Classic Mistakes

Steve Ulfelder   Today’s Top Stories    or  Other Disaster Recovery Stories  

Zero Data Loss- Disaster Recovery Live Webinar Data Protection and Disaster Recovery with iSCSI and VMware Disaster Recovery Simplified - iSCSI and VMware Site Recovery Manager Deliver Results Extended Validation SSL Certificates IDC Report: Major Considerations for Deploying a Thinly Provisioned Storage Solution Case Study: Simplified DR Planning and Implementation Computerworld Report: Virtual Reality Computerworld Report : Smart Storage Computerworld Report: Storage Gets Strategic Sign up to receive Security Resource Alerts

April 19, 2004 (Computerworld) -- Disaster recovery is an unpleasant task. And that makes it a low-priority project in almost all companies, says Scott Lundstrom, an analyst at AMR Research Inc.

"There are no users screaming over business continuity," he says. "So given the firefighting nature of most IT organizations, [disaster recovery] never gets the resources it deserves."

Because disaster recovery takes a back seat to other IT projects, mistakes are bound to happen. We asked IT managers and other experts what's most likely to be forgotten or overlooked in disaster recovery planning. Here are the five classics.

MISTAKE 1: Failing to do your homework.
IT groups often neglect to ask users and line-of-business executives which applications they need most. This leads to faulty assumptions about disaster recovery priorities. In particular, IT tends to assume that heavy-duty enterprise applications should be restored first.

In reality, the most needed applications may be much more basic - e-mail and scheduling tools such as Microsoft Outlook, for example. How do you find out? Ask the users. "The business itself needs a plan in case operations are disrupted," says Elbert Lane, a lead software developer at San Francisco-based retailer Gap Inc. and a 20-year veteran of disaster planning at several companies. "They'll need procedures for doing paperwork, etc., so the question is, How would they recover? That's not just an IT issue, but a business [issue]."

The lesson: IT constantly hears the term mission-critical used in reference to CRM and ERP software. But to find out which applications the users really want restored first, simply ask them.

MISTAKE 2: Thinking it's purely an IT issue.
In a crisis, the performance of the IT staff may be the least of a company's worries. "A common assumption is that disaster recovery and business continuity are synonymous," says Don O'Connor, CIO at Southern California Water Co., a utility based in San Dimas. "They're not."

Even underprepared IT organizations have done some thinking about what to do when disaster strikes. But can the same be said of other groups? "In my experience, IT can respond relatively quickly," O'Connor says. "The part that's missing is the users."

The lesson: Company officers need to understand that rebooting systems and recovering data is just one part of the problem. Disaster recovery plans need to include line-of-business managers and end users who, in a crisis, will run the business in the midst of adversity. "Too often, continuity is something we task IT with," Lundstrom says. "It's really a business issue."

MISTAKE 3: Fighting the last war.
If, as the saying goes, generals are always preparing to fight the last war, too many enterprises spend their disaster recovery budgets and energy preparing for the most recent catastrophic event. While understandable, this is self-defeating; disasters are, by their nature, well-nigh impossible to predict.

Recent history offers a compelling example. The Sept. 11, 2001, terrorist attacks on the World Trade Center devastated many New York-based financial services firms. Many wished they'd had nearby backup facilities, and they proceeded to build such facilities at great expense across the river in Jersey City, N.J. But Manhattan's next major business-continuity crisis -- the August 2003 blackout -- took out electricity in Jersey City as well.

The lesson: While it's sensible to consider certain broad crisis categories (terrorist or hacker attacks, earthquakes, fires and so on), don't think you can anticipate future events. Plan not for specific crises, but rather for their effects. The Gap had servers located in the World Trade Center on Sept. 11, Lane says, but "we had set them up to fail-over to backups located in the South."

MISTAKE 4: Overlooking the people.
This is another lesson from Sept. 11: Top-notch backup equipment helps only if somebody is able to use it. "Some businesses had recovery data centers in Lower Manhattan," says Carl Claunch, an analyst at Gartner Inc. However, he says, immediately following the collapse of the World Trade Center towers, "police wouldn't let people in. The equipment was fine, but it just sat there unused." This can happen if a building is quarantined, an elevator stuck or a major road closed.

The other part of this gotcha is the expertise of those who finally do access backup equipment. Too many companies -- especially those that fudge their recovery exercises -- count on IT heroics to pull them out of a crisis. However, as the Gap's Lane says, "you never know if key personnel will be back."

The lesson: This is where strong documentation comes in. "We fashion our document so anyone in the business should be able to restart an application," Lane says. "You should be able to have somebody from the mail room start everything up."

MISTAKE 5: Conducting phony-baloney practice drills.
"Sure, companies do testing. But because full tests are so resource-intensive, they're scheduled in advance," Claunch says. The result: IT workers, driven by the natural desire to ace a test, cheat. "They prepare. They collect tools, review procedures," he says. "Then, when a real disaster hits, blooey."

This is a sticky problem for IT organizations stretched thin even before disaster planning is factored into their workloads. Lane says practices at the Gap are planned in advance. "We are a retailer; we need to support our stores" around the clock, he says.

The lesson: There is no easy answer here. Everybody concedes that surprise disaster tests are more effective, but performing one in a round-the-clock, e-business environment is a massive undertaking. Claunch suggests surprise tests of one IT subgroup at a time, leaving the rest of the staff to run operations. And some businesses use auditors to make sure IT workers don't lean on prepared information.

Ulfelder is a Computerworld contributing writer in Southboro, Mass. Contact him at sulfelder@charter.net.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Sidebar: Sweat the Small Stuff Classic Mistakes

"A video is making the rounds showing how Vista SP1 has significantly improved Vista's immensely annoying User Account Control (UAC)...." Read more... "So are you getting excited about a nice, long weekend for Memorial Day? Well, before you start cooking hot dogs..." Read more... Read more Security posts or See all Blogs

Mozilla launches Firefox 3.0 RC1 early Microsoft: Don't misunderstand UAC, other Vista features HP confirms XP SP3 endless reboot snafu, promises patch More top stories...

Microsoft pulls Windows Home Server backup feature Yahoo tells Icahn that its own board knows best Tools circulate that crack Debian, Ubuntu keys

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Developing FIPS 140-validated Solutions for the Federal Government Using RSA BSAFE Software Get this white paper! (Source: RSA) The U.S. House of Representatives' Committee on Government Reform recently released the 2005 edition of its Federal Information Security Management Act (FISMA) report card. Unfortunately, the news was not good. The 25 major government agencies reported 15% of the IT systems remained uncertified/unaccredited while 6 agencies lacked effective corrective action plans, illustrating little improvement in the level of information security for government agencies compared to previous reports. Government agencies at all levels are entrusted with sensitive information about citizens, military personnel and others. As is the case with private industry, breaches of that information can create a public relations debacle and end up costing dearly-not just monetarily, but in public trust. Defense, security and diplomatic agencies are entrusted with even more sensitive information, which, in the wrong hands, could threaten national and international security. Download this white paper  Computerworld Report: Virtual Reality Download this Computerworld Report, free for a limited time, compliments of HP. (Source: Computerworld) The data center is real, but storage is turning virtual at many organizations that need to manage exploding storage needs. Learn how virtualizing your enterprise will save you money in this Computerworld Report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Securing Financial Services Beyond the Perimeter Intercept Spam & Viruses With MessageLabs Meeting PCI Compliance with SonicWALL Global Management System View more whitepapers

• Sidebar: Sweat the Small Stuff
• Classic Mistakes

• Mozilla launches Firefox 3.0 RC1 early
• Microsoft: Don't misunderstand UAC, other Vista features
• HP confirms XP SP3 endless reboot snafu, promises patch
• More top stories 

Security Management Zone Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones



Try Fluke Networks' EtherScope Analyzer on your network FREE Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN. The EtherScope Analyzer combines the essential tools you need to monitor network traffic and switch interfaces, discover devices, networks, VLANs, access points, mobile clients and more. See the power of this portable network analyzer on your network. Request free trial now *Terms and conditions: Evaluation units are available only for a limited time and will be scheduled on a first-come first-served basis. Not available in all geographies. Limited quantities available; customers requesting evaluation units may be waitlisted for the next available unit. It will be at the discretion of Fluke Networks to accept or decline requests for this free evaluation.