Master Data Management

C. Kajwadkar (Asia) - IT Disaster Recovery - Building an Environment for Meeting DR Requirements


Nowadays, loss of data can cost businesses billions. Data has become a critical asset and organizations must be able to deal with natural disasters, government compliance, database corruption, component failures, and human error. Businesses generate and maintain vast amounts of data, such as details of customers, partners, inventories, products and services. What will happen if all that data is lost? For example, a bank won't be able to justify its statements or balance sheets. There will be total chaos. So it's mandatory for an organization to have a DR plan in place as soon as the organization starts business operations. The right plan will get your business back on track quickly, whether you're hit by a natural calamity or a disgruntled employee with super hacking skills. Here's how to assess the situation, develop both short-term and long-term plans, and keep them updated.

1. Decide who will head the DR initiative. The ideal person to head your IT DR planning and processes has to be someone who has familiarity across multiple disciplines, such as data storage, server virtualization, etc. However, if internal bandwidth and expertise is a constraint, then you can hire an IT consultant who has the requisite experience in DR planning and execution. A seasoned IT consultant will bring the designated staff member(s) up to speed. In case you already are outsourcing a significant part of your IT function, then you may consider outsourcing your disaster recovery planning and deployment as well.


2. Decide the critical applications, data, systems and other resources that need to be protected and recovered immediately in event of a disaster. When you make this assessment, determine the data that is not so critical enough to warrant protection under a DR umbrella.


3. Conduct an internal risk assessment of the organization: including a simple classification of threats i.e. environmental (earthquake, floods, etc.), technical (server failure, network failure, etc.) and human (hacking, virus, etc.) and vulnerabilities (such as an unpatched operating system or unprotected network). Rank them as "low/medium/high" depending on the probability and impact of each potential threat. Based on the critical nature of each potential threat, determine what type of response will be required to recover from each.


4. Based on the outcomes of your internal risk assessment and overall service-level requirements, establish recovery time objectives (RTOs) and recovery point objectives (RPOs). However, be prepared to modify your RTOs and RPOs based on what your organization is able and willing to spend. Disaster recovery strategies always involve a set of trade-offs between the value and recoverability of critical data and applications, and the resources required to plan, set up, test and execute your DR processes.


5. Set your organization's priorities and a budget - focus on the most critical resources first. Plan your spending prudently and base it on the appropriate value of the systems, data, applications and processes that you want to protect. It will be good to consider the cost of downtime and lost data should you find yourself less than fully prepared.


6. After developing your initial plan, qualify, procure and/or license the necessary technology and product components to set up your DR processes. Choose disaster recovery best practices that fit well with your IT competencies and level of infrastructure. Pace yourself - it pays in the initial stages to set aggressive but realistic milestones you can achieve each quarter. Educate and evangelize your staff on the importance of DR to ensure success of the DR initiative in your organization.


7. Accelerate your learning and broaden your perspectives on DR by engaging with other IT professionals. Attend disaster recovery conferences, participate in disaster recovery-related forums (both online and offline), obtain certification from recognised BC / DR institute and share ideas, best practices and lessons learned.


8. Be ready and commit for a long journey. If your DR initiative has to succeed, then it should be imbibed as an on-going, visible, living and breathing process in your organization. DR is a never-ending journey where there will always be room for further improvement.


9. Be ready for history to repeat itself: Take a leaf from two major disasters that recently occurred in the Asia Pacific region, and know that the next one can hurt you. In a major outage in July 2010, DBS Singapore had their IT systems offline for seven long hours. And then in September 2010, it was Virgin Blue that faced the music from a major outage. As per an IDC survey of Asia Pacific markets, only 11% of respondents were capable of restoring any of their IT systems in real-time. Are you in this minority or not?


10 Downtime costs are significant, so be prepared with a DR plan: As per security in Asia, "The average cost of executing/implementing disaster recovery plans for each downtime incident in Asia Pacific is US$150,000, with a median of $250,000." While this is still lower than the worldwide average of $287,600, it is still way too significant for you to not create a DR plan.

By C. Kajwadkar, Chief Architect & Vice President, Availability Services, NetmagicSolutions Pvt. Ltd.



« Nic Merriman (UK) - Tech Savvy Employees Demand Cloud Freedom


Jim Irving (Europe) - A Mobile Solution to Lone Working »


Do you think your smartphone is making you a workaholic?