Don't Bring Old Thinking To A New Disaster Recovery Model - InformationWeek
IoT
IoT
Cloud // Cloud Storage
Commentary
12/2/2011
06:05 PM
Michael Biddick
Michael Biddick
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Don't Bring Old Thinking To A New Disaster Recovery Model

Private and public clouds can make high-quality DR/COOP more affordable -- if you don't undermine yourself with outmoded assumptions.

InformationWeek Digital Supplement: BC/DR - December 2011 InformationWeek Green
Download the December 2011 InformationWeek BC/DR Digital Supplement , distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.

Michael Biddick

Last week, I toured a slick new facility where businesses can outsource hosting of their private clouds. Only one problem: It plans to, at least initially, use off-site tape for disaster recovery and continuity of operations (DR/COOP). Seriously? The whole point of a private cloud is redundancy, elasticity, and seamless performance, not attributes we associate with tape.

Now, this company has the right idea overall. Private clouds, whether hosted in your data center or at a provider's site, are a smart way to minimize the risk of data loss--if you can extend private cloud principles to often hidebound DR/COOP plans.

There are a few areas to address in making sure a provider can deliver when things go wrong. Start with the basics: Fully redundant data center operations mean a second, geographically segregated facility with adequate WAN capacity and processes to ensure that systems and applications fail over and restore correctly. Drill the provider on the particulars: How soon after loss will data restoration occur? Problems like system failure may be straightforward, but what about when someone accidentally deletes a presentation an hour before the CEO goes on stage? Once restoration is requested, how long will it take? How long will backups be retained? What recovery points can the provider deliver at a price you can afford?

A critical element of any disaster recovery effort is regular and realistic testing. Have your key staff members access mission-critical systems and execute their job functions to make sure everything works. Because companies grow and change, the plan needs to be a living document, reviewed and revised often. But testing is often forgotten (read: no one has the stomach to insist on it) or performed on a limited basis, with mixed results. Sometimes, IT is afraid that testing will cause a service outage. Maybe it will, but that will expose problems better found before an event that disrupts services and it's too late to make fixes. As the saying goes, if you think education is expensive, try ignorance. When staffing a private cloud initiative, carve out a role focused on DR/COOP, and include testing results in performance reviews.

Legacy apps often don't adapt to virtualized private clouds, and rarely do I see a full appreciation of the investment required to protect these clunkers. "Unique" business requirements are often given as reasons for not conforming to the standards necessary to do DR/COOP in the cloud. CIOs must wield an iron fist when it comes to legacy apps, because decentralized budgets and scattered power bases are the enemies of unified business processes. Again, this may not be part of the overall DR/COOP plan, but CIOs who require special approval for retaining legacy apps and are involved in application rationalization will be most successful.

Discouraged? Don't be. While the costs can be high, cloudifying your first-line defense against business interruptions can deliver a more resilient infrastructure, with better physical security and redundant power, telecom, and data links. And it's not as if maintaining a separate DR site, replete with miles of tape shipped to a vault and a "testing strategy" that involves checkboxes in a binder, is all that cheap, either.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll