Posts Tagged ‘business continuity’

« Older Entries

Is your data center ready for a disaster?

Tuesday, September 20th, 2011

If you are like most employees at a medium-large sized business, you assume that your company’s data center is always going to be there and supplying your necessary applications, data and reports on a daily basis.  But what if you decided to peel the layers of the onion back and peek beneath the surface?  What you find might surprise you.  

Recent disasters such as Hurricane Irene, Texas wildfires, Mid-Atlantic earthquakes, tsunami’s, and tornado’s all highlight the need for a comprehensive and tested disaster recovery plan but most  are an “all or nothing” scenario, meaning the entire data center must be unavailable before declaring a disaster. This scenario does not look at individual component failures — the most common problems that escalate into a full blown disaster declaration.

Has your company looked at its data center infrastructure and vulnerabilities to address issues that may prevent a disaster declaration and enhance day-to-day or operational recovery?  In some cases there is nothing you can do to prevent a declaration – A direct hit from a tornado, major flooding, earthquakes, etc.  But in many cases a vulnerability analysis of your data center will uncover specific actions that can be taken to prevent a localized outage from becoming a full blown disaster.

So how do you prepare a data center for a disaster incident?

First – Conduct a Vulnerability Assessment of the data center. Five basic questions to ask are:

  1. Are you storing paper and boxes in the data center?
  2. Are your networking cables labeled?
  3. Have you looked at your data center from a power and capacity standpoint?
  4. Is physical access to the data center limited?
  5. Does the data center have heat, smoke, water sensors?
  6. Are there data security policies and procedures in place?
  7. Is the location of your data center conducive to continued operations or is the data center in a major hazard area?

You definitely need a comprehensive set of procedures for the infrastructure and for the applications. Each component, or group of components, usually has support infrastructure, and generally speaking, there’s a person or group responsible for that. So the servers are going to be under the server group, or the virtualization group, or both. All of these are generally working under an infrastructure group or an operations group, but come a major disruption, there’s a dotted-line relationship for disaster recovery management. And that kind of governance clearly needs to be spelled out, who is in charge, who makes the decision, what you do, and what sequence you do it in.

Of course there is much more to ensuring your data center survives a disaster,  but this should give you a jump start in reviewing your data center vulnerabilities.

Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity | No Comments »

Five Strategies For Business Survival

Sunday, September 18th, 2011

Business owners invest a tremendous amount of time, money and resources to make their ventures successful, yet emergency planning may get placed on the back burner in the face of more immediate business concerns.

At some point, your business will be disrupted by either a man-made or natural disaster; it’s not a matter of if, but when. Disaster recovery planning is vital to the longevity of the business.

Natural disasters like hurricanes, tornadoes and floods are particularly tricky to plan for because they can strike randomly and sometimes repeatedly in the same geographic location.

So how would a business survive such extreme threats?  Here are a few leading practices and strategies to help:

  1. Awareness:  A critical activity of Business Continuity actually occurs before the crisis. Informing and educating employees about programs, threats, expectations, accepted behaviors and actions will increase the likelihood that the intended response to an emergency will be achieved by making these situations at least a bit more familiar by way of repetition.
  2. Compliance:  Compliance with building code safety and frequent building code inspection checks are imperative to ensuring that your building is as safe as possible. The same method should be applied to information technology. Extreme caution should be taken when it comes to protecting your most valuable business resources.
  3. Redundancy: A variety of sources for accessing information should be available. Emails, website postings, “800” numbers to recorded messages, face-to-face information sessions, newsletters, and texting are viable methods.
  4. Frequency: During crises information changes quickly. Therefore, it is important to update messages frequently. Having a pre-established update schedule will benefit your organization during the business interruption.
  5. Communications: Often times at the beginning of a crisis there is a flurry of information, which then drops off. Crises can last for a while and people need different types of information from stage to stage. Maintaining communications continuity during all stages of a crisis is critical.

Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity | No Comments »

Business Wake-Up Call: Are You Prepared?

Tuesday, September 6th, 2011

Businesses in the Northeast are still feeling the devastating effects of Tropical Storm Irene.   Just a few weeks prior, a mild earthquake struck the Mid-Atlantic region and caused structural damage; people are still rebuilding.  And then there were the tornados striking the South and Midwest. This is your wake-up call folks! 

Were You Prepared?
How did you fare after the tragic floods resulting from Irene? Were you prepared for questions from your executives when the news came in regarding Hurricane Irene and subsequent 100 year floods?

  • Did you think to reach out to suppliers and employees in the region to begin the situation assessment? Or to stock up on needed resources before the flooding? Were you able to deliver products after the event or were there disruptions in your supply chain?
  • Did you think about engaging procurement and human resources as partners to determine the impact of the disaster and potential exposure?
  • Did you prepare to field questions from customers, business partners, and concerned family members?

Based on my experience watching organizations react to crises and other disruptive events, it’s common to see executives and those assigned Disaster Recovery and Business Continuity activities do the following:

  1. Get caught up as witnesses, watching the drama play out in the news just like everyone else, without always connecting the dots as to how the event may impact the organization’s interests. (This is where having a Disaster Recovery Plan would be of vital importance or having a person on staff whose sole responsibility is Disaster Recovery or Business Continuity Planning.)
  2. Focus (almost exclusively) on the day-to-day planning process, rather than taking an active role in participating in the response, including the situation assessment process.
  3. Fail to reference business impact analysis and risk assessment-related information in a potential crisis in order to judge possible exposure — what may be affected.( Ok – so you may not have this in place, but perhaps enough of a wakeup call has been issued and now your company realizes the time is right to conduct a business impact analysis and risk assessment.)

September is National Preparedness Month.  Now is the time to either create your Disaster Recovery Plan or update your plan if you have not done so recently. Another hurricane and even more tornadoes are currently on the weather radar…don’t wait!

Patrick R. Dunn, CBCP, CISSP
Consonus Practice Manager – Disaster Recovery & Business Continuity

Tags: , , , ,
Posted in Business Continuity, IT Solutions | No Comments »

Is your business prepared for hurricane season?

Thursday, May 26th, 2011

With all the recent focus on tornado activity, it’s been all too easy to forget about the other types of natural disasters – specifically hurricanes.

In a presidential proclamation made on May 20, 2011, President Obama declared May 22-28 National Hurricane Preparedness Week. The goal is to highlight the importance of planning ahead to protect families and secure communities and homes prior to the upcoming hurricane season that begins June 1st and spans six months.

The Federal Emergency Management Agency (FEMA) along with the National Oceanic and Atmospheric Administration (NOAA), are working in conjunction with the White House to raise awareness. According to a notice recently issued by NOAA’s Climate Prediction Center, the Atlantic basin is expected to see an above-normal hurricane season this year. NOAA is predicting the following ranges:

  • 12 to 18 named storms (winds of 39 mph or higher), of which:
  • 6 to 10 could become hurricanes (winds of 74 mph or higher), including:
  • 3 to 6 major hurricanes (Category 3, 4 or 5; winds of 111 mph or higher)

Each of these ranges has a seventy percent likelihood, and forecasts activity that will exceed the seasonal average of 11 named storms, six hurricanes and two major hurricanes.

Knowing that this year’s hurricane season is expected to be damaging, having a disaster recovery plan in place is the best approach to ensuring the longevity of your business.  Any size business can benefit from having a plan, and having one can mean the difference between continuing business and closing up shop forever. 

Take a proactive stance and start building your business continuity strategy now – Mother Nature is one woman you don’t want to mess with.

Patrick Dunn

Tags: , ,
Posted in Business Continuity | No Comments »

Employee Spotlight: Solution Architect JD Eller

Friday, March 11th, 2011

A true southern gentleman minus the accent, John “JD” Eller is one of the latest talented IT professionals to join the Consonus team. His role as solution architect has him traveling the Carolina’s with sales reps to consult and advise on the technical components of Consonus IT solutions.
 
“I was attracted to Consonus because they had a core focus in solution offerings that I felt were the right direction for my skill sets,” says JD. “I wanted to work for an organization that would allow me to enhance my skills and offer the opportunity for stability and growth. Consonus was an ideal fit.”

With an impressive IT background, JD specializes in IT solutions involving storage and disaster recovery. Certifications include Dell Equal Logic, Hitachi Storage, NetApp, and many more.  In addition, he is Gartner Group certified in Total Cost of Ownership (TCO) research, is a Proxim Wireless long range solution specialist, and practiced in virtualization solutions using Citrix.

When not talking “tech speak” with IT execs, JD indulges his inner history buff by creating dioramas of various events from the past. He’s currently working on a diorama of the Battle of the Alamo. Incredible patience and meticulous attention to detail are JD’s strengths and definitely come in handy as he crafts everything by hand. “The Alamo project has taken me four years and I have two more to go,” JD says.

Born in Jackson, Tennessee, JD has traveled all over the world, lived just about everywhere, and visited far too many places to list. His parents are both ordained ministers and while young, he accompanied them on their missionary trips. Out of all the places he’s been to, JD says his favorite is a tossup between Brazil and the Redwood Forest of California.

Returning to his southern roots, he calls Georgia home. The proud father of four children — yes, four children — JD says that being a father is his proudest achievement. “I’m blessed. They are all beautiful. But they certainly keep me on my toes!”
 
Glad to have you aboard JD!

Tags: , , , ,
Posted in Inside Consonus | Comments Off

Don’t Forget Snow and Ice Plans in Your BC/DR Strategy

Thursday, January 13th, 2011

It’s only January and areas of the Northeast have experienced Snowmagedden I and II. And in the Atlanta region, my neck of the woods, we’re currently in the midst of Icemaggadden.  These events, while not considered disasters on the level of major hurricanes or other significant natural disasters, should still be accounted for when developing not only your organizations’ business continuity plan, but personal disaster plans for employees.

From a business perspective does your  BC/DR plan have the following?

  • A dial-in number that employees can call to check on company closures and conditions.
  • An accurate call tree to alert critical team members of their roles and responsibilities during an outage.
  • An updated crisis management plan that deals with unexpected weather conditions. 
  • Plans to deal with business processes when employees are unable to make it to work for extended periods of time due to road conditions.
  • In the South – having appropriate snow and ice removal tools and strategies in place to ensure safety of employees and guests.
  • A travel and expense policy for extended stays at hotels while employees are out of town on company business, unable to return home due to conditions or for employees at work, unable to get home due to road conditions.

From a personal perspective does your personal disaster recovery plan have the following?

  • Shovels, sand, salt to remove snow and ice from walkways and driveways.  Even in the South you need these things as I have discovered this week.  Many homes have steep driveways and unless you have the tools necessary to remove ice and snow, you are at the mercy of Mother Nature.
  • Food and water at home to allow you to stay put for a week.  My family has been ice-bound for five days so far and although we have enough food to make it through the week, we know others who do not.
  • Flashlights and candles to provide light in the event of a power outage. 
  • A maintenance schedule for your fireplace (if you have a wood burning one) to ensure safety.  An out of control chimney fire can destroy a home in a very short period of time. 
  • Cash on hand to pay for food delivery or unexpected expenses when credit cards are not an option.

Take the time now to update your personal and corporate business continuity plans. After all, it’s only January. Who knows what the rest of the winter will bring.

Patrick R. Dunn, CISSP, CBCP
Practice Manager – Disaster Recovery & Business Continuity
President – Association of Contingency Planners – Atlanta Chapter (2011- )
Vice Chairman – Contingency Planning Association of the Carolinas (2010 – )

Tags: , ,
Posted in Business Continuity | 3 Comments »

Aligning IT with Business Goals

Monday, December 20th, 2010

In many organizations, information technology (IT) departments are struggling to align their capabilities to meet business objectives. Meanwhile, in the face of increased market and regulatory pressures and a history of project failures, CFOs, CEOs and other non-IT leaders are questioning both performance and costs associated with IT.

The stakes are high.

IT failures have led to reputation damage, customer and market valuation loss, and an increase in privacy concerns and high-profile lawsuits. In many cases, these have negatively impacted company growth.

Not surprisingly, demands on the CIO are greater and more complex than ever. The role of IT is now to help companies respond to market pressures by focusing on cost savings, return on investment, and growth objectives, and must help the organization operate within acceptable limits of risk while ensuring information and data integrity.

The key to facilitating this alignment is the Business Impact Analysis (BIA). The BIA identifies the critical needs of the organization and properly aligns those needs from an IT standpoint. Because there is almost always some discrepancy between the business requirements and the capabilities of IT, the BIA can be used to help identify conflicts and differences. By assigning a solid dollar value to the loss of that business function or process, the applications identified become the highest priority for IT to recover and allow the business to view resources in the proper perspective. Recovery Time Objectives (RTOs) and recovery Point Objectives (RPOs) are clearly identified as well, further quantifying the critical IT infrastructure.

Understanding business objectives and leveraging enabling technologies can help ensure that your IT solutions meet the current and future needs of your organization. The ideal place to start is with a BIA.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity
Vice Chairman – Contingency Planning Association of the Carolinas (CPAC)
President – Atlanta Chapter of the Association of Contingency Planners (ACP)

Tags: , , , ,
Posted in Business Continuity, IT Solutions | 1 Comment »

How Archiving Complements Backup

Tuesday, November 16th, 2010

The terms archiving and backup are sometimes used interchangeably, however, both are very different and both are important components to a comprehensive data protection strategy that can improve operational and cost efficiencies. 

Basically, backups are used to recover systems and data due to corruption or loss. It is essentially a second copy of data where the original is left in place. Information is stored in the context of systems with retention control at the image level.

Archiving, on the other hand, is used for long term preservation of information. The actual archive is a copy of the data but the original is deleted, freeing up more room for storage.  Retention control is at the object level which facilitates eDiscovery.  Archiving also ensures the business is able to meet compliance regulations while addressing business productivity needs in the process.

While archiving AND backup can have a lasting impact on resource administration, retention management, litigation, and application storage efficiencies, archiving provides an ideal operational framework — a process that can aid your backup environment.

For example, take a look at these two scenarios: 

Scenario One Archiving Platform: NoBackup Amount: 200 GB of data

Backup Time: ~4 hours

Recovery Time: ~7 hours

 Scenario TwoArchiving Platform: YesBackup Amount: 100 GB of data

Backup Time: ~2 hours

Recovery Time: ~3.5 hours

The difference: Archiving can reduce backup time at an average of 50% and provide recovery twice as fast.

If you apply an average internal cost per GB of $15 to the above scenario, you’ve just realized a storage cost avoidance savings of $1500 per 100GB. By implementing an archiving strategy before you migrate to Exchange 2010, you are not only simplifying and speeding up your exchange migration, but you are also able to realize actual savings for your storage procurement and/or allocation for the exchange environment.

So as you move to advance your data protection strategy, consider the functionality inherent in archiving and backup and how the two can work together to more efficiently meet your business needs. Using both solutions will facilitate a strong, holistic plan for protecting your most critical business asset – information.

Tags: , , , , , ,
Posted in Business Continuity, Data Protection, IT Solutions | No Comments »

Business Continuity / Disaster Recovery: Where do I start?

Thursday, September 2nd, 2010

Recently, I conducted a presentation on how to develop a successful Business Continuity(BC) / Disaster Recovery (DR) plan. As I was going over attendee feedback afterwards, there was one fundamental question that showed up multiple times — where do I start?

A valid question. It’s easy to get overwhelmed with the thought of implementing a comprehensive business continuity strategy. It’s one thing to know that a BC/DR plan is a “must-have” for your business. But it’s another, completely different thing to implement one. So as you set off on your quest to devise a BC/DR plan, use these guidelines as a starting point and you’ll soon see that a good BC/DR strategy is not only necessary, but doable.  

One: Cultivate an Understanding
Before devising the plan, you must understand the terminology. There are many acronyms and industry buzzwords that mean different things as they pertain to departments and individuals. Once your organization agrees on what it is you are trying to accomplish, only then can you move forward. 

Two: Develop the Business Case
Everyone within the organization has to be on board before you can proceed because a true BC/DR plan encompasses every facet of the business. To ensure cross-departmental involvement, it helps to first establish the business case, or your argument for developing the actual BC/DR plan. Are there specific business drivers or regulatory issues that make a business continuity strategy essential? If so, state your case and get executive support now. This will hopefully help alleviate some of the corporate politics that you may encounter.

Three: Assess the Current Environment
Pinpoint what it is you will be protecting — be specific — and identify all the risks involved. You can accomplish this via a number of ways, by conducting the following: a Business Impact Analysis (BIA) and/or a Risk Analysis. These more formalized processes will help you evaluate existing resources and establish a foundation for your plan. This is an excellent time to bring in an outside consultant; an experienced BC professional can drastically reduce the time and money needed to gather this information.

Four: Prioritize
Know the costs involved and define what absolutely needs to be done now then set priorities accordingly. You don’t have to devise a comprehensive BC/DR plan all at once. Apply a phased approach that models your immediate needs. Take baby steps. But be sure you address the following: Recovery Time Objective (RPO), Recovery Point Objective (RPO), critical applications and associated dependencies.

By taking the time to understand, analyze, and prioritize, you will be better prepared for your next step in creating a comprehensive, holistic BC/DR plan: Developing and Implementing a Business Continuity Management (BCM) Response. More on this in Part Two (coming soon).

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity
Vice Chairman – Contingency Planning Association of the Carolinas (CPAC)

Tags: , , , ,
Posted in Business Continuity | 1 Comment »

Employee Spotlight: Practice Manager – Business Continuity and Disaster Recovery Patrick Dunn

Wednesday, August 25th, 2010

No wonder Patrick is engaging and dynamic at his numerous business continuity speaking engagements around the country…as a two-time All American cheerleader and former University of Maine mascot, Bananas the bear, he’s had plenty of practice motivating crowds!

Consonus is pleased to have Patrick Dunn as practice manager - business continuity and disaster recovery. His extensive background comprises over twenty years of industry experience providing crisis management, business continuity development, disaster recovery planning, information security, IT assessment, and project management for Fortune 500 and Big Five accounting firms. Impressive credentials include time spent at SunGard Availability Services as a BC/DR Consulting Practice Manager, as well as Cap Gemini, Wright Express, Check Free/FISERV, and Fairchild Semiconductor.

As if his job doesn’t keep him busy enough, Patrick is an active member of numerous highly-regarded industry organizations up and down the east coast, including the Contingency Planning Association of the Carolina’s Inc. (CPAC) where he was recently appointed vice chairman. Industry certifications include: Certified Information Systems Security Professional (CISSP), Certified Business Continuity Professional (CBCP), and National Incident Management Systems (NIMS).

On those rare occasions of downtime, Patrick enjoys wine tasting (Shiraz is his favorite), American Revolutionary history (as a former Park Ranger for the National Park Service he led historical tours), and watching his beloved Boston Red Sox. Obviously a proud graduate of the University of Maine at Orono, Patrick lives in Flowery Branch, Georgia.

Three cheers for Patrick!

Tags: , , ,
Posted in Business Continuity, Inside Consonus | Comments Off

« Older Entries