Business continuity strategies: Time for a reality check

Zero Data Loss- Disaster Recovery Live Webinar Data Protection and Disaster Recovery with iSCSI and VMware Disaster Recovery Simplified - iSCSI and VMware Site Recovery Manager Deliver Results Extended Validation SSL Certificates IDC Report: Major Considerations for Deploying a Thinly Provisioned Storage Solution Case Study: Simplified DR Planning and Implementation Computerworld Report: Virtual Reality Computerworld Report : Smart Storage Computerworld Report: Storage Gets Strategic Sign up to receive Security Resource Alerts

October 12, 2005 (Computerworld) -- Business continuity strategies are about responding to and recovering from natural disasters such as Hurricane Katrina and terrorist strikes such as the Sept. 11 attacks, right? After all, it's these large-scale disasters that shut down data centers, making it impossible for an enterprise to operate until critical IT and other systems are restored.
If this philosophy underpins your business continuity and disaster preparedness plans, then it's time for a reality check. Here's the reality: Industry analysts have said that up to 80% of all unplanned downtime is the result of software problems or human error. For example, human errors have contributed to power outages, which can disrupt businesses. However, companies can increase their ability to ensure business continuity with the right business processes and systems management and automation software.
Here's another reality: Industry experts have estimated that up to 70% of the time it takes to recover is think time; that is, the time required to figure out what's wrong and what steps to take -- and the order in which to take them -- to recover in the fastest time possible.
The magnitude of hurricanes, tornadoes, earthquakes, terrorist attacks and the like make planning for them an essential part of any effective business continuity strategy. Today, however, business continuity is about much more than preparing for and recovering from major disasters. It's also about addressing everyday issues that can add up to a major disaster rather than business success. Here are a few examples:

• A retailer's point-of-sale application goes down, and customers leave the stores without completing their purchases.


• The performance of an e-commerce Web site degrades, and frustrated customers click over to a competitor's site.


• A bank customer on his way to a car dealership can't get into his bank's loan system and goes to another bank's Web site to finance his new automobile.


• Human error causes corrupted data to be replicated throughout the storage environment, and key applications continue chugging away using bad data.

These small disasters translate into a few lost customers here, a few lost sales there and, ultimately, into lower revenues, lower profits and lower shareholder value.
New rules, new risks
Twenty-five years ago, business continuity was about backing up mainframe data, storing backups off-site and ensuring that the appropriate hardware and software would be available at a remote location in case a disaster knocked out the data center. Computer systems could be taken off-line at night for batch processing, backups and other maintenance tasks because most of the computer users were home asleep.
Globalization, the Internet, distributed computing and government mandates have changed the rules of the game. People expect to withdraw cash from automated teller machines, transfer funds, purchase online, enter stock trades, track delivery status and perform many other activities at any time and from anywhere. Legislation and regulations such as Basel II, the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act have made guaranteeing data integrity a legal requirement.
From a business perspective, these new rules mean critical systems have to be available around the clock, even if batch jobs, backups or maintenance tasks are running. They also mean that access to mainframe applications and data is no longer limited to a few skilled computer users. Access is open to thousands of employees, customers and partners, making it essential to keep systems running, maintain performance at acceptable levels and ensure that data integrity is above reproach.
Aggravating the problem is the increasing complexity of the IT infrastructure -- with mainframes, servers, desktops, laptops, handhelds, operating systems, network components and more -- not to mention the hundreds of software systems that have become critical to business operations. All this complexity increases the risk that someone will make a mistake and disrupt a critical business service or corrupt vital data.
Winning the game
Enterprises that want to position themselves to survive disasters of all types and sizes need to adapt their business continuity philosophies and strategies based on today's rules and risks. Here are five steps companies can take to move in the right direction.

1. Assess. This step involves an audit of processes related to recovering from human error, errant software, minor crises and major disasters. It includes determining all potential threats as well as business-critical applications and data. It also includes establishing acceptable recovery times.


2. Define and document. This step leverages the knowledge gained in the assessment to define and document procedures for a smooth recovery. The IT staff maps out dependencies and determines the order in which steps need to occur for a successful recovery of key applications and data. This effort pays off by providing a step-by-step guide on how to recover, thereby reducing think time. It also provides a road map for automating recovery processes.


3. Test and refine. Once procedures are established, IT needs to test them to ensure that they work and refine them based on any weaknesses that testing uncovers.


4. Re-evaluate as required. The business environment and IT infrastructure are dynamic. The addition of new systems, changing governmental requirements and so forth can dramatically affect business continuity plans. Consequently, plans should be revisited any time a major change occurs.


5. Automate. Automating mundane, repetitive tasks such as reorganizing databases and restarting bad transactions goes a long way toward eliminating human error and recovering from human- or software-induced problems. Moreover, it eliminates the think time, so when a problem arises, response is faster and more reliable than would be possible using manual processes. Innovative tools today automate much more than backup and recovery. They include capabilities such as recovery simulation, recovery estimation, tracking and reporting, and redo/undo, all of which enhance the quality of business continuity efforts.

Conclusion
In today's enterprise, business continuity goes well beyond traditional preparedness for and recovery from major disasters. It's about driving business objectives such as keeping production lines running, putting the right products on store shelves at the right time, tracking deliveries, completing financial transactions and generally running the business at a steady state and at a level of performance that meets customer expectations. Businesses are responding to the new role of business continuity by reshaping their strategies to accommodate not only cataclysmic events but also small disasters caused by human error or errant software.
Bronna Shapiro is director of solutions marketing for infrastructure and application management and mainframe solutions at BMC Software Inc. in Houston. Her previous industry experience is in product management of key mainframe products and as an instructor for courses on IMS and DB2 conducted worldwide.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"A video is making the rounds showing how Vista SP1 has significantly improved Vista's immensely annoying User Account Control (UAC)...." Read more... "So are you getting excited about a nice, long weekend for Memorial Day? Well, before you start cooking hot dogs..." Read more... Read more Security posts or See all Blogs

Mozilla launches Firefox 3.0 RC1 early Microsoft: Don't misunderstand UAC, other Vista features HP confirms XP SP3 endless reboot snafu, promises patch More top stories...

Microsoft pulls Windows Home Server backup feature Yahoo tells Icahn that its own board knows best Tools circulate that crack Debian, Ubuntu keys

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Web Security SaaS: The Next Generation of Web Security Download this whitepaper, free for a limited time, compliments of Webroot Software. (Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments. Download this white paper  Computerworld Report: Virtual Reality Download this Computerworld Report, free for a limited time, compliments of HP. (Source: Computerworld) The data center is real, but storage is turning virtual at many organizations that need to manage exploding storage needs. Learn how virtualizing your enterprise will save you money in this Computerworld Report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Securing Financial Services Beyond the Perimeter Intercept Spam & Viruses With MessageLabs Meeting PCI Compliance with SonicWALL Global Management System View more whitepapers

• Mozilla launches Firefox 3.0 RC1 early
• Microsoft: Don't misunderstand UAC, other Vista features
• HP confirms XP SP3 endless reboot snafu, promises patch
• More top stories 

Security Management Zone Security management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones



Try Fluke Networks' EtherScope Analyzer on your network FREE Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN. The EtherScope Analyzer combines the essential tools you need to monitor network traffic and switch interfaces, discover devices, networks, VLANs, access points, mobile clients and more. See the power of this portable network analyzer on your network. Request free trial now *Terms and conditions: Evaluation units are available only for a limited time and will be scheduled on a first-come first-served basis. Not available in all geographies. Limited quantities available; customers requesting evaluation units may be waitlisted for the next available unit. It will be at the discretion of Fluke Networks to accept or decline requests for this free evaluation.