The world is growing more dangerous every day. There appears to be more devastation from natural disasters such as earthquakes, tornadoes, hurricanes and tsunamis than any time in recent memory. In addition, malicious hackers and spammers are growing more sophisticated by the hour and are targeting weak security spots across the enterprise, specifically through ill-thought-out social networking and mobile access areas.
IT departments are being challenged like never before to ensure their organization and its systems and data are protected from any disaster--manmade or natural. However, the onus cannot be on IT alone. Data storage and backup, disaster recovery (DR) and business continuity (BC) may be distinct in their own ways, but all need to be part of a comprehensive corporate strategy. Each carry equal weight in terms of importance, and any weakness will put an organization at risk.
While there are many tools and technologies that companies can choose from for their back-up and recovery needs, it will all fall apart at the business continuity phase without solid corporate protocols and practices. The key is to find the most effective and affordable data storage and back-up solution that meets your company's individual needs and to make sure it aligns with your overall business continuity plan.
Quick definitions from Wikipedia: "Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. Business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events; disaster recovery focuses on the IT or technology systems that support business functions."
In other words, DR has more to do with your technology investments, while BC involves more procedures, protocols and corporate policy planning.
To achieve a successful BC and DR strategy, three main objectives need to be evaluated, according to Oli Thordarson, CEO of Alvaka Networks. Alvaka specializes in helping organizations develop and implement sound back-up, recovery and BC solutions.
- RTO - Recovery Time Objective: the time between the disaster and when the system has been made operational again;
- RPO - Recovery Point Objective: the time between the latest backup and a ystem disaster, representing the nearest point from which the system can be recovered;
- TTO - Test Time Objective: the ease and the time required to test a disaster recovery plan and ensure its effectiveness.
But how much weight you give any of these areas will be dictated by your company's risk threshold. Here is where technology solutions need to align with business objectives. There are a variety of different back-up solutions out there, including tape, server imaging, DR appliances, replication and clustering. Each has its pros and cons.
Tape is common and affordable, but slow, prone to errors and not a good solution for archiving. Therefore, its RTO, RPO and TTO can take days, which is not practical in and of itself, according to Thordarson. On the other side of the spectrum, clustering solutions are expensive, but recovery can take only seconds, giving it a high TRO and RPO, he said.
The reality is that most companies use a combination of back-up and recovery technologies to get the job done. Where they fall short is on the business continuity planning side. That's where IT and line-of-business leaders need to work with C-level executives to ensure that regardless of what disaster strikes, the company will still be in business.
Elliot Markowitz is SVP, Editorial Director, Ziff Davis Enterprise.