Posts Tagged ‘Disaster Recovery Planning’

Is your data center ready for a disaster?

Tuesday, September 20th, 2011

If you are like most employees at a medium-large sized business, you assume that your company’s data center is always going to be there and supplying your necessary applications, data and reports on a daily basis.  But what if you decided to peel the layers of the onion back and peek beneath the surface?  What you find might surprise you.  

Recent disasters such as Hurricane Irene, Texas wildfires, Mid-Atlantic earthquakes, tsunami’s, and tornado’s all highlight the need for a comprehensive and tested disaster recovery plan but most  are an “all or nothing” scenario, meaning the entire data center must be unavailable before declaring a disaster. This scenario does not look at individual component failures — the most common problems that escalate into a full blown disaster declaration.

Has your company looked at its data center infrastructure and vulnerabilities to address issues that may prevent a disaster declaration and enhance day-to-day or operational recovery?  In some cases there is nothing you can do to prevent a declaration – A direct hit from a tornado, major flooding, earthquakes, etc.  But in many cases a vulnerability analysis of your data center will uncover specific actions that can be taken to prevent a localized outage from becoming a full blown disaster.

So how do you prepare a data center for a disaster incident?

First – Conduct a Vulnerability Assessment of the data center. Five basic questions to ask are:

  1. Are you storing paper and boxes in the data center?
  2. Are your networking cables labeled?
  3. Have you looked at your data center from a power and capacity standpoint?
  4. Is physical access to the data center limited?
  5. Does the data center have heat, smoke, water sensors?
  6. Are there data security policies and procedures in place?
  7. Is the location of your data center conducive to continued operations or is the data center in a major hazard area?

You definitely need a comprehensive set of procedures for the infrastructure and for the applications. Each component, or group of components, usually has support infrastructure, and generally speaking, there’s a person or group responsible for that. So the servers are going to be under the server group, or the virtualization group, or both. All of these are generally working under an infrastructure group or an operations group, but come a major disruption, there’s a dotted-line relationship for disaster recovery management. And that kind of governance clearly needs to be spelled out, who is in charge, who makes the decision, what you do, and what sequence you do it in.

Of course there is much more to ensuring your data center survives a disaster,  but this should give you a jump start in reviewing your data center vulnerabilities.

Patrick R. Dunn, CBCP, CISSP
Practice Manager – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity | No Comments »

Business Wake-Up Call: Are You Prepared?

Tuesday, September 6th, 2011

Businesses in the Northeast are still feeling the devastating effects of Tropical Storm Irene.   Just a few weeks prior, a mild earthquake struck the Mid-Atlantic region and caused structural damage; people are still rebuilding.  And then there were the tornados striking the South and Midwest. This is your wake-up call folks! 

Were You Prepared?
How did you fare after the tragic floods resulting from Irene? Were you prepared for questions from your executives when the news came in regarding Hurricane Irene and subsequent 100 year floods?

  • Did you think to reach out to suppliers and employees in the region to begin the situation assessment? Or to stock up on needed resources before the flooding? Were you able to deliver products after the event or were there disruptions in your supply chain?
  • Did you think about engaging procurement and human resources as partners to determine the impact of the disaster and potential exposure?
  • Did you prepare to field questions from customers, business partners, and concerned family members?

Based on my experience watching organizations react to crises and other disruptive events, it’s common to see executives and those assigned Disaster Recovery and Business Continuity activities do the following:

  1. Get caught up as witnesses, watching the drama play out in the news just like everyone else, without always connecting the dots as to how the event may impact the organization’s interests. (This is where having a Disaster Recovery Plan would be of vital importance or having a person on staff whose sole responsibility is Disaster Recovery or Business Continuity Planning.)
  2. Focus (almost exclusively) on the day-to-day planning process, rather than taking an active role in participating in the response, including the situation assessment process.
  3. Fail to reference business impact analysis and risk assessment-related information in a potential crisis in order to judge possible exposure — what may be affected.( Ok – so you may not have this in place, but perhaps enough of a wakeup call has been issued and now your company realizes the time is right to conduct a business impact analysis and risk assessment.)

September is National Preparedness Month.  Now is the time to either create your Disaster Recovery Plan or update your plan if you have not done so recently. Another hurricane and even more tornadoes are currently on the weather radar…don’t wait!

Patrick R. Dunn, CBCP, CISSP
Consonus Practice Manager – Disaster Recovery & Business Continuity

Tags: , , , ,
Posted in Business Continuity, IT Solutions | No Comments »

Business Continuity / Disaster Recovery: Where do I start?

Thursday, September 2nd, 2010

Recently, I conducted a presentation on how to develop a successful Business Continuity(BC) / Disaster Recovery (DR) plan. As I was going over attendee feedback afterwards, there was one fundamental question that showed up multiple times — where do I start?

A valid question. It’s easy to get overwhelmed with the thought of implementing a comprehensive business continuity strategy. It’s one thing to know that a BC/DR plan is a “must-have” for your business. But it’s another, completely different thing to implement one. So as you set off on your quest to devise a BC/DR plan, use these guidelines as a starting point and you’ll soon see that a good BC/DR strategy is not only necessary, but doable.  

One: Cultivate an Understanding
Before devising the plan, you must understand the terminology. There are many acronyms and industry buzzwords that mean different things as they pertain to departments and individuals. Once your organization agrees on what it is you are trying to accomplish, only then can you move forward. 

Two: Develop the Business Case
Everyone within the organization has to be on board before you can proceed because a true BC/DR plan encompasses every facet of the business. To ensure cross-departmental involvement, it helps to first establish the business case, or your argument for developing the actual BC/DR plan. Are there specific business drivers or regulatory issues that make a business continuity strategy essential? If so, state your case and get executive support now. This will hopefully help alleviate some of the corporate politics that you may encounter.

Three: Assess the Current Environment
Pinpoint what it is you will be protecting — be specific — and identify all the risks involved. You can accomplish this via a number of ways, by conducting the following: a Business Impact Analysis (BIA) and/or a Risk Analysis. These more formalized processes will help you evaluate existing resources and establish a foundation for your plan. This is an excellent time to bring in an outside consultant; an experienced BC professional can drastically reduce the time and money needed to gather this information.

Four: Prioritize
Know the costs involved and define what absolutely needs to be done now then set priorities accordingly. You don’t have to devise a comprehensive BC/DR plan all at once. Apply a phased approach that models your immediate needs. Take baby steps. But be sure you address the following: Recovery Time Objective (RPO), Recovery Point Objective (RPO), critical applications and associated dependencies.

By taking the time to understand, analyze, and prioritize, you will be better prepared for your next step in creating a comprehensive, holistic BC/DR plan: Developing and Implementing a Business Continuity Management (BCM) Response. More on this in Part Two (coming soon).

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity
Vice Chairman – Contingency Planning Association of the Carolinas (CPAC)

Tags: , , , ,
Posted in Business Continuity | 1 Comment »

On a Tight IT Budget? Failover to the Cloud

Monday, June 28th, 2010

By now you’ve likely received your one millionth email bulletin regarding virtualization or the cloud and you no doubt recognize its value in your environment.  Regardless of where you are in your virtualization strategy, you still need a comprehensive disaster recovery (DR) plan.  While the gold standard for many years was a contract with SunGard for cold-, warm-, or hot-site failover, there are better options available today that provide faster recovery, shorter restore time (RTO) and restore point objectives (RPO), and are significantly less expensive.

More importantly, it is now possible to actually test a full scale failover – something that has been very difficult with traditional technologies.  In the old model, you had to ship the data (on disk or tape) to a distant facility, load the data (possibly onto gear that you paid for but is sitting idle), and pray.  Even then you were only able to test a small subset of the overall DR environment because you simply didn’t have the time in your test window to get it all done.

Today, the technology exists and service providers have well developed solutions to provide near zero RPO’s.  Failover can occur on dozens of production servers in remote cloud environments in just a fraction of the time previously required.  The real benefit of this is that you can run your DR test against a snapshot of your live data while your existing environment continues to replicate just in case there is a true disaster at or near your test window.

A great example of technology that uses the cloud for failover is the patented Virtual Business Continuity (VBC) solution offered by Consonus.  A predictable cost model that minimizes capital investment, pricing is based on the amount of customer data protected and the number of servers used in the Consonus remote replication service.

Check it out.

Daniel Milburn, CISSP
SVP & COO Hosting & Infrastructure Services

Tags: , , , ,
Posted in Business Continuity, IT Solutions, Virtualization | Comments Off