IT Focus Area: BC/DR
January 6, 2012
The New Disaster Recovery
Two major trends are forever changing the nature of disaster recovery and how companies view it. Both of these require businesses to think more holistically about protecting themselves.
Business and IT Are One
The first major trend is the long-anticipated, final merger between information technology (IT) and the business units in most organizations today. Technology and business are becoming more inseparable and, in some cases, indistinguishable. Most mission-critical business processes simply cannot run without the underlying IT infrastructure they depend on.
For example, restoring data from tape backups in hours or even days after an outage or natural disaster may no longer be acceptable. Today, disaster recovery, or resiliency, is more about how to make sure the fast pace of business continues during and after any crisis event—however large or small an issue may be. Resiliency is also about ensuring business availability no matter the event. Anything less can mean significant lost revenue.
The implications for IT are substantial. Today, resiliency and business continuity can no longer be secondary decisions. They must be woven into the entire technology and business flow. IT no longer just supports the company. It now enables and transforms organizations. When IT goes down, so does the business.
The Cloud Changes Everything
The second major trend is the advent of the cloud—in all its forms—including infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and business process as a service (BPaaS). According to the International Data Corporation (IDC), the cloud computing market is expected to grow 27% annually through 2015—from $21.5 billion in 2010 to $72.9 billion in 2015. Thanks to the cloud paradigm shift, today’s business processes may run on IT infrastructure in the corporate data center, in the cloud or some hybrid combination.
Four Steps to Better Resiliency
When formulating a resiliency process, businesses should:
1. Examine each organizational business process to determine its value to the business. Some may be mission critical, time sensitive, or tied directly to revenue. Others may be important but more tactical than strategic.
2. Understand the technology chain and workload placements that are associated with each process. Some processes may depend on a chain of internal and external cloud infrastructure or applications. It’s important to understand all the links in the chain and their risks, interactions, and dependencies.
3. Develop a business continuity strategy with service levels, recovery time objectives (RTO) and recovery point objectives (RPO) for each of the underlying technology links to meet the business process resiliency requirements.
4. Develop a resiliency technology strategy and infrastructure that meets those objectives.
The Cloud Effect
The cloud can have both positive and negative effects on resiliency. On the positive side, external cloud services can add an extra layer of protection in the event of an outage, since they are likely to be at a different location than the corporate data center. During an outage at your internal data center, users may still be able to continue accessing cloud services. In some cases, a cloud service may even have a business continuity strategy and infrastructure superior to your own, particularly if you’ve delayed upgrading some of your aging infrastructure.
On the minus side, today’s cloud services often don’t allow an organization to have direct control over issues when they arise, and may be reluctant to share their business continuity strategies and architecture. That’s why it’s important to establish clear, specific service level agreements that meet the requirements of your affected business processes, and to investigate whether a cloud partner can actually deliver on them. Try to get a look at the vendor’s business continuity and disaster recovery plans to determine if they meet your business continuity and compliance requirements. Determine if they enhance your organization’s resiliency capabilities. Make sure any cloud provider or other service provider meets the same rigorous business continuity standards that your organization sets for itself. It may be necessary to identify and contract with a backup supplier as well in order to meet your requirements.
Resiliency Is a Must—Not a Nice-to-Have
It is important to examine the links between your internal infrastructure and the cloud to ensure they’re adequately protected. And make sure, when you make decisions about your service and service type, you keep a close eye on how these decisions will impact resiliency. As the shift from disaster recovery to resiliency continues, that path may include a well-designed cloud initiative.