DR and BCP: Strategies for the Unforeseen

The biggest challenge for any CIO is to ensure uptime of the data center, as any amount of downtime directly translates into loss of business for the organization. One way of ensuring uptime is to have a DR and BCP strategy. This story will analyze the growing trends in the DR and BCP domain and highlight the key strategies that CIOs can adopt for implementing them

Monday, October 01, 2007

A few months ago, I had gone to meet the CIO of a large enterprise with thousands of branch offices across the country. Unfortunately, it happened to be a particularly bad day for the company. I reached there in the afternoon of a hot Delhi summer, only to find the entire office in darkness.
Apparently there was no electricity in that area since 6 AM that morning, and UPSes were draining out rapidly. They were sharing the premises with other companies, and to my surprise, they also shared the same generator. The shared generator wasn't powerful enough to supply power to all the companies simultaneously, so the generator owner was busy cycling power through different offices. The entire office building was in darkness, and the IT department was busy switching off all lights and even fans. The reason - they needed power to keep their data center up and running, since it was running mission critical business applications, which were being accessed by the company's remote branches. There was complete mayhem in the building, all because they had not planned for this, and didn't feel the need of purchasing their own generator. Believe it or not, this is how disasters strike.

So next time when you're creating or re-evaluating a disaster recovery plan for your organization, don't just factor in natural calamities like rains, floods, and hurricanes; or even man made disasters like bomb blasts, terrorist attacks, etc. You also need to think of other possibilities that are more closely associated with your office, which could affect your business. For instance, if the company I described above had foreseen this situation early enough, then they would have made arrangements for their own generator and things wouldn't have been this bad. A sound disaster recovery and business continuity strategy therefore, needs to take into account such adverse circumstances and much more. First of course, is to have the realization that it's important to have a DR and BCP plan. You'll notice that we're using both DR and BCP together because the former is just one part of the latter. It's not only important to recover from a disaster, but how quickly can your organization be back in business.

State of deployment in the Data Center

Importance of a DR and BCP plan
Nobody today can deny the importance of having a sound DR and BCP strategy. There have been enough calamities to ensure this. In fact, the CIO of an insurance company based out of Mumbai once told me that July is always a particularly bad month for Mumbai. Most catastrophes in Mumbai have happened during this month over the years-bomb blasts, floods, and the CIO even recalled a fire in his own office building at one time. Interestingly, I had met him in June, and he was dreading as to what would happen in the coming month. I wasn't able to follow up later on whether anything really happened (I hope not), but it's enough to make one realize the importance of being ready with a plan to recover from a disaster. In fact, a few months ago, we did a survey on data center management, wherein we asked key CIOs across the country what they've already deployed and what they're likely to deploy in the near future. DR and BCP was the second in the list of technologies on their priority list, which shows its importance as compared to other technologies and solutions. Incidentally, virtualization was on top of the list, and this technology is also being used today for disaster recovery. We'll talk about that a little later.

Indian companies reaching out to markets abroad have a very strong reason to have well documented DR and BCP practices. Most of the customers abroad have it as a part of their criteria for selecting a business partner in India.

Identify all 'What if' situations
The first step towards a sound disaster recovery and business continuity strategy is to assess what all can possibly go wrong, and prepare an action plan for the same. This by no means is a small task, which is understandable because CIOs are already so busy handing existing problems that planning for future problems which 'might' occur is not easy to digest. But then, consider it like doing an insurance cover for self. We first think of all the possible tragedies that could happen and how they could affect our life in the future. Accordingly, we prepare ourselves by going for the right insurance plan. A disaster recovery and business continuity plan requires similar thinking for your business. Think of what all could possibly go wrong and severely hamper your business.

As most businesses today are powered by IT, you can't afford to have your mission critical applications go down beyond permissible limits. You need to identify and prepare a list of such applications and the duration for which their downtime is affordable. Business applications usually top the chart in this exercise. While this is definitely true, one must also realize that there are other fairly important applications as well. Your business could come to a stand still without them, and believe it or not, Email is one such candidate. Just bring down your mail server for a while and you'll realize its importance. Email has become the communication backbone of every organization today, and nowadays organizations are building messaging and workflow applications around email. Email is a critical element in a unified messaging setup as well.

Besides applications, you also need to factor in many other elements, such as the physical IT infrastructure, power backup, etc. Once you have a list of elements that are critical for your business, you need to prioritize the risks to those functions. For instance, is your office in a flood or earthquake prone area? In one case, we found that a company had its data center in a high rise building, and that too on the top floor. The company was really worried after the 9/11 attacks on the World Trade Center, and wanted to move its data center to another location immediately. In case of power backup, you need to see how well will your setup work during a prolonged power outage. This fits directly into the example I gave in the beginning.

Involve all stakeholders
A DR and BCP plan can't be created in isolation, because the whole organization depends on it. Therefore, the CIO needs to find out from all business unit heads what's important for them in an emergency. Depending upon that, you need to setup disaster recovery teams for each individual unit. You then need to determine what the team will do, how will it communicate, what information will it require, etc. These teams would also be responsible for generating awareness amongst their groups about disaster recovery and its importance.

Page(s)   1  2