Posts Tagged ‘disaster recovery’

Newer Entries »

Employee Spotlight: Practice Manager – Business Continuity and Disaster Recovery Patrick Dunn

Wednesday, August 25th, 2010

No wonder Patrick is engaging and dynamic at his numerous business continuity speaking engagements around the country…as a two-time All American cheerleader and former University of Maine mascot, Bananas the bear, he’s had plenty of practice motivating crowds!

Consonus is pleased to have Patrick Dunn as practice manager - business continuity and disaster recovery. His extensive background comprises over twenty years of industry experience providing crisis management, business continuity development, disaster recovery planning, information security, IT assessment, and project management for Fortune 500 and Big Five accounting firms. Impressive credentials include time spent at SunGard Availability Services as a BC/DR Consulting Practice Manager, as well as Cap Gemini, Wright Express, Check Free/FISERV, and Fairchild Semiconductor.

As if his job doesn’t keep him busy enough, Patrick is an active member of numerous highly-regarded industry organizations up and down the east coast, including the Contingency Planning Association of the Carolina’s Inc. (CPAC) where he was recently appointed vice chairman. Industry certifications include: Certified Information Systems Security Professional (CISSP), Certified Business Continuity Professional (CBCP), and National Incident Management Systems (NIMS).

On those rare occasions of downtime, Patrick enjoys wine tasting (Shiraz is his favorite), American Revolutionary history (as a former Park Ranger for the National Park Service he led historical tours), and watching his beloved Boston Red Sox. Obviously a proud graduate of the University of Maine at Orono, Patrick lives in Flowery Branch, Georgia.

Three cheers for Patrick!

Tags: , , ,
Posted in Business Continuity, Inside Consonus | Comments Off

Random Thoughts from Our CTO

Wednesday, July 7th, 2010

Last Friday afternoon, I asked our CTO to jot down a few random thoughts about disaster recovery (DR), storage, and data protection. His “brain dump” resulted in ideas and factoids that you may find interesting. 

  • CIO’s report that there is a minimum 25% Total Cost of Ownership (TCO) improvement in storage due to storage optimization.
  • Acceptable downtime has been reduced from 24 hours to less than five hours since 2007.
  • Many businesses assume DR is an IT problem…until there is a disaster.
  • In 99% of eDiscovery cases, the undiscovered email never saves your ass…it kicks it.
  • 60% of all data used on a day-to-day basis is less than 30 days old and 98% is less than 12 months old. So why are keeping the old crap around on your expensive storage???
  • Finish the sequence: gigabyte, terabyte, petabyte, ?, ?, ? (Answers: Exabyte, Zetabyte, Yottabyte)
  • Standardization is one of the holy grails of virtualization. Poor process, people skills, and lack of standards are holy hand grenades!
  • Data protection is about people, process, and technology. Failure to strategically address all three is a recipe for disaster.
  • 2009 was the first year in history to have more known malware applications than productive software.
  • Successful IT projects start with design, planning, and architecture. Just like building a home, the first expenditure isn’t at the lumberyard, it is with the architect. Spending 5%-10% of the budget for proper planning and design saves 3-10x that amount in cost overruns later.

Not too bad for 4pm on a Friday afternoon before a holiday weekend!  Thanks Steve!

Tags: , , , ,
Posted in Data Protection, IT Solutions, The Executive Desk | 1 Comment »

Observations from a Business Continuity Professional…

Friday, June 18th, 2010

It is sometimes easy to second guess others during a crisis, especially ones as devastating as Katrina or the current disaster in the Gulf. But to not criticize the disaster recovery plans or the lack of disaster recovery testing by British Petroleum should be considered negligent by any self respecting business continuity professional. 

I want to offer a few comments on Disaster Recovery (DR) and Business Continuity (BC) planning in general, as it pertains to the situation in the Gulf. 

  1. An experienced DR/BC professional follows leading best practices and would not create a boiler plate template that is implemented in all regions of an organization’s business.  A good DR/BC plan should be modified and customized to account for regional and cultural differences.  An oil company’s disaster strategy for Alaska should be vastly different from a recovery plan developed for the Gulf of Mexico because there are different environmental elements that must be considered and that will have a significant impact on the practicality of the plan.
  2. All DR plans need to be tested on a regular basis, especially ones that have the potential to save an entire region.  If these plans had been tested in the Gulf, then it would have been discovered that having a plan to save walruses was of no use in the Gulf of Mexico and their Call Trees would have had correct names in place.
  3. When creating Crisis Management Plans, it is not always necessary or desirable to have the CEO of a company giving status updates — that in itself can turn into a disaster.
  4. Don’t be afraid to accept assistance from vendors, suppliers, foreign governments etc.  They may have more experience in the type of event.
  5. Have a clearly defined Incident Commander and make sure everyone knows who is in charge.

If you don’t have a current disaster recovery plan in place, create one. Start with a Business Impact Analysis to inventory your current efforts. Then develop a viable, practical plan that can be tested, updated, and approved. Then repeat this process again and again to guarantee your plan remains effective and appropriate.

And by all means, utilize a business continuity expert to assist you. This will ensure you have a true and usable plan. 

Do all that is necessary, take all the needed steps and don’t shortcut the process…unless of course you want the end results to mirror what’s happening in the Gulf.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , , ,
Posted in Business Continuity, IT Solutions, The Water Cooler | 1 Comment »

Disaster Recovery Best Practices

Friday, June 18th, 2010

 For those who need a refresher course in disaster recovery, here are standard disaster recovery best practices according to the Disaster Recovery Institute.

1.  Program Initiation and Management
Establish the need for a Business Continuity Management (BCM) Program, including resilience strategies, recovery objectives, business continuity, operational risk management considerations and crisis management plans.  The prerequisites within this effort include obtaining management support and organizing and managing the formulation of the functions or processes required to construct the BCM framework.
   
2.  Risk Evaluation and Control
Determine the risks (events or surroundings) that can adversely affect the organization and its resources (example(s) include: people, facilities, technologies) due to business interruption; the potential loss from such events can cause  the controls needed to avoid or mitigate the effects of those risks.  As an outcome of the above, a cost benefit analysis will be required to justify the investment in controls.

 3.  Business Impact Analysis (BIA)
Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be established and approved.

 4.  Business Continuity Strategies
Leverage the outcome of the Business Impact Analysis and Risk Evaluation to develop and recommend business continuity strategies.  The basis for these strategies is both the recovery time and point objectives in support of the organization’s critical functions.

 5.  Emergency Response and Operations
Identify an organizations’ readiness to respond to an emergency in a coordinated, timely and effective manner.  Develop and implement procedures for initial response and stabilization of situations until the arrival of authorities having jurisdiction (if/when).

 6.  Business Continuity Plans
Design, develop, and implement Business Continuity Plans that provide continuity and/or recovery as identified by the organization’s requirements.

 7. Awareness and Training Programs
Prepare a program to create and maintain corporate awareness and enhance the skills required to develop and implement Business Continuity Management.
     
8. Business Continuity Plan Exercise, Audit and Maintenance
Establish an exercise/testing program which documents plan exercise requirements including the planning, scheduling, facilitation, communications, auditing and post review documentation.    Establish a maintenance program to keep plans current and relevant.  Establish an audit process which will validate compliance with standards, review solutions, verify appropriate levels of maintenance and exercise activities and validate the plans to ensure they are current, accurate and complete.
     
9. Crisis Communications
Develop and document the action plans to facilitate communication of critical continuity information.  Coordinate and exercise with stakeholders and the media to ensure clarity during crisis communications.
    
10. Coordination with External Agencies
Establish applicable procedures and policies for coordinating continuity and disaster recovery activities with external agencies (local, regional, national, emergency responders, defense, etc.) while ensuring compliance with applicable statutes and regulations.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , , , ,
Posted in Business Continuity, IT Solutions | 1 Comment »

Is your business prepared for hurricane season?

Thursday, May 20th, 2010

June 1st marks the beginning of hurricane season, continuing until November 30th.  With an above  average hurricane season predicted for the United States this year, government agencies, businesses and other organizations need to take steps now to ensure they are prepared for a disruption to both IT infrastructure and critical business processes.

Many business account for IT interruptions but neglect the business or people side of the organization. Unfortunately, the result is a plan where IT may be available, but the people have no place to go and work.  This is where business continuity planning can save a company.

Businesses in the southeast and gulf coast regions should account for natural disasters in their business continuity plans and take the following precautions:

  • Be able to communicate and account for employees. Have call trees in place. 
  • Consider the impact of hazardous materials – The Gulf region oil spill has the potential to affect the entire Gulf and Atlantic Coastline, so plan accordingly. 
  • Give your employees an alternative place to go by establishing a substitute business location in the case of an emergency. 
  • Present other options for transportation. 
  • Ensure drinking water and plumbing issues are addressed. 
  • Develop manual work-arounds for procedures. 
  • Find out if your primary vendors have disaster recovery plans. 
  • Define critical processes and applications and confirm they align with IT. 
  • Test the plan.

When it comes to hurricanes, wind speeds do not tell the entire story. Hurricanes produce storm surges, tornadoes, and often the most deadly of all — inland flooding.  It’s important that you also incorporate the following into your disaster recovery strategy:

  • Protect hardware/software/data records/employee records, etc. 
  • Routinely back up files to an off-site location. 
  • Use a generator for supplying backup power to vital computer hardware and other mission-critical equipment. 
  • Utilize a co-location, managed service provider or have a secondary data center in an area that is out of the impact zone, away from your primary facility. 
  • Prearrange the replacement of damaged hardware with vendors to ensure quick business recovery.
  • Assemble a crisis-management team and create a crisis management plan.

National Hurricane Preparedness Week is next week, May 23 through May 29. According to the National Hurricane Center, each year an average of 11 tropical storms develop over the Atlantic Ocean, Caribbean Sea, and Gulf of Mexico. About six to eight of these storms become hurricanes each year with the potential to cause devastating damage.  Make sure you have a viable, comprehensive disaster recovery plan so you can weather any storm. You’re business depends on it!

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity, IT Solutions | No Comments »

Data Centers and Earthquakes

Wednesday, April 7th, 2010

According to reports, the force from Easter Sunday’s 7.2 magnitude earthquake in Baja, California caused high-rise buildings to sway back and forth not only in surrounding southern California towns, but also 103 miles northwest in downtown Los Angeles and as far away as Las Vegas and Phoenix. Caltech officials reported that over 20 million people felt shaking related to the earthquake. And aftershocks are still occurring…some as high as 5.4 in magnitude.

Not only does an earthquake rattle nerves and shake buildings, but it can do devastating damage to data centers. It can vibrate and shudder racks of servers and equipment, rendering them useless. If you host at a data center with no natural disaster technology in place, chances are high that your mission-critical data will experience devastating damage too; unless, of course, your data center has earthquake-tolerant technology.

When you want to protect your most valuable business asset, information, look for data center providers that specifically address natural disasters via technologies that minimize risk. Earthquake gliders, friction pendulums, and base isolators are just some of the methods data centers use to safeguard information in the event of a natural catastrophe; some techniques involve only the equipment, while others focus on the entire facility.

For example, base isolation technology affects the entire structure. A fixed-base building–built directly into the ground–will move with an earthquake’s motion. As a result, the building can sustain extensive damage. However, when a building is built away—isolated–from the ground, resting on flexible bearings or pads known as base isolators, it will barely move during an earthquake. Your data is still safe and business can go on as normal.

Consonus has two data centers in Utah that are designed to remain fully operational during and after a 7.5 magnitude earthquake. Using base isolation, our data centers are constructed from the ground up to prevent and minimize damage during an earthquake.

But not every data center uses earthquake technology. Look for a data center with a history of delivering disaster recovery and business continuity solutions. This will give you peace of mind, even in the event of an earthquake.

And prepare yourself and your business BEFORE a disaster strikes. Governor Gary Herbert has designated April 4-10 as Earthquake Preparedness Week. Find out what you can do to prepare for an earthquake and its aftermath. Visit BeReadyUtah.gov for helpful tips and resources.

Rob Muir
Vice President Western Operations

Tags: , , , ,
Posted in Business Continuity, IT Solutions | 1 Comment »

Happy Business Continuity Week!

Monday, March 22nd, 2010

Business Continuity Week could not be occurring at a more appropriate time.  The last few months have us witnessing catastrophic natural disasters:  devastating earthquakes, potential tsunamis, record breaking floods, etc. And not to be outdone, consider the ongoing threat of Avian flu and terrorism.

Consider the following scenario of a call center in the northeast located next to a normally lazy, slow flowing river.  Add 10 inches of rain over a 2 day period—what is the result?  A one-hundred year flood.   As a business executive for this company are you concerned?  I would hope so and I would be asking the following questions:

  • What if my people can’t get to work? Who answers the incoming calls?
  • What is my plan for communicating with staff and alerting them to the crisis?
  • Are my servers under water?
  • What are my plans and do they account for the new SAN storage we put in place last month?

A good Business Continuity Plan deals with the above questions and more by drilling down even deeper into the business interruption.  In it, the following issues can be addressed:

  • Preparation: Are you prepared?  Do I have a plan and has it been tested or updated within the past year?
  • People:  How do I communicate with employees before, during and after a crisis?  Do I have a place for employees to work if my primary location is unavailable?  Can they work from home?
  • IT: How do I recover if my servers are damaged or unusable?  Do I have an alternate site to relocate to?  What equipment do I need?
  • Operations: How long can the business be unavailable? To what point in time do I recover?  What are my critical applications and do I know their value to the company’s bottom line?

There is no better time than now to focus on Business Continuity Management.

Executives need to create, review and update existing plans to prepare for unexpected business interruption before the next event causes a significant impact to business operations.

Business Continuity Week 2010 focuses on solving the business resiliency puzzle and is sponsored by the Business Continuity Institute.  For more information: http://www.businesscontinuityawarenessweek.org

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

Tags: , , ,
Posted in Business Continuity, The Water Cooler | Comments Off

Newer Entries »