Bulletproof business

Local companies are beginning to deliver 24x7 services. As such, they are deploying disaster recovery solutions to protect themselves against natural disasters and unplanned downtime.

  • E-Mail
By  Matthew Southwell Published  September 5, 2002

I|~||~||~|Disaster recovery has become a hot topic in the past year. As a result, an increasing number of businesses in the region are discussing ‘what if’ scenarios and, more importantly, they are trying to determine how their organisations will continue to operate should the unthinkable happen in the Middle East.

“Since 9/11, more people are talking about disaster recovery because they can now see how vulnerable they are,” says Mike Hynes, regional manager of Veritas Software Middle East.

The bulk of the interest is coming from the banking, telecommunications and government sectors — the region’s traditional early adopters of IT. “The majority of companies in the Middle East are very interested in disaster recovery solutions. Most of the interest is coming from banking, energy and telecommunication sectors. Governments and universities are also showing an interest,” observes Samir Achour, regional technical director for EMC in the Middle East.

However, it is more than a fear of terrorist attacks that is driving growth in the disaster recovery market. Simon Clements, general manager of credit card processing company, Arab Financial Services (AFS), suggests that while 9/11 has highlighted the need for disaster recovery, the key threats to businesses uptime remain the same.

“The recent events suggest the need for management to reassess business continuity threats, vulnerabilities, and the prudence of plans and capabilities to manage risk,” he says.

A focus on business continuity has also shifted the way disasters are defined — they are no longer limited to earth quakes, fire, flooding and terrorist attacks, but also network outages and hardware failure.

“When a hard disk went ‘bang’ in our office it wasn’t a disaster for me, but it was for the guy that owned the PC as it stopped him offering a service. Lucky, all of our data is backed up to Veritas in the UK so we were able to restore all of his data,” says Hynes.

Lost data is an expensive business. Not only do companies face losing customers, but they will also lose revenue. For example, a recent report from Research Corporation says disruptions to critical IT functions can result in hourly losses of up to US$6.5 million for brokerage firms and US$2.6 million for credit card sales authorisation systems.

“Disasters affect a company’s bottom line and shareholder value. This is why analysts are looking at whether or not companies have an effective and tested disaster recovery plan,” says Hynes.

According to vendors, there is evidence that the numerous discussions on disaster recovery are actually turning into projects. “From the interest point of view, the market is very buoyant and, more importantly, this is translating into a healthy amount of real business,” says Tom Powell, regional manager, professional services, Sun Microsystems in the Middle East.

||**||II|~||~||~|Just how the region’s businesses establish a sound disaster recovery plan is open to debate. EMC’s Achour argues that a complete replication of an organisations IT infrastructure — from the application layer down to servers and networks — in a separate location is the only true disaster recovery solution.

“If the disaster recovery solution is not based on remote, live synchronous mirroring it is not really a disaster recovery solution. It is little better than keeping your data on tapes and trying to restore information from that,” he says.

However, others argues that companies should tailor their solutions to meet their own needs. “Each company is different because the amount of time they can afford to be down for and the amount of data they have to be able to retrieve differs,” says Hynes.

“Furthermore, within each company, there are different requirements for each department. For example, the marketing department can be a down for a few days and afford to lose a couple of days information. But the order processing side of the business cannot afford to lose an hour’s worth of input,” he adds.

AFS’s Clements recommends that, much like his own company, organisations perform a complete risk assessment and business impact analysis to work out just exactly what they need to protect and how best to do it.

“The results of the analysis will determine which business operations are mission critical and therefore must be included in the disaster recovery planning. The analysis should also provide cost effective recommendations for immediate implementation to mitigate some of the risks faced by the business,” he says.

The issue of cost is a large one. No matter how much a company buys into the idea of a mirrored site, sometimes they just cannot afford it. Furthermore, the data that they have may not actually be worth the money they would have to invest in order to duplicate their IT infrastructure.

“A mirror site is the best solution, but it also has to be looked at from a commercial standpoint because of the cost involved. If that cost is not sustainable, or in keeping with the overall risk that the company has, then it is not the ideal solution. Organisations should have an appropriate disaster recovery capability that is in line with its operational and financial capability,” comments Sun’s Powell.

“It would be great if everyone could have a mirrored site, but not everyone can afford this. This means that they have to look at other things, for example making sure that their data is backed up and that the recovery of that data actually works,” adds Andrew Calthorpe, senior vice president for sales at STME.

The importance of testing a disaster recovery solution cannot be over stated. However, it appears as though the message is not getting through to most businesses. Figures from Macarthur Stroud International show that 45% of medium-to-large sized companies had not reviewed their disaster recovery strategies in the past 12 months and 12% hadn’t reviewed it in two years.

“Disaster recovery solutions have to be tested. Unfortunately very few people do this, but it has to be done at least once a year. They have to pull the plug and see what happens and then modify their disaster recovery solution accordingly,” says Jeff Maslen, storage channel development manager for IBM Middle East & Pakistan.

“Testing the company’s business continuity or disaster recovery plans, to ensure that they fulfil the needs of the business and regulatory agencies, as well as all applicable continuity-related requirements is critical and should be carried out every six months,” adds AFS’s Clements.

||**||III|~||~||~|Another option for those companies unable to build a redundant site is outsourcing. While there are a number of problems associated with this, such as security and the Middle East’s unwillingness to let go of its data, it appears as though the option is growing in popularity.

Hynes says that the outsourcing option is particularly popular with large international companies that have a set disaster recover strategy, but do not have the requisite IT infrastructure or skill sets in the Middle East. Ansar Al Kayani, head of solutions architecture at Etisalat’s data centre, says that a number of companies have already approached the PTT for such services.

“Although many corporate companies already have their own disaster recovery policies, they don’t want to replicate a data centre so they can use us. From an application point of view they may want to keep control of them [the applications] themselves, but they are willing to outsource the rest,” he explains.

“It is more cost effective for people to pass this on by outsourcing rather than having to build a replica,” he adds.

Another option is the pooling of resources. IBM’s Maslen suggests that companies should look to their suppliers and partners for resources and work together to develop a disaster recovery solution. STME’s Calthorpe concurs and says that the practice is not uncommon in Europe. However, he warns that cultural issues in the region make this an unlikely solution.

“There is a big reluctance in this part of the world to have your data anywhere other than on your own systems. It is not uncommon in Europe for two organisations to have a common disaster recovery policy, but here you would never get that. The concept of putting your data on third party systems is something that people are not too keen on,” says Calthorpe.

However the region’s organisations choose to approach their disaster recovery solutions, one thing is clear — it must be closely integrated with their business continuity plan (BCP). Covering more than just technology, a BCP incorporates everything from locating staff, the process that should be taken when a disaster occurs to establishing communications lines.

“Disaster recovery is more than an IT issue — it is a business issue. It is the responsibility of the IT department to get every level of the company involved, right from the board down to the administrators because in a major disaster everyone is involved,” comments Hynes.

When AFS developed its BCP, Clements looked to develop multifunctional teams that could cover all areas of the business. This means that if one part of the workforce is out of contact for any period of time, another can cover for it.

“We took a proactive approach to continuity planning by managing crises with co-ordinated, multifunctional teams involving all key departments: operations, auditing, IT and facilities maintenance,” he explains.

Essentially, such an approach means that the entire company, and not just its IT systems, can continue to operate in almost any circumstances. As Veritas’ Hynes says, this is the key, because “it doesn’t matter how well your IT systems survive a disaster if there is no one around to operate them.”||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code