Don’t panic

Many enterprises still shy away from business continuity and disaster recovery planning, despite its vital importance to the business. ACN asks industry experts for tips on the best ways to start planning or revising a business continuity plan.

  • E-Mail
By  Eliot Beer Published  June 7, 2008

Many enterprises still shy away from business continuity and disaster recovery planning, despite its vital importance to the business. ACN asks industry experts for tips on the best ways to start planning or revising a business continuity plan.

Business continuity is always a tricky issue for enterprises to face, requiring as it does a long, hard look at the innermost workings of an organisation, and a painstaking analysis of where everything could go wrong.

However this analysis is now more vital than ever - in an on-demand world, few, if any, businesses are able to survive significant downtime or data loss.

"The biggest problem is not getting information - the biggest problem is getting started, and having enough manpower available for that starting point.

This is where psychology kicks in - we still see a lot of CIOs and also business leaders who just don't want to know about it, who feel they can get away with not knowing about business continuity issues - which obviously doesn't work, but you'll still find a lot of that way of thinking: don't tell me about it, because I can't do anything about it anyway," says Dr Hannes Lubich, head of BT's security practice in EMEA.

"The easiest way of starting is getting through that layer and saying yes, we have to know about it - it's easier and better for us to face it, even if there's some unwanted truth in this, even if we see something that we don't like and wouldn't tell our shareholders. But you still have to know what it is," he adds.

Lubich's thoughts are echoed by Omar Dajani, regional manager for systems engineering at Symantec: "From my perspective, talking to customers, the main factor is the perception that it's highly complex.

Generally, we want to resolve the simpler issues first - so if a server's not performing very well, let's put our resources behind making that server perform well; we want to increase market share, so let's introduce some new infrastructure.

There's a feeling that it's so complex that somehow it just gets delayed - things are running fine now, so why the sense of urgency?

"In reality it's not that complex - it doesn't need to be driven by high-end technology.

Sometimes I sit down with IT managers and say: ‘Let's just sit down with a blank sheet of paper and have a couple of hours' workshop. Let's just take a look at your applications and data, and prioritise them,'" explains Dajani.

When it comes to the differences between the Middle East and the rest of the world in approaches to business continuity and disaster recovery, views differ on how marked these are in reality.

BT's Lubich sees the same problems in the region as the rest of his EMEA territory; on the other hand, Dajani, while acknowledging a similar end result, sees very different reasons for the causes.

"In the West, there's a lot of old infrastructure, and they're trying to maximise the benefit before the move to new hardware.

There's an awareness - there are more C-level people that sit on committees, there's more processes and procedures - there's more of an awareness and more of a sense of urgency in the West, but the delay's based on a lack of investment in new infrastructure.

Whereas in the Middle East, we do have the modern infrastructure, but there's a lack of awareness - we're a few years behind in our knowledge of what disaster recovery is. So we're catching up, but I don't think we're catching up fast enough," Dajani states.

This is echoed - albeit with a more positive sentiment - by Thomas Luquet, business development manager for NEC's EMEA Enterprise Computing division: "What we can see in the Middle East, from customers who have a strong interest in BC/DR, is that companies here are very open to the latest new technologies.

There's often no existing DR infrastructure, and it's very different from other countries and regions - customers want the very latest and best technologies to go to disaster recovery."

Testing times

Almost one in two tests of disaster recovery plans fail, according to Symantec research, suggesting that many plans out there will not be effective if used for real - which 48% of plans are, again according to the vendor's research.

The reasons for failure are broken down as follows:

• Technology does not do what it is supposed to: 22%

• People do not do what they are supposed to: 19%

• Disaster recovery processes turn out to be inappropriate: 18%

In more positive news for the Middle East, the region is ahead of the curve when it comes to frequency of testing, with companies questioned giving their plans a run through every 4.4 months, compared to 8.1 months for the USA, and 10.2 months in Germany.

The Middle East had mixed results for disaster recovery times - the average estimate to recover skeleton operations after a fire was 1.3 days, one of the longer timescales (US average was 0.3 days).

To re-establish complete operations, Middle Eastern companies estimated they would need 5.9 days - dramatically less than the 30.6 days for the US and 51.6 days for the UK. This is most likely due to Middle East respondees being smaller or less complex than their counterparts elsewhere.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code