|
Executive summary
Effective IT disaster recovery (DR) and business continuity planning is essential for every business. All businesses depend on their IT services for moment-to-moment operations. So they must all take measures to ensure that those services are not disrupted due to a natural or man-made disaster.
However, because IT environments have become so complex – and because IT budgets are stretched so thinly – IT organizations face real challenges as they attempt to safeguard the business against such disasters. These challenges include:
1. Ensuring that planned DR measures will actually meet the needs of the business if and when they are called upon
2. Determining exactly when such measures should, in fact, be activated
3. Documenting to senior management, auditors, insurers, and/or regulators that best efforts have been made to protect the business from a full range of potentially disruptive eventualities
All of these challenges can be addressed by pre-testing DR plans in a simulated network environment. By performing these simulations, DR planners can cost-effectively assess the end-to-end performance of critical applications under any projected condition. Equipped with this insight, DR planners can make more informed decisions about how to best ensure business continuity – and can fully justify those decisions to any appropriate third parties.
Why is IT disaster recovery planning so hard?
While events such as the attacks of 9/11 and Hurricane Katrina have called greater attention to the possibility of catastrophic business interruption, businesses have always had to plan for the worst. IT’s role in this planning has grown over the years as IT services have become an increasingly critical component in day-to-day business operations. In fact, for many businesses survival depends almost entirely on the ability to provide at least some minimal number of core IT services to at least some minimal number of end-users – regardless of where those end-users may be.
Several factors make it difficult to plan for the delivery of core IT services to end-users who may or may not be working at their usual locations:
“Live” testing is often impractical. DR measures often include use of “hot sites,” “cold sites,” alternative network service providers, and other resources that can’t be tested “live” with any frequency – if at all. This makes it difficult if not impossible to re-assess such measures as applications are added or other types of changes are made to the enterprise computing environment.
Business continuity depends on application performance. It’s not enough to simply give end-users in some remote location networked access to a server somewhere. They also have to be able to actually use the application they’re accessing. If the application behaves too sluggishly – or network latency causes it not to perform properly at all – the disaster recovery plan will fail.
Application performance can be difficult to predict. Different applications respond in much different ways to bandwidth constraints, added latency, and intermittent connectivity. Without real insight into the idiosyncrasies of each critical application, DR planners may under- or over-provision contingency infrastructure.
There are so many different contingencies to consider. IT has to be prepared for everything from an accidental cable cut to the complete destruction of the corporate data center. The sheer number of potential disaster scenarios can tax the ability of even the largest IT organization to assess them all and formulate appropriate recovery plans.
DR planning resources are limited. Most IT organizations already have their hands full just maintaining the systems they already have in place and supporting strategic, high-ROI technology initiatives. This leaves little in the way of financial and human resources for a “necessary evil” like DR.
It has to work right the first time. There’s no room for error when it comes to DR. If IT discovers a problem with a typical system upgrade or new piece of hardware it can quickly roll things back to how they were before. But there’s nothing to roll back to in the event of a disaster. So IT has to have a high level of confidence in its contingency plans.
For these reasons and others, IT organizations often struggle to achieve confidence in their ability to fully protect the business from all possible contingencies. These factors can also make it difficult for IT to satisfy the demands of upper management and/or outside auditors for proof that adequate planning and testing has been performed.
|
