Defending Against the Catastrophic Loss of Information

From the Editors of ITSC

What are the most pressing data management issues enterprises face today? And what are enterprises doing to resolve them? Recent research provides some insight.

In September, a survey explored the data and information lifecycle management (DLM) issues, priorities, and plans of executives, IT specialists, and managers at enterprises worldwide. Participants in the survey identified critical initiatives that were planned, underway, or recently completed at their organizations, and rated the priority their organizations placed on DLM.

Among the key findings:

• Of the major IT initiatives at these companies, server standardization and consolidation initiatives were strongly represented.
• Nearly three-quarters of the participants rated DLM as a mission-critical or high priority.
  Participants identified defense against information loss and day-to-day information management as key DLM drivers, and expected their business initiatives to deliver improved efficiency and security as well as long-term cost savings.
• The decision to launch a DLM initiative and selection criteria for individual solutions are weighted strongly toward compatibility and ease of administration rather than advanced technology.

Critical IT initiatives
Responses to the survey revealed that multiple IT initiatives were the norm at these organizations. While 42% of participants reported a single initiative, 47% reported two or more. Server issues -- in particular, consolidation and standardization on Intel-based platforms -- dominated the list. Consolidation and standardization projects focused on hardware were more common than utility computing and Linux migration initiatives (the response options least often selected). About 30% of the participants reported initiatives to migrate to disk-based backup from tape or other technologies.

The survey revealed strong agreement on DLM issues. Defense against catastrophic loss of information was the strongest business driver of DLM initiatives, followed by day-to-day information management. Despite its extensive coverage in the industry press, legal and regulatory compliance tied for a distant third place.

Participants were also questioned about their short- and long-term expectations. In the short term, a majority of participants (82%) expected DLM to address such concerns as data protection, privacy, and security initiatives. Expectations regarding long-term significance were highest for data protection, privacy, and security (71%), followed by expectations of reduced costs (64%). In general, participants agreed with an investment model that addresses critical short-term needs but also reduces long-term costs.

Selection criteria and roadblocks
When selecting a DLM solution, most participants said they evaluate how it will work with their current hardware, software, and administrative resources before they consider financial criteria such as price and ROI.

Asked what key features they look for when evaluating DLM solutions, a majority of participants said operational considerations weigh far more heavily than technical excellence or even performance. Participants also said they screen DLM solutions carefully for management complexity, poor integration, high cost of ownership, and poor performance. Their responses suggest that IT professionals generally expect DLM solutions to have moved beyond technology "growing pains" and to operate as mature solutions.

Not surprisingly, competing priorities and scarce resources are the main barriers to adoption of a DLM solution, with technology issues and executive buy-in cited as minor concerns. The fact that few participants reported executive support or technology as roadblocks supports the view that DLM is seen as a mature technology with accepted benefits that organizations are managing along with other priorities within resource constraints.

In sum, the survey found that the strongest business driver of DLM initiatives was defense against catastrophic loss of information: backup, business continuity, and recovery. Participants expect DLM to add efficiency and security to their operations quickly, and to deliver cost savings in the long run.

How prepared are you?
While the survey found the need to protect against catastrophic loss of information clearly articulated as a priority, other research indicates that large organizations would face serious consequences if they had to implement their disaster recovery plans.

An independent study conducted late last year by UK-based Dynamic Markets Ltd. surveyed 1,259 IT professionals around the world who have responsibility for, and are involved in, the management of their company's disaster recovery plan in organizations with more than 500 employees.

When presented with a scenario where a natural disaster (e.g., a fire or hurricane) completely destroyed the company's primary data center, more than 40% of the respondents had no idea how long it would take to achieve normal operations or even skeletal operations. Not only that, but 92% acknowledged that their companies would face serious consequences if they had to implement their disaster-recovery plans.

Surprisingly, the research revealed that only 44% of companies surveyed use data restoration or backup software for disaster recovery purposes. In addition, only 9% of organizations use data replication software, while just 5% use high-availability clustering software. That too is surprising, since both of these technologies are vital to retrieving the critical applications of a business operation in the event of a disaster.

The importance of testing
Business leaders today face the challenge of keeping their enterprises up, running, and growing -- no matter what happens. More than ever before, that calls for thorough planning to mitigate the impact of a planned or unplanned disruption. Increasingly, this involves integrating disaster recovery plans and business continuity plans and committing to regular testing. The goal should be a plan that is consistent across the enterprise, and that mitigates the likelihood of an incident and its potential impact. This will enable an enterprise to:

• Identify and mitigate business and technology risk
• Protect its assets, brand, and reputation
• Minimize the impact of events on customers and supply chain
• Demonstrate effective governance to the media, markets, and stakeholders
• Meet insurance, legal, contractual, and regulatory requirements
• Optimize business and technology recovery time
• Reduce frequency, duration, and cost of IT downtime

While many IT organizations have a disaster recovery plan in place, a plan is just a document on a disk if it's never tested. Yet more than 70% of IT managers surveyed recently do not test their disaster recovery plans. Perhaps that's not surprising; after all, the obstacles to running a comprehensive test can be formidable. Traditionally it has taken a significant amount of time and redundant hardware to perform a test. And there has been no way to avoid at least some level of disruption to the production environment during such a test.

But no data center is static, which means that no disaster recovery plan should be static either. Frequent upgrades to the data center -- including modifications to the infrastructure, upgrades to the software, and alterations to the storage, to name a few -- bring new implications to even the most comprehensive disaster recovery plan. Not only is it important to test, it's also important to test frequently. Also, testing can have significant advantages. Companies that do disaster recovery testing get a better picture of the plan's effectiveness and have the ability to make changes to the plan before disaster strikes.

Conclusion
Until just a few years ago, many businesses viewed disaster recovery as a discretionary expense -- or else as a mandate for heavily regulated sectors such as financial services or telecommunications. Today, trends show the increasing importance of planning for business continuity and disaster recovery among all organizations. The proliferation of electronic records and the ubiquity of computers in day-to-day business operations have driven businesses of all sizes to a heightened awareness of the importance of disaster recovery. Most organizations realize that even a temporary loss of access to their electronic records could result in costly consequences to their business.