Disaster recovery strategy

Despite the turbulent political landscape of the Middle East, disaster recovery occupies a relatively lowly position on most CIO’s to-do list. However, as data becomes increasing important, end users must formulate effective business continuity and disaster recovery strategies.

  • E-Mail
By  Eman Wahby Published  May 30, 2005

|~||~||~|Information technology is impacting every aspect of business operations. One of the major challenges CIOs and IT professionals continue to confront is ensuring that corporate data is quickly restored should an unexpected disaster incapacitate the data center.

Any interruption in service or loss of data of an enterprise can have serious financial implications and loss of customer confidence. However, if a disaster recovery (DR) strategy is in place, enterprises should be able to manage potential disasters. Enterprises in the Middle East are paying close attention to safeguarding their data. They are establishing their own disaster recovery sites and using the services of third parties, which specialise in data storage.

“The dot com era has placed an intense focus on the ability of organisations to assemble accurate data not only about their customers, but also about their own business affairs. Also, companies have to [provide] the updated data available in real time, 24/7,” says John Bentley, sales director for Hitachi Data Systems’ Middle East. “What came next brought an equally intense focus on the ability of organisations to recover data and resume operations in the event of a disaster. This included the realisation that back-up data stored only a few streets away is now as vulnerable to a major disaster as the live, operational system,” he adds.

The aftermath of the events of 9/11 left many US enterprises with damaged technology infrastructures. Since then, there has been an increased awareness on the importance of disaster recovery plans. According to a study conducted by the University of Minnesota, 93% of organisations that lose critical corporate data for more than 10 days file for bankruptcy almost immediately.

EMC says although there has been an increased awareness in the Middle East about the importance of developing a DR plan, businesses and their IT departments are not paying close attention to the issue. “Disaster recovery plans are not on the priority list of CIOs in the Middle East, despite the [heightened] awareness. The Middle East is a little bit behind the US and Europe, however the region is undoubtedly on the right track,” explains Mohammed Amin, regional manager of EMC Middle East. A research, which was commissioned by HDS, has revealed that regional CIOs are under constant pressure to protect the value of their organisation’s data. 85% of the survey respondents in Egypt, 72% in the Kingdom Saudi Arabia (KSA) and 80% in the UAE, say classified data availability is an extremely important business driver.

The telecommunications sector, which provides voice, data and video services, relies heavily on disaster recovery strategies. Almost all telcos have disaster recovery plans. “We pay a lot of attention to disaster recovery plans because we provide services for a significant market. The safety and security of data is vital to our clients, especially government institutions that cannot afford to get exposed to any service disruption,” says Saeed al-Hamli, executive manager of corporate, planning and development at Thuraya Middle East.

In today's marketplace, an interruption to IT services can occur due to natural disasters like fires, floods and earthquake. Power outages, virus attacks, sabotage, disk drive and software failure can also impact a network. However, CIOs and business managers are often not aware of the risks of users or hardware error. “Surveys have shown that [approximately] three quarters of data loss are attributed to these errors. Additionally, defective software and corrupt data can cause problems, with unexpected downtime occurring in almost 25% of the companies surveyed, even those where the company had compiled a suitable emergency plan,” says Ivor Rankin, senior technical engineer at Symantec Middle East. “Neglecting to do a weekly backup on e-mail and user data, as well as mobile devices such as notebooks and PDAs can be critical, as many employees can lose their entire-day’s work,” Rankin adds.

Enterprises without a disaster recovery plan may be exposed to potential problems and risks, and server downtime is not cheap. If customer data is compromised, businesses will have to worry about legal issues and compensation claims. In addition, if a lack of care and precaution are proven to be the cause of the data loss, those responsible may even have to worry about recourse claims being directed at them personally. “If a server in a mail-order company crashed for several hours, it can easily cost hundreds of thousands of dollars and this figure can even reach millions for a financial institution or stock market broker, says Rankin.

Some end users believe an uninterruptible power supply (UPS) is all the protection they need. However, a UPS will only prevent power loss, not data loss or corruption. The possibility of losing market share to competitors is the last thing any organisation needs. “Imagine the reaction of a customer who goes to the bank to discover the financial institution’s computers have crashed and there are no records of his or her savings or the reaction of customer who finds his mobile phone’s service regularly down,” says EMC’s Amin. “Every enterprise should be prepared to face problems or disasters someday, so when the day comes, they should be fully prepared. This will not only help them grow their market share, but also help them [maintain] customer satisfaction.”

The banking sector is another vertical that is heavily dependant on storing and safeguarding corporate data. Customers are demanding the safety and security of their financial affairs. In addition, fierce industry competition is also driving the demand for disaster recovery initiatives. For instance, Egypt-based Banque Du Caire, has overhauled its legacy IT infrastructure in order to make provision for disaster recovery plans, as well as a seamless day-to-day operations. “The bank’s 125 branches used to be completely decentralised. They did not seem to belong to the same bank and every branch used to have its own database,” says Rady Wadie, CIO of Banque Du Caire.

Furthermore, the financial institute has restructured its IT platform so that it can issue 10 million ATM cards to government employees. Once the cards are issued, the public sector workers will be able to cash their salaries electronically. Banque Du Caire plans to install another 100 ATMs to reach a total of 250, which would make it Egypt’s largest ATM network. “We have launched a huge centralisation initiative to connect all [different] branches to the newly established data centre. Moreover, we have established an automated system to receive technical problems from branches, so that we can provide the necessary technical support,” explains Wadie.

“Moving forward, we have started to deploy sophisticated storage solutions in order to have a robust back-up facilities for our servers and communication lines. In most branches, we are protecting our data via replication from the main server to the back-up server, should any problem or disaster take place.” In case of a disconnection from the main data centre, the servers at the bank’s branch operations will continue to save data, which can be stored on the main server once the connection resumes. However, Banque Du Caire wants to deploy more advanced disaster recovery solutions. “We are eager to have our critical data off site, so that we can be prepared for any extreme disasters,” Wadie notes.

The process of developing a disaster recovery plan should start with listening to customer requirements. Enterprises need to look at the entire IT environment prior to customising solutions that meet end user requirements. “Disaster recovery solutions can range from individuals backing up their data using simple storage solutions to sophisticated solutions like Veritas disaster recovery fire drill,” explains Omar Dajani, regional technical consultant at Veritas Middle East & North Africa.

The primary objective of disaster recovery planning is to make sure that an organisation has the capability and appropriate resources to survive a disaster and continue normal business operations within a short period of time. In addition to reducing the risk of disruption or loss of information, such strategies should ensure that critical operations can resume within a reasonable time frame. “If a company's IT officers are not sure if all their security problems have been correctly resolved or if they do not have sufficient internal expertise, they should undertake an inventory analysis,” says Symantec’s Rankin.

Businesses need to ask themselves several questions prior to formulating a disaster recovery strategy. They need to find out the objectives of such a plan and also what degree of data recovery they intend to have. How much downtime or data loss can the company tolerate and which data is more valuable than others? “Will the replication site be fewer than 20 miles away or is a more distant site needed to avoid a wide-area disaster? End users also need to find out if applications find propagation delays unacceptable? Do companies need to ensure complete data consistency over any distance? Is having two copies of data in different locations highly desirable?” says HDS’ Bentley.

A master plan can be drawn up taking into account the company’s relevant statutory and non-statutory rules and regulations, as well as the external and internal threats that differ from business to business. Disk-to-disk solutions are recommended for fast recovery. This type of hard disk data back-up can be fully automated and data can be stored at any time without interruption to work and then copied to central storage systems on the network. “It is also important for companies to note how long it takes to get everything up and running following an outage, especially if there is no fail over system. There is a big difference between 60 minutes of downtime and 24 hours,” explains Symantec’s Rankin.

Disaster recovery plans vary from one enterprise to another, depending on the type of business, the processes involved and the level of security required. Depending on the business needs, strategies can be developed by the company’s in house IT department or through the third party expertise. “Different data merit different levels of storage. What CIOs need to do with their storage partner is assess the various kinds of data their organisations have and put them in order of priority based on business activities. Only then it can be clear how much investment is required to protect which data,” says HDS’ Bentley.

Disaster recovery generally includes remote replication of data. Corporations with large amounts of data such as those running financial applications, use replication as a data back-up method. Replication copies data synchronously through networks in real time to another system that located miles away within seconds. For businesses that have a local site for replication and significant bandwidth available, the option to copy everything becomes increasingly attractive. While evolving network technologies help lower the cost of replicating data over significant distances, the cost involved can be extremely high. Corporations should prioritise data or use a less current copy of data for replication.

Telecom Egypt has strengthened its services in a bid to minimise its technical problems. The company, which is the largest fixed-line provider in the Middle East and in Africa, has announced its plans to provide VoIP (voice over internet protocol); hence the need for a watertight disaster recovery plans. “We cannot afford to lose the critical data on our servers like the billing database. We have been using replication technology to make sure that critical information can be immediately copied somewhere else as a back-up in case of a disaster,” says Ahmed al-Sayed, chief of Cairo Cable and Network at Telecom Egypt. “Moreover, we copy any critical data on the network by mirroring it to the management centre, so that we are prepared for unpredictable situations or disaster,” Al-Sayed adds.

Cairo-based Egyptian Company for Networks (EgyNet), which holds a license to build, operate and manage private and public data networks, says disaster recovery initiatives should be secure, comprehensive and long-term. “Disaster recovery plans go through an endless cycle starting from vendors, which provide their services to companies like Telecom Egypt and develop their disaster recovery strategies. Then, the network or service providers work on their own recovery plans.

End users will also develop their disaster recovery plans, which meet their own requirements,” explains El Amin El Rabie, chief technical officer at EgyNet. The company offers IP connectivity to internet service providers (ISPs) and private sectors organisations. The bandwidth obtained by ISPs cover the additional requirements to provide leased lines, DSL and /or dial-up services retailed to end users.

On the other hand, businesses with limited budgets are not in a strong position to have a fully-fledged disaster recovery strategy in place. “The culture of disaster recovery plans is still in its infancy, with smaller organisations outsourcing their data facilities and disaster recovery requirements in order to cope with their limited IT budgets,” says El Rabie of EgyNet.

Disaster recovery planning is not a one-off or a short-term project. It is about formulating a long-term strategy. An effective recovery plan must be maintained, regularly updated and tested. Continuous testing of DR plans is essential if an end user wants to ensure that its recovery capability is of a high standard. “Companies that do disaster recovery testing frequently get a better picture of the plan's effectiveness. They also have the ability to bring in changes before a disaster strikes,” explains Veritas’ Dajani.

An enterprise’s IT infrastructure must remain resistant to all threats from within and outside the organisation, preventing all possible threats. However, if data loss does occur, corporations should be able to minimise the downtime. With the growing awareness among CIOs about the importance of establishing disaster recovery plans, and the availability of various robust storage solutions, getting DR initiatives off the ground should not be difficult.

For instance, Veritas cluster server 4.0 and volume replicator 4.0 have been fortified with new features that enable data centre administrators to test, plan and validate disaster recovery scenarios in live environments without disruption. The Veritas cluster server simulator and the disaster recovery fire drill, a feature in the vendor’s cluster server, allow thorough test and adapt to disaster recovery plans without disruption. In addition, Hitachi’s Universal replicator for TagmaStore universal storage platform can enable enterprises to support replication needs without over provisioning bandwidth based on peak-load traffic.

Symantec’s LiveState recovery solutions support recovery from Windows servers, PCs and notebooks, by making snapshots of the entire system within seconds including the operating system (OS), apps and configurations, putting them on a single file. “By using a snapshot, all data present on a computer can be reinstated, even if there is no operating system left— this is called bare metal recovery. In this way, system downtime can be reduced by up to 80%,” explains Symantec’s Rankin.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code