To mitigate a wide range of business risks, including those involving data centers, many organizations establish business-continuity (BC) or disaster-recovery (DR) plans. Fewer, however, write plans that focus on specific threats, keep those plans current or even test them. To ensure success, companies need to do better. Working with the right advanced data center is one way to fill those gaps.
By Peter B. Ritz
Do You Have Plans? Are They Specific?
Although many organizations have BC or DR plans, some do not, or they have plans that are too generic. In a broad survey of data center decision makers, business-analyst firm 451 Research found that 82 percent of respondents have a disaster-recovery (DR) plan of some kind. That would leave nearly one-fifth of businesses with no DR architecture in place. With risk affecting everyone and DR solutions now widely available, companies have few excuses for not making a plan.
Another survey, conducted by Forrester Research and the Disaster Recovery Journal (DRJ), indicates a higher level of preparation. It found that 93 percent of organizations have created documented business-continuity plans (BCPs). Yet this survey revealed another shortcoming: only half of its respondents had developed BCPs that address discrete threats.
A failure to be specific, however, reduces the usefulness of a plan. “Different scenarios require customized responses,” writes Forrester Research Director Stephanie Balaouras, noting that a pandemic differs from an IT failure, which differs from extreme weather.
Are You Actively Updating Them?
Among those who have plans, the picture also appears divided between the actively engaged and those who prefer to “set it and forget it.”
Some organizations are clearly engaged. According to 451 Research, in 1Q15, two of every five respondents were evaluating a new DR architecture. And although new data center builds are relatively flat, among those planning to build in the next two years, creating a DR site was one of the three most common reasons. But these efforts are only part of the picture.
There seems to be a natural tendency to write a plan and then leave it on the shelf. Only 14 percent of respondents in the Forrester/DRJ survey said they were updating their business-continuity plans (BCPs) continuously, which is Forrester’s recommendation. That is half the rate seen in 2008. Most now refresh their plans only once a year, or less frequently.
How Often Do You Test Them?
Having plans and updating them are important, but you also need to test them. Here too, many businesses are leaving themselves exposed.
Not surprisingly, the more extensive the test, the less frequently it is conducted. Although 67 percent of respondents to the Forrester/DRJ survey do an annual walk-through, which simply reviews the layout and content of a plan, only 32 percent conduct a full simulation annually. Experts recommend at least one full exercise per year, with twice being ideal.
Another area of exposure involves business partners. Participation in testing by third parties increased from 47 percent in 2008 to 59 percent in 2014, but Balaouras said that with increased reliance on partners, especially in cloud services, that level of participation should “be much closer to 100 percent.”
Working With an Advanced Data Center
When engaging a data center for DR/BC solutions, first ensure that the upfront analysis is correct. Which applications need to be up and running for the business to operate? What do their service levels need to be? That helps one to determine recovery-time objectives (RTOs). A related metric is recovery-point objectives (RPOs), which refer to the point at which a backup service replicates a production database.
Organizations turn to data centers for two types of solutions. In one case, companies with minimal-to-zero tolerance for downtime often need a second physical instance of a service and application. With a duplicate system running on colocated assets, failover then becomes instantaneous.
Other companies with longer RTOs may opt for virtual servers running DR instances for certain applications in a disaster-recovery-as-a-service (DRaaS) model. In both cases, and whether using Intel-based x86 or IBM AS400 iSeries servers, DR/BC plans should entail specific scenarios, with solutions addressing particular technologies.
Testing and Resilience
Recovering from disasters and maintaining business continuity have become core business functions—functions that are still neglected in a fraction of organizations but now are commonly sponsored at the executive level in most.
Among those engaged in BC and DR, however, many neglect to update and test their plans. Business partners may bear some blame. Any third-party data center aiming to play a responsible role in a DR/BC solution, for instance, should mandate testing—even multiple tests per year—and contribute to updates as threats and solutions evolve.
Data centers, of course, need to be highly resilient themselves. Doing so entails multiple redundant power sources, diverse connectivity routes, and security that is built into both site location and every layer of its design.