptake over the past two years 61 percent of managers now work for an organization that has Disaster Recovery and Business Continuity Plans in place.

Disaster Preparedness equals risk, resilience and effective disaster recovery planning

webmaster — Thu, 01 Mar 2012 15:09:51 -0600

Most people who are involved in emergency management are aware of the four primary phases of emergency management: prevention/mitigation, preparedness, response and recovery.

Recovery includes short-term measures taken to restore essential functions and systems, as well as longer-term activities intended to facilitate a return to pre-emergency conditions, or ideally to improve conditions through mitigation measures.

What should CIO and Recovery Manager Plan for?

webmaster — Sat, 25 Feb 2012 12:09:18 -0600

Downtime and loss of data, even if temporary, can have long-lasting effects for business and can contribute to the demise of the otherwise well-lubed business:

Loss of revenue from your customers' inability to do business with you
Diminished market credibility and customer trust, resulting in churn
Penalties for violated SLAs with partners, suppliers, distributors, and franchisees
Costs of recovering and repairing the lost data
Legal costs of meeting internal and external compliance requirements

How do you balance the disaster recovery risk and investment equation? Is the potential risk greater than the investment? Some facts:

43% of companies experiencing disasters never reopen, and 29% close within two years.
93% of businesses that lost their data center for 10 days went bankrupt within one year.
40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.

CIOs and Business Continuity Managers should plan for all situations in which normal operations are disrupted and have practices and technologies in place that enable them to deal with potential disruption from hostile, external actions as well as internal system failures.

DHS sets its IT Priorities

webmaster — Thu, 16 Feb 2012 09:59:44 -0600

DHS CIO Council has set its fiscal 2012 initiatives.

The five mission areas are:

Preventing terrorism and enhancing security
Securing and managing borders
Enforcing and administrating immigration laws
Safeguarding and securing cyberspace
Ensuring resilience to disasters

Disaster Recovery Planning a critical mandate

webmaster — Sat, 11 Feb 2012 15:26:47 -0600

Business continuity and disaster recovery (BC/DR) planning is a critical mandate for all companies and especially for small and midsized businesses, where the cost pf downtime and/or lost data can be devastating. It does not take a cataclysmic event to cause major disruption the untimely loss of a critical server or file for even a few hours can be extremely costly in today's highly competitive 24x7 business climate.

If you have implemented virtualization - cloud computing, you already know how this powerful technology can save you money on IT costs via server consolidation. But are you aware that the benefits of virtualization extend beyond IT cost savings, and that virtualization can also keep your business running through many types of planned and unplanned IT outages?

Many regulations require companies to support more stringent availability standards. Several new acts and regulations, directed at specific industries or a broad cross-section of companies, mandate the protection of business data and system availability. Businesses may incur financial or legal penalties for failing to comply with these data or business availability requirements.

Can you use the cloud for Disaster Recovery and Business Continuity?

webmaster — Thu, 02 Feb 2012 16:50:05 -0600

In December 2010 Google launched Message Continuity, a new cloud-based disaster recovery and business continuity service for Microsoft Exchange. A year later, Google has announced the end of that service, leaving many organizations with the task of finding an alternative Microsoft Exchange business continuity service.

While the vendor said that existing contracts will continue to be serviced until their renewal date, for some early adopters of this service will only have a few weeks, or even days, to find an alternative solution.

This raises a warning flag about the wisdom of relying on the public cloud companies for any services which may be critical to your day-to-day activities; or for business continuity.

The cloud brings many new solutions for disaster recovery and business continuity: but buyer beware has never been more crucial. Service level agreements only apply if your supplier is in business; and there is certainly no requirement for suppliers to provide any support or service once a contract expires.

After this termination of service can you trust Google or any other vendor to host a mission-critical service?

Maximum Tolerable Period of Disruption

webmaster — Sat, 07 Jan 2012 18:59:16 -0600

BS 25999 defines the maximum tolerable period of disruption (MTPD) as :the duration after which an organization's viability will be irreparably damaged if delivery of a particular product or service cannot be resumed". It advises companies to "assess over time the impacts if the activity is disrupted" and "establish the MTPD of each activity". It instructs us to identify the latest time by which an activity must be resumed, establish the minimum level to which resumption must be achieved, and set the time within which normal activity levels must be restored. It says companies should "identify any inter-dependent activities, assets, supporting infrastructure or resources that also have to be maintained"

Defining Maximum Tolerable Period of Disruption...

Importance of data recovery for mid-sized companies

webmaster — Sat, 05 Nov 2011 17:08:59 -0600

Identifying the right tools for data recovery in the disaster recovery and business continuity processes is extremely important to the success and continuity of middle‐sized organizations. These tools need to be integrated without requiring an expensive and disruptive overhaul of existing IT infrastructure, and without adding to or demanding more of IT staff.

One key to this is to build on existing data storage and protection equipment. Tape is the best option when expanding on existing processes, because tape is a medium that is affordable.

What is ISO 27031:2011

webmaster — Thu, 27 Oct 2011 11:29:00 -0600

ISO 27031:2011 Information and communications technology (ICT) continuity management, developed originally by the British Standards Institution (BSI), was accepted as an ISO standard in 2011 and represents a management systems-based implementation of an IT disaster recovery program. It has six key principles:

Protecting the ICT environment from incidents, failures and disruptions;
Detecting incidents at the earliest possible time;
Reacting to incidents as efficiently as possible;
Recovering by identifying and implementing appropriate recovery strategies;
Operating in disaster recovery mode.
Returning to normal operations.

While ISO 27031 is intended for use in the larger context of a business continuity program, organizations have successfully implemented this standard and then later grew into business continuity.

Structured as a management systems-based standard, ISO 27031 has two main components: the management system and the process. The management system is intended to ensure that an organization has a documented process to execute ICT continuity management. It utilizes the plan-do-check-act (PDCA) cycle consistent with ISO and other management system based standards. The process details the necessary components to provide the recovery capability. While the management system described in ISO 27031 can be established solely for IT disaster recovery, there are elements of the process that assume the existence of an overall business continuity program. As you can see below, ICT requirements are established by business continuity requirements typically determined during a business impact analysis.

The process of developing, maintaining, and improving an ICT capability are defined as five high level components:

Understanding the ICT requirements for business continuity with the purpose of determining the ICT continuity services needed to support the business continuity requirements. The process requires understanding the components of critical services in production, their current continuity capability and the gap between current capabilities and business continuity requirements. The analysis should also focus on actions that can be taken to improve the resiliency of the production environment;
Determining ICT continuity strategies with the purpose of developing both an overall ICT continuity management strategy and strategies for each critical ICT service that closes gaps identified during the previous phase;
Developing and implementing ICT strategies with the purpose of implementing the chosen strategies, including establishing the necessary organizational structure, plans and procedures;
Exercising and testing with the purpose of ensuring that the strategies and plans work as intended;
Maintenance, review and improvement with the purpose of ensuring that ICT continuity strategy remains current and appropriate.

For those familiar with BS 25999-2:2007, the business continuity management standard, the structure above is consistent with sections four through six of that standard.

Given the similarities to BS 25999, ISO 27031 is the logical choice for implementing a disaster recovery capability in organizations that either utilize BS 25999 for business continuity or have other management systems-based programs. It also provides solid guidance for organizations that have no business continuity or other structure in place to serve as a basis for disaster recovery development. Establishing a management system as part of an ISO 27031 implementation will provide the necessary governance and provide a platform for the development of a more comprehensive business continuity program.

Mirrored DR architecture

webmaster — Sun, 16 Oct 2011 15:33:49 -0600

The most common DR architecture for mission-critical, multi-tier applications consists of a mirrored site with geographically distributed clusters of front-end application servers (the presentation tier), calling functions executed on another local cluster of business logic servers (logic tier), which access a local database (data tier). Users access the application via a global load balancer or application delivery controller (ADC) that seamlessly routes client requests - whether these are Web-based or client-server application protocols like CIFS and MAPI - to the "most available" system. The load balancers must themselves be geographically distributed and redundant to ensure no single points of failure should the entire data center go offline.

Data consistency is achieved by mirroring all back-end databases at the SAN level. Here, the IT architect has two choices: synchronous or asynchronous SAN replication. The former provides virtually instantaneous recovery, with perfect consistency, but with the glaring drawback of a severe distance limitation between mirrors to minimize latency, since transactions can't be committed on the primary database until they are written to disk and acknowledged by the secondary.

National Preparedness Goal released

webmaster — Wed, 12 Oct 2011 14:30:34 -0600

The Department of Homeland Security has announced the release of the first edition of the National Preparedness Goal. This is the first deliverable required under Presidential Policy Directive (PPD) 8 : National Preparedness.

The goal sets the vision for nationwide preparedness and identifies the core capabilities and targets necessary to achieve preparedness across five mission areas laid out under PPD 8: prevention, protection, mitigation, response and recovery.

The goal also sets out future steps that will be taken to comply with PPD 8. These include:

A National Preparedness System
A series of National Frameworks and Federal Interagency Operational Plans
A National Preparedness Report
A Campaign to Build and Sustain Preparedness.

The latter will provide an integrating structure for new and existing community-based, nonprofit, and private sector preparedness programs, research and development activities, and preparedness assistance.

Read the National Preparedness Goal (PDF)

Social network integrated in disaster recovery template

webmaster — Sat, 01 Oct 2011 14:31:01 -0600

During the disaster recovery and business continuity processes this year in many companies proved the worth of having social networks integrated in their disaster recovery and business continuity plans. However, Janco has found only about 25% of businesses have added social media like Facebook or Twitter to their disaster recovery and business continuity plans.

Depending on the scope of the disaster -- a national horror such as September 11 or an 8.9 earthquake -- the use of social media can ease some of the communication burden for government and businesses. Australian government agencies extensively used social media during the country's recent regional flooding. In the United Kingdom, the Resilient Nation project recommends that government set forth initiatives to leverage citizens' ready access to social networks.

Janco's disaster recovery business continuity template take this into consideration.

The Disaster Recovery Plan (DRP) is provided in Word and PDF format. It is a complete DRP and can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption.

Budgeting for business continuity

webmaster — Fri, 16 Sep 2011 09:56:21 -0600

Budget overseers are hard pressed to come up with a business case for spending money on a capability that may never need to be used unless there are significant legal or regulatory mandates for creating one. That explains why fewer than 50 percent of organizations have continuity plans, and of those that do, less than 50 percent actually test their plans - which is tantamount to having no plan at all.

For such a strategy to work well, it must:

have known end points (a permanent and fixed recovery site),
redundant hardware and software, and
a cadre of personnel dedicated to maintaining identical configurations at the remote recovery facility as are present at the production site.

This helps explain why "geo-clustering" has not become the dominant paradigm of disaster recovery methodology after nearly forty years of trying. This does not, however, diminish the need to reduce the time-to data of recovery strategies - especially for "always-on" applications. Certain application functions need to be available non-stop or in very short order following an interruption event.

Backup Window Must be Planned For

BackupWindow@e-janco.com — Mon, 12 Sep 2011 10:15:31 -0600

Rather than add more bandwidth, or invest in expensive, dedicated storage networks, WAN optimization can improve IP network performance sufficient to turn recovery into continuity. To help meet the objectives outlined above, a WAN optimization solution must be able to do three separate tasks for true business continuity: restrict bandwidth to backup applications during the allowed window and allocate it to critical applications in the event of a disaster, overcome latency and bandwidth limitations on the wire, and provide acceleration to roaming or displaced users redirected to alternative data sources.

Regardless of whether the data is being replicated from a massive cabinet, over IP-based storage or off a users hard drive for compliance purposes, during the backup window maximum bandwidth should be available to ensure completion. This requires granular bandwidth management that can isolate applications on the network and provide a predictable, policy-based service level. Further, the solution should be able to distinguish between a user initiated file copy and one started by the backup daemon, and apply different bandwidth allocations to each.

Also, the solution must remove latency and protocol inefficiencies that constrain current WAN backups. Caching and compression technology combined with inline protocol optimization of commonly used file transfer protocols form a technology suite that improves the performance characteristics of a WAN, adding bandwidth and reducing the time needed to complete backups and restores. Moreover, it should be able to do this for individual devices and accommodate displaced and roaming users without the need for bulky appliances.

Testing key to business continuity plan success

webmaster — Thu, 08 Sep 2011 05:30:57 -0600

Without access to critical data in the first 24 hours after a crisis, forty percent of all businesses will fail. Such dire risk can be avoided by performing regular evaluations of your IT recovery process. Testing reveals not only whether the process can technically recover your servers, applications and data, but also the risk of any excess complexity.

A well-developed IT disaster recovery plan will identify all key processes and expose any weaknesses, and the ideal way to uncover these is through testing. Just as the best travel guides flow from real experiences at the destination, so the best disaster recovery plans flow real experiences from actual testing.

New technology makes regular, even daily testing feasible. This automation provides a foundation for ongoing RTO and RPO reporting at a management level, allowing you to better estimate and mitigate risks for the business.

To ensure you reach your objectives, perform a true recovery test on a critical server and capture these crucial observations:

How long did recovery take?
What data proved challenging to recover?
Were all applications and related software returned to the exact state expected?
Was the recovery process feasible for IT staff operating under stress with reduced tools?
How would parallel recoveries amplify the challenges?

Learning from these questions on a single test will yield greater insight into your IT disaster recovery posture. Though obviously a sensible practice, human nature often postpones such disciplined testing, since historically it has been cumbersome, time-consuming, or simply impossible without unacceptable disruption.

Banks are not immune to security outages

webmaster — Wed, 17 Aug 2011 17:24:16 -0600

Firefox users may have had trouble accessing JPMorgan Chase's website chase.com when the bank experienced problems with an outdated security certificate.

According to a Chase spokesman, the Firefox certificate was updated on the bank's servers in about 45 minutes, resolving the issue.

A year ago, Chase experienced a more severe outage that shut out millions of customers from its online banking site for three days.

That earlier outage stemmed from a failure related to Chase's user authentication database.

Web Security Threats

This outage involved a lapsed security certificate. Website servers present certificates to a customer's browsers to verify identities. This certificate, which has information such as the address of the site, is verified by a third party that is trusted by a user's computer.

A certificate that is outdated or lapsed would appear as having been revoked by the issuing server.

While short-lived, today's outage was still a major issue, according to a market research firm.

"No bank wants its customers to be presented with the message, "you may be communicating with an attacker," an analyst wrote in a blog.

He said if the issue hadn't been resolved quickly, Chase could have ended up paying out reimbursements to customers unable to pay bills on time.

What is the Recovery Time Objective (RTO)

webmaster — Sun, 14 Aug 2011 09:07:24 -0600

CIOs, CSO's, Disaster Recovery and Business Continuity Managers constantly will work to improve their rescue point objective (RPO) plus recovery time objectives (RTO) as a result of performing fast, non-disruptive backups, and even by performing data recovery. All comprehensive data protection solutions involve many issues and contingencies.

Here are a few of the things that can break with your data and therefore the backup requirements that ought to be addressed:

Accidental or malicious deletion of critical data - Requirement that provides to be able to quickly and easily bring back individual files and version.
Data that is wasted or corrupted over time - Requirement to jiggle back individual records to renovate database corruptions. The ability to get better data from any previous point in time, and have it as granular as you can.
A crashed disk - Requirement to recover a disk volume is special than recovering a individual file, but it should be done just as fast, and with automation to keep operational disruptions to a minimum.
A server failure - Requirement recover operations when replacing a broken server may well be complicated by the desire to install different drivers over the new system if the hardware seriously isn't an exact match. It helps to give the capability to move the required forms workload to a standby server (with unique hardware) or virtual server while the system is being swapped out or repaired.
A local or regional disaster - Requirement once you lose an entire work to fire, flood, and / or other disaster, have a pre-existing copy of your you important information in another location that is definitely outside the disaster sector.
Remote offices and part offices - Requirement to experience a process in place to revive with minimal technical sustain as remote and branch offices often will not have the luxury of acquiring an on-site technical resource that can assist in backups and restores.
Resource-intensive backup processes - Requirement frequent or continuous backup that is not resource-intensive.
Security breaches - Obligation to secure data. When ever moving data between websites, it needs to always be protected from potential security measure breaches. A breach of data security, whether actual damage is over or not, can be devastating to all your company's reputation, as dozens of substantial enterprises and government agencies have found a lot.

10 commnadments of disaster recovery and business continuity planning

webmaster — Mon, 08 Aug 2011 05:01:34 -0600

As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that can meet those needs.

Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
Keep Updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
Be aware of current events: Understand what is happening around the enterprise - know if there is a chance for a weather, sporting or political event that can impact the enterprise's operations.
Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
Centralize information - Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal, helps avoid the need to hunt for documentation, which can compound a crisis.
Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testingsilo testing alone does not accurately reflect multiple applications going down simultaneously.
Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Backup and retention policy

webmaster — Fri, 29 Jul 2011 10:35:30 -0600

Typically disaster recovery is designed to match traditional IT boundaries - physical servers, storage arrays, network devices, applications, etc.- and primarily based on over-provisioning of resources. Most servers and data stores are backed up locally to tape, if possible, requiring local IT staff to manage backup software, schedules, tape libraries, and offsite archiving. When failure occurs, multiple, complex processes must be coordinated to separately recover and reconfigure servers and data sets, often in multiple locations. As a result, recovery times are often too long and unpredictable.

Distributed, tape-based backup also suffers from geographic limitations: it can be prohibitively expensive to ship tapes long distances, and the farther they must be shipped, the longer it will take to recover in the event of disaster. This has led many firms to situate recovery sites too close to primary sites, significantly increasing the risk of catastrophic failure due to a major event (power grid failure, hurricane, etc.) affecting a large geographic area.

Calcuating the cost of downtime

webmaster — Mon, 04 Jul 2011 07:12:03 -0600

A company experiences downtime for a variety of reasons and varying lengths of time. But the reality is that if your business does not even know the price of a single hour of downtime, you will most likely not commit resources to an adequate backup plan. While it is difficult to conceive of the total cost of an extended disaster or to quantify the intangible costs such as customer and employee satisfaction, it is a relatively simple process to determine the monetary losses one hour of downtime will incur. Once that number is determined it will be easy to calculate longer-term effects.

One analyst firm estimated that yearly downtime costs average 3.6% of annual revenue. For a business making $20 million that would translate into losses of $720,000 - money that would be much better spent growing the company. Of course, that cost is an average, with more lengthy and harmful outrages potentially causing exponentially higher losses.

Not all downtime is created equal: A brief outage in the middle of the night when a company is closed may incur little cost and no impact, while a prolonged total failure during the height of holiday sales can be devastating in both regards. The impact of downtime is felt in a variety of ways, and may be immediate or have long term repercussions.

Over the past several years, it has been estimated the hourly costs of downtime for computer networks at an average of $42,000. A typical company experiencing an average of 87 hours of downtime per year, that is $3.6 million annually. And for companies that rely entirely on technology, such as online brokerages, trading platforms, and e-commerce sites, hourly downtime risks can be $1 million or more, making availability an even greater concern.

Virtualization adds to complexity of disaster and business continuity planning

webmaster — Mon, 04 Jul 2011 06:49:33 -0600

Cloud computing -- virtualization offers compelling business advantages. It can reduce your capital expenditures, gives greater benefits from resources that are already invested in, and provides more flexibility in applying those resources to the business services that are most critical to the enterprise. However, because virtualization introduces management complexity into an already complex environment, it can also drive up operational expenditures and the complexity of disaster and business continuity planning.

The key to getting the benefits and avoiding the risks is obtaining detailed visibility into all the elements and interdependencies of the cloud - virtual infrastructure. Traditional, manual techniques of mapping IT environments won't work - they are error-prone and cumbersome, and the results are incomplete and quickly out of date.

Recovery time is focus of 57% of Business Continuity Managers

webmaster — Sat, 18 Jun 2011 08:06:28 -0600

In a recent survey it was found that 57 percent of IT organizations see reducing recovery time in the event of IT failure and cutting the cost of backup as the two biggest 'pain-points' for backup and disaster recovery. The next most significant difficulties were the ability to roll back to any point in time when recovering workloads and recovery testing.

Virtualization is already in place with the majority of those surveyed, with 86 percent of those questioned having a virtual infrastructure in place within their organizations.

Other findings are:

Tape backup is the most popular technology involved for recovery of virtual machines, with 60 percent of organizations relying on tape to protect their virtualization implementations. 53 percent of organizations are using disk-to-disk backup products, while proprietary virtualization products are used by 23 percent;
17 percent of organizations are only using tape backup for the backup / recovery of their virtual machines;
The number of respondents that were able to judge their recovery point objectives (RPO) when it came to virtualized environments was much lower than those able to define their recovery time objectives (RTO) - only 45 percent of those surveyed were able to state their satisfaction level around their RPOs.

Cloud as a primary recovery source not there yet

webmaster — Sun, 29 May 2011 16:25:49 -0600

According to a survey market research firm TheInfoPro, a mere 10 percent of large corporations are considering the public cloud as a place to store even their data -- even the lowest-tier info -- for archive purposes. I wasn't surprised to hear of these results.

Don't believe the survey? Look at recent news reports. Last year EMC announced it was shutting down its Atmos Online storage service because it was competing with its own resellers. Cloud storage provider Vaultscape also closed. Additionally, Iron Mountain said it had stopped accepting new customers for its Virtual File Store service and was doing a two-year glide to a complete shutdown. Finally, startup Cirtas Systems announced it was leaving the market to "regroup."

The on-demand storage market will eventually evolve, and acceptance will take years, as we've seen with other emerging technologies in the past. In the meantime, we could look at cloud storage services to be the first real cloud failure. However, we learn from what did not work and plug on. Eventually, the market will be there.

Consolidation and Disaster Planning

webmaster — Sat, 14 May 2011 07:26:58 -0600

Most organizations today are faced with conflicting goals and challenges. They have geographically distributed workforces, with headquarters, datacenters, branch offices, and mobile workers scattered widely. Everyone needs to access email, file shares, and mission critical applications, and the speed of access directly ties to employee productivity. So computing resources have been widely deployed in many locations to give the local workers the best possible service delivery. However, this approach is now seen as wasteful and expensive with extra hardware and software to buy and maintain for many locations, and often few local IT staff to support the systems. As budgets get tighter, organizations are looking for solutions to handle this burden. IT consolidation is the number one approach today, taking infrastructure out of remote offices and into the main data center as a way to cut costs and boost IT staff productivity. The trick is how to consolidate without hurting the performance for the end users.

While consolidation can certainly bring a number of benefits to organizations, it will take more than just a Friday afternoon to ensure that your consolidation, disaster recovery, and business continuity projects are truly successful. As far too many IT managers will tell you, a poorly planned project will have your executives screaming, users threatening mutiny, and IT in the hot seat to quickly undo all the effort that went into the project in the first place.

Lay out a change and risk management strategy
Develop a plan for resiliency
Test (and improve) branch office performance & local consolidation
Architect a forward-looking infrastructure & support plan
Plan a phased roll-out

Disaster Recovery Business Continuity for Remote Offices

webmaster — Thu, 28 Apr 2011 15:15:24 -0600

Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.

In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.

Are you Prepared for a Disaster?

webmaster — Fri, 15 Apr 2011 09:08:59 -0600

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

Public and private cloud DR and BP solutions

webmaster — Fri, 08 Apr 2011 08:57:20 -0600

IBM has jumped head first into the public cloud space with a secure cloud offering.

When considering data protection solutions for a multi-platform, multi-site environment, CIOs often focus on ensuring the efficiency and continuity of business operations. Where and how secondary data is stored and managed is important to CIOs only to the extent it is: reliable and secure; quickly, easily recoverable when and where needed; meeting policy and disaster recovery requirements; and cost effective to maintain.

When these conditions are met, a cloud-based dsolution provides, among many other benefits, the ideal vault to achieve secure redundancy of critical systems (disaster recovery best practices demand offsite data replication to safeguard against catastrophe).

The public solution, disaster recovery and business continuity plans can be created which select key characteristics of a public, private and hybrid cloud to match workload requirements from simple Web infrastructure to complex business processes.

Disaster Plan & Business Continuity Infrastructure

webmaster — Wed, 06 Apr 2011 09:43:02 -0600

The key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the primary data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites - such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every-thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.

Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.

Disaster Recovery Planning International Standard Set by Janco

webmaster — Wed, 09 Mar 2011 05:06:40 -0600

Disaster Recovery Business Continuity Template Now Accepted as the International Standard

Update to the Disaster Recovery Business Continuity Template has just been released by Janco Associates..

Park City, UT - The Disaster Recovery Business Continuity Planning template has been sold to enterprise in over 90 countries around the globe. With the release the latest verison of the template it is in complete compliance with Sarbanes-Oxley, HIPAA, ITIL (Ver 3), ISO 17799, and PCI DSS.

M V Janulaitis the CEO of Janco said, "Our DRP /BCP Template has been accepted by enterprise around the globe as the standard for disaster recovery plan and business continuity plan creation." In response to that need Janco has updated its "Disaster Recovery / Business Continuity Template" by increasing the content of the template as well as updating the entire document to be compliant with Sarbanes-Oxley, HIPAA, ITIL (Ver. 3), ISO 17799, and PCI DSS.

The Disaster Recovery Business Continuity Plan has been purchased for use in over 65 countries around the globe including:

Angola
Australia
Austria
Bahamas
Barbados
Belgium
Belize
Bermuda
Brazil
Bulgaria
Canada
Cayman Islands
Columbia
Croatia
Czech Republic
Denmark
Egypt

Finland
France
Germany
Greece
Honduras
Hungary
Iceland
India
Indonesia
Israel
Italy
Jamaica
Japan
Jordan
Kenya
Lebanon
Lithuania

Macao
Malta
Mexico
Mozambique
Namibia
Netherlands
New Zealand
Nigeria
Norway
Panama
Philippines
Poland
Portugal
Puerto Rico
Qatar
Republic of Ireland
Romania

Russia
Saudi Arabia
Singapore
South Africa
South Korea
Spain
Sri Lanka
Swaziland
Switzerland
Taiwan
Thailand
Trinidad & Tobago
Uganda
United Kingdom
United States
Venezuela
Zambia

The Disaster Recovery Business Continuity Plan has been purchased for use in government, public, and private enterprises in almost all industries including:

Federal Government
State Governments
Local Governments
Law Firms
Think Tanks
Chemical
Telecommunication
Real Estate
Manufacturing

Universities
School Districts
Consulting Firms
Banks
Financial Service
Investment Banks
Credit Unions
Outsourcers
Property Mgt

Heavy Industry
Light Industry
Distribution
Retail
Hospitality
Energy
Insurance
Medical
ISPs

Application Development
Construction
Graphics
Entertainment
Paper Products
Defense
Aerospace
Media

Outsouring Can Help in Disaster Recovery Planning

webmaster — Tue, 01 Mar 2011 13:58:04 -0600

Between hackers, natural disasters, or even a pipe breaking in the office above yours, every business needs a contingency plan. It could mean the difference between riding out a problem and going out of business. For this reason, most businesses are concerned about the safety of their backups.

Data loss is a significant concern for any business - and in healthcare and other industries can have huge financial consequences. Solutions typically require that you spend more money on a third party backup solution. Outsourcing is one solution that should not be overlooked. Solutions typically require that you spend more money on a third party backup solution. Outsourcing is one solution that should not be overlooked.

Disaster classification

webmaster — Sat, 26 Feb 2011 14:23:37 -0600

A true disaster is an event or circumstance that can drive the firm out of business. Five broad categories fit this description:

Natural disaster (hurricane, tornado, flood, fire)
Technology disaster: building failure (roof collapse, water pipes burst) or computer failure (data or hardware lost or in jeopardy)
Health disaster (epidemics, environmental catastrophe)
Crime disaster: violent crime (workplace assault, hostage situation, bomb detonation, robbery) and cybercrime (hacking, identity theft/phishing, employee sabotage)
Personal disaster (sudden death or disability, succession crisis due to retirement or illness)

Communication

Whatever the disastrous event, your normal communications infrastructure is disrupted just at the time when you need it most. This is especially true in natural or technology disasters. Even a simple power outage can take down email, phones, and pagers. You cannot print memos to distribute. The lights are out, and at least some people are anxious or even frightened--they need to hear and understand what is happening.

The goal of disaster planning is making a recovery that ensures the survival of the firm. Central to disaster recovery is communication with firm members, clients, vendors, courts, and others who make your practice work. Disaster recovery begins when communication is re-established, and that means a good communication plan must be in place before disaster occurs. Such a plan requires both careful preparation and effective execution.

Cloud used in Disaster Recovery Planning

webmaster — Sat, 29 Jan 2011 16:49:58 -0600

Vendors can provide tools that leverage cloud computer and storage platforms to create a complete backup and rapid-restoration platform for systems capable of virtualization. Some allow for protection of entire servers from your location, over a VPN connection, to one or more public cloudbased data-warehousing solutions. If a server fails at the primary business location, it can be either restored to another cloud computer resource or restored back to the primary location onto repaired or replaced hardware. Often, the choice of restoration location isnt required until the restore is about to begin, which allows for a great degree of flexibility. Organizations are contracting for cloud computer resources and then parceling out those resources to business units for DR purposes, while allowing these business units to continue business as usual
on their current production data systems.

The advantages of this methodology are numerous. You will not have to provide full infrastructure architecture for DR, which can amount to a large budgetary savings over time. You also can introduce the idea of public or private cloud technology into areas that would be hesitant to put their production systems on such platforms. Since only the DR platform is housed in the cloud, many reluctant managers would be willing to allow it in this instance. In short, cloud platforms can help introduce using cloud computer and storage resources in a non-production form; this is the traditional entranceway for emerging technologies in the enterprise, and its a great fit for public and private clouds.

DRP and Security Plans key to compliance

webmaster — Wed, 22 Dec 2010 18:27:42 -0600

Preparing for a disaster requires detailed planning, preparation and testing. Knowing what IT assets need to be recovered, where to recover them and how to recover them are the essence of IT Disaster Recovery. The most difficult challenge is mapping the prioritized business requirements to the IT assets so that recovery can be staged. The recovery strategy then evolves based on the available options which support the required recovery objectives. The resulting Disaster Recovery plans contain all of the information detailing where to go, who is to do what and the information required to rebuild servers, restore applications and data as well as restart and synchronization procedures.

Disaster Planning Considerations

webmaster — Sat, 11 Dec 2010 08:47:45 -0600

Many enterprises have taken a segmented approach to Business Continuity and Availability, adding point technology and reactive services to address disaster recovery. This approach can be very complex, time-consuming and costly. The task becomes much easier when a single vendor takes responsibility for architecting, implementing, testing and supporting the solution.

There is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, ESG research indicates that 36% of enterprises indicate they will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications. Almost 15% indicate they cannot tolerate any downtime.1 In the past, this type of business demand was only consigned to a relatively small group. However, many more organizations of all sizes, in all industries and located across the globe, now require applications to be running and data to be always available. The needs of these organizations go far beyond simply recovery, requiring an environment that maintains business continuity during and immediately after a disaster. To make it more interesting, the number and types of applications that require this level of protection is very diverse.

Application of business continuity strategy key to success

webmaster — Thu, 02 Dec 2010 14:42:17 -0600

Business continuity planning will fall like a house of cards if the strategy is not seamlessly deployed across the organization; in fact, in order to ensure continued operations, a business continuity strategy must be managed centrally to maintain focus on congruency between changing systems and the protection of those systems. Let us say for instance, that human resources demands to manage its own backup strategy, say through tape backup, because of the regulatory requirements posed by the mandated requirements.

However it has no training or method to make sure that those tape backups remain effective, and therefore cracks will develop in the business continuity strategy and these may result in a breakdown in the level of protection. So, while departmental management is not a good idea, departmental input is key; because your HR division will be highly aware of changes in legislation that will directly impact the data protection and retention policies. Other departments like finance will have their own very valid concerns too.

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don't have a disaster recovery plan or haven't updated yours recently, now is the time to take this critical step to protect your business.

At the same time there are more security requirements that need to be met. With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

Continuous Data Protection can be used as a backup strategy for DRP amd BCP

webmaster — Wed, 01 Dec 2010 12:52:53 -0600

Continuous Data Protection (CDP) is an increasingly popular disk-based backup strategy. It is replication with an Undo button. Every time a block of data changes on the system being backed up, it is transferred to the CDP system. However, unlike replication, CDP stores changes in a log, so you can undo those changes at a very granular level. In fact, you can recover the system to literally any point in time at which data was stored within the CDP system.

A near-CDP system works in similar fashion except that it has discrete points in time to which it can recover. To put it another way, near-CDP combines snapshots with replication. Typically, a snapshot is taken on the system being backed up, whereupon that snapshot is replicated to another system that holds the backup.
Why take the snapshot on the source before replication? Because only at the source can you typically quiesce the application writing to the storage so that the snapshot will be a meaningful one.