Business continuity part 1: Failsafe options, IT style

8 Jan 2004

Roy Keane is fond of quoting that old management aphorism “To fail to plan is to plan to fail”. Which is all very true, except that in business and especially in its ICT systems a failure to plan for failure is also a failure! No user of modern technology is in any doubt that things go wrong from time to time, no matter how smart the systems.

Today, really smart systems are often designed to cope with occasional failure in elements of the system or external factors such as a JCB savaging cables. Most desktop applications can be set to auto-save files so that even in the event of a power cut, for example, users will not lose more than a few minutes’ work. The same applies to most server-level or networked applications, with the protection and preservation of business data at the very top of the priority scale. As for data backup, the traditional rotation of tapes or other media and off-site storage is still the norm in most companies. But the steadily increasing dependence of business of all sizes on 24×7 e-business means that many elements of the core database cannot enjoy the traditional simplicity of backing up overnight when no other processes are running.

In many respects, business continuity planning is neither new nor original. Armies and governments have been doing it for centuries and Ireland even had its own Government bunker in Athlone during the Cold War period of nuclear threat. What is unique today is the pre-eminence of ICT and the newer phenomenon of 24×365 business processes. If disaster strikes, then of course the facility to restore all corporate data is essential. But it is immediately followed in priority by the necessity to have alternative systems up and running as quickly as possible.

A detail, but an increasingly significant one, is that in a world of converged voice and data all forms of electronic communication are dependent on a single system. What has certainly emerged in recent years is much more sophisticated thinking in business continuity planning, now seen as part of the essential risk management function in any organisation rather than an ICT task. Similarly, the ICT side of that is recognised as a continuum from simple off-site storage of backup data copies to the glamour of a ‘hot site’ disaster recovery solution, with a ready-to-use set of your data and principal applications and temporary offices ready for key staff to move into.

So, what kinds of business continuity options are Irish managers choosing? Alas, the picture that emerges from a survey published just before Christmas by Dell Ireland is somewhat less than state of the art. Despite the fact that disaster recovery, data security and server consolidation were the top three issues in relation to data storage identified by the broad range of enterprises surveyed, a bare 29pc had in their own judgement an adequate disaster recovery plan in place. A full half of the companies had either never tested their plan or had not done so for over a year.

Clearly, this is a worrying level of potential exposure and all the more so as the Dell survey breakdown shows that 69pc of the respondents are in industries where business recovery plans are actually mandatory. It also begs the question of whether auditors are generally paying enough attention to – or understand the technical implications of – adequate risk management planning and the responsibilities of directors in this regard.

As might be expected, the business continuity planning at the level of SMEs is – anecdotally at least – even worse. “It’s actually scary how many small businesses are not even doing the basics, like keeping backup copies of their data off-site,” says Larry Banville, sales director of Datapac. “In almost all cases any serious form of business continuity planning only starts at the level of firms which have in-house IT resources. Even there, a problem these days is that managements do not always appreciate that restoring a system is much more complex than it used to be.

“Simple backup copies of data are just not the answer any more, because applications are so tightly integrated and all sorts of settings are tailored for the specific business and types of users. Intelligent system recovery tools like Veritas are essential – and not expensive on a per-server or per-user basis. But it can be hard to persuade cost-conscious managements, except in the context of a serious commitment to risk analysis and continuity planning – both still, unfortunately, far from standard.”

By Leslie Faughnan