Back from the dead

Business continuity is the security buzz phrase of the moment but is the Middle East enterprise listening? Or does it take a crisis such as Dubai’s recent electricity blackout to hammer home the message?

  • E-Mail
By  Simon Duddy Published  August 21, 2005

|~|Omar-Dajani_mmm.jpg|~|“For a number of reasons, small and mid sized companies are not investing in business continuity solutions. One problem is that there is no one stop shop for business continuity hardware and software. Companies also often don’t have the staff or resources to handle processes, which can be long and cost-prohibitive.” - Omar Dajani, regional technical manager, Middle East and North Africa, Symantec.|~|Vendors have been talking up business continuity for many years, scaring potential customers with the, very real, dangers of catastrophic loss of equipment, network services or data. While many larger enterprises have taken these lessons on board, in the Middle East small and mid sized businesses are largely complacent about these dangers, according to experts in the field. “For a number of reasons, small and mid sized companies are not investing in business continuity solutions,” says Omar Dajani, regional technical manager, Middle East and North Africa, Symantec. “One problem is that there is no one stop shop for business continuity hardware and software. Companies also often don’t have the staff or resources to handle processes, which can be long and cost-prohibitive,” he adds. Dajani also says that while IT teams are well informed of the dangers and are pushing for business continuity plans, executive level staff are less easily convinced. APC’s marketing manager for Turkey, Middle East and Pakistan agrees. “Most of the different industry vendors come together to hold seminars for ‘C level’ executives. It requires a bigger push to get the right people in and get them to agree on investing in safeguarding their businesses to and minimising risk in their IT planning,” he explains. While business continuity is not growing as fast as some providers would like, uptake is on the rise, partly as a result of vendors releasing less complex solutions, as well as increasing awareness among businesses of the need to deploy such a plan. As IT environments have become simplified and consolidated, many IT managers see business continuity as a more tenable option. Over-arching IT projects such as business continuity strategies are generally easier to achieve over a centralised architecture, as it provides fewer implementation headaches and an environment that is more readily conducive to monitoring. “Five years ago, complexity was putting customers off, but now solutions are more refined and easier to understand and implement. That said, customers should not underestimate how much engagement and commitment is needed from the executive level to the shop floor to make solutions work,” says Qais Gharaibeh, district partner sales manager, EMC, which specialises in ensuring data availability. Gharaibeh says the Middle East has some catching up to do compared to Europe and the USA but some regional countries, such as the UAE, are moving fast. He says that business continuity deployments typically follow the general level of development in a country. As well as development, the adoption of business continuity is encouraged by catastrophic events. A consequence of the September 11 terror attacks on New York was an upswing in business continuity and disaster recovery implementations. Similarly, the recent electricity blackout in Dubai delivered a shock to the regional system, with investment in disaster recovery, UPS devices and business continuity plans shifting sharply upwards. “Most businesses were not adequately equipped to deal with such a prolonged power outage,” says Rahul Sikka, distribution manager for MGE UPS Systems in the Middle East, East Africa and South CIS. “Middle East enterprises were already committing resources towards business continuity but this has assumed greater urgency since the blackout. We anticipate this trend will continue and project a year-on-year growth of over 20%,” he explains. In contrast, as business continuity awareness builds, companies must not rush too quickly to install a business continuity solution. Care must be taken to make sure they get the right fit. Companies need to honestly assess how much data they can afford to lose and how quickly they have to recover in the event of a disaster. If a company can tolerate zero loss or downtime then solutions will inevitably be state-of-the-art and expensive, but most companies have some margin for error to work with and this should be used to secure cheaper solutions. “You have to offset the cost of business continuity plans with the services they actually provide — a value for value proposition. For some organisations, the Dubai blackout had less effect than the costs of mitigation would have involved,” says Justin Doo, managing director of Trend Micro Middle East and Africa. A good business continuity solution should provide a comprehensive yet cost-effective set of features. Buyers want a product that scales to the organisation. Customers should not pay for more clout than necessary and have a solution that is flexible enough to deal with its changing requirements. “It entirely depends on how mission critical the operation that enterprise wants to protected is. We recommend a proper site evaluation and survey to effectively match the customer with application,” says Keshav Murthy, marketing coordinator for Tripp Lite EMEA. The key element of a business continuity plan is the last word — plan — any technology purchased must be subordinate to a determined and well-thought out effort on the part of the IT team. Citing a Gartner report, which states that 50% of all businesses fail after a major disruption, Khalid Bastaki, systems and network manager for Public Warehousing Company (PWC) says a failure to plan is generally the cause. Following considerable growth in recent years PWC’s IT team faced greater business continuity challenges as a result. In the last two years the number of mission critical systems it has deployed has risen by 340% and the amount of data it holds has grown 500%. The IT team at PWC faced two business continuity challenges. The first was to achieve logical protection up to the last point of failure while maintaining recovery time objectives as laid down in the service level agreement (SLA). “The second requirement was that the team was had to provide protection against data losses due to human error when systems were live and operational. This loss might not affect operation but was still considered critical,” says Bastaki. In response to these twin demands, PWC decided to implement a dual track solution, with a tactical setup to address immediate problems as well as a more long-term strategic approach. The initial step involved providing two recovery mechanisms — storage area network (SAN)-based synchronous mirroring to a remote site and a byte level mirroring of mission critical data to a third site by tools installed on the operating systems. “This approach proved effective in a few cases, such as when a production system lost its disk index. The operating system could not view the data or gain access to the drives holding the information,” says Bastaki. “Since this type of corruption takes place above the physical layer, the synchronous copy of data on the mirrored SAN suffered the same type of corruption. The recovery source was our second mirror site. The second mirror data was intact because the mirroring actually took place above the file system layer therefore preventing index corruptions propagating to the second mirror,” he explains. The strategic element of the plan focused on providing more robust disaster recovery for the core data centre operation, as well as fast recovery times. This was achieved by updating the SAN system and having a second replica of the production site on a completely different set of hardware, which operates in near real time. The firm also extended its efforts from its Kuwait base and applied disaster recovery to its remote sites throughout the Gulf. PWC has implemented solid solutions as part of its business continuity plan but it was steadfastly following the correct processes and self-analysis that allowed it to achieve its goals. Indeed, it is not enough that a business continuity or any security plan is put into place, the IT team, and perhaps others, should monitor its effectiveness and make adjustments when appropriate. A good way to help ensure good practices is to enlist a third party to monitor progress. “We have a security auditor to ensure security polices and procedures for Juma Al Majid are effectively maintained, and are implementing the BS7799 standards,” says Hussein Ali Ghanimah, head of IT operations at Juma Al Majid. “We realised that having hardware installed was not enough and that well-structured IT polices and procedures and awareness among users were just as essential,” he explains. With an effective solution, solid planning and scrupulous monitoring a company has every chance of ensuring that it can ride out the kind of disaster that swamps other businesses.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code