To mitigate a wide range of business risks, including those involving data centers, many organizations establish business-continuity (BC) or disaster-recovery (DR) plans. Fewer, however, write plans that focus on specific threats, keep those plans current or even test them. To ensure success, companies need to do better. Working with the right advanced data center is one way to fill those gaps.
Do You Have Plans? Are They Specific?
Although many organizations have BC or DR plans, some do not, or they have plans that are too generic. In a broad survey of data center decision makers, business-analyst firm 451 Research found that 82 percent of respondents have a disaster-recovery (DR) plan of some kind. That would leave nearly one-fifth of businesses with no DR architecture in place. With risk affecting everyone and DR solutions now widely available, companies have few excuses for not making a plan.
Another survey, conducted by Forrester Research and the Disaster Recovery Journal (DRJ), indicates a higher level of preparation. It found that 93 percent of organizations have created documented business-continuity plans (BCPs). Yet this survey revealed another shortcoming: only half of its respondents had developed BCPs that address discrete threats.
A failure to be specific, however, reduces the usefulness of a plan. “Different scenarios require customized responses,” writes Forrester Research Director Stephanie Balaouras, noting that a pandemic differs from an IT failure, which differs from extreme weather.
Are You Actively Updating Them?
Among those who have plans, the picture also appears divided between the actively engaged and those who prefer to “set it and forget it.”
Some organizations are clearly engaged. According to 451 Research, in 1Q15, two of every five respondents were evaluating a new DR architecture. And although new data center builds are relatively flat, among those planning to build in the next two years, creating a DR site was one of the three most common reasons. But these efforts are only part of the picture.
There seems to be a natural tendency to write a plan and then leave it on the shelf. Only 14 percent of respondents in the Forrester/DRJ survey said they were updating their business-continuity plans (BCPs) continuously, which is Forrester’s recommendation. That is half the rate seen in 2008. Most now refresh their plans only once a year, or less frequently.
How Often Do You Test Them?
Having plans and updating them are important, but you also need to test them. Here too, many businesses are leaving themselves exposed.
Not surprisingly, the more extensive the test, the less frequently it is conducted. Although 67 percent of respondents to the Forrester/DRJ survey do an annual walk-through, which simply reviews the layout and content of a plan, only 32 percent conduct a full simulation annually. Experts recommend at least one full exercise per year, with twice being ideal.
Another area of exposure involves business partners. Participation in testing by third parties increased from 47 percent in 2008 to 59 percent in 2014, but Balaouras said that with increased reliance on partners, especially in cloud services, that level of participation should “be much closer to 100 percent.”
Working With an Advanced Data Center
When engaging a data center for DR/BC solutions, first ensure that the upfront analysis is correct. Which applications need to be up and running for the business to operate? What do their service levels need to be? That helps one to determine recovery-time objectives (RTOs). A related metric is recovery-point objectives (RPOs), which refer to the point at which a backup service replicates a production database.
Organizations turn to data centers for two types of solutions. In one case, companies with minimal-to-zero tolerance for downtime often need a second physical instance of a service and application. With a duplicate system running on colocated assets, failover then becomes instantaneous.
Other companies with longer RTOs may opt for virtual servers running DR instances for certain applications in a disaster-recovery-as-a-service (DRaaS) model. In both cases, and whether using Intel-based x86 or IBM AS400 iSeries servers, DR/BC plans should entail specific scenarios, with solutions addressing particular technologies.
Testing and Resilience
Recovering from disasters and maintaining business continuity have become core business functions—functions that are still neglected in a fraction of organizations but now are commonly sponsored at the executive level in most.
Among those engaged in BC and DR, however, many neglect to update and test their plans. Business partners may bear some blame. Any third-party data center aiming to play a responsible role in a DR/BC solution, for instance, should mandate testing—even multiple tests per year—and contribute to updates as threats and solutions evolve.
Data centers, of course, need to be highly resilient themselves. Doing so entails multiple redundant power sources, diverse connectivity routes, and security that is built into both site location and every layer of its design.
 “The State of the Datacenter Market: Disruption and Opportunity for 2015 and Beyond,” 451 Research, archived webinar Feb. 18, 2015.
 “The State of Business Continuity Preparedness,” Stephanie Balaouras, Disaster Recovery Journal, Winter 2015.
 In the Forrester/DRJ 2014 survey, approximately 88 percent of respondents had executive-level sponsorship for BC preparedness—about the same level seen in 2011 and 2008.
Leading article image courtesy of NASA
About the Author
Peter B. Ritz is chief executive officer, director and cofounder of Keystone NAP and is responsible for overall strategy and execution, with emphasis on driving sales activities. Peter is a veteran technology executive and entrepreneur who has dedicated his career to working with emerging technology companies, helping launch, grow and advise many successful startups. Most recently, he spent five years as president and managing director of Xtium, an enterprise cloud software and solutions company he cofounded, helping expand the company from its first $6.5 million five-year customer agreement to double the recurring revenue in 2012 and building a world-class, motivated team supported by $13.5 million in growth funding. During this tenure, Peter served on the VMware (NYSE: VMW) cloud-services Advisory Board, helping design pricing and go-to-market for the managed-services business model to compete with Amazon (NSDQ: AMZN) and Rackspace (NYSE: RAX). Earlier, He was chief executive of Ntera, a nanotechnology ink and digital-display provider, as well as president and cofounder of AirClic, an interactive print and mobile-process automation SaaS company. He was also a venture partner with Cross Atlantic Capital Partners, a venture-management company, and a managing director and cofounder of Silicon Stemcell, a technology incubator, with earlier roots working for Ikon Technology Services (purchased by Ricoh), British Telecom and Sprint International. He also served tenures in Europe, Latin America and South East Asia. Peter also practiced intellectual-property law as a registered patent attorney and trial lawyer. He graduated with honors from the University of Maryland with two engineering degrees, computer science and biochemistry/molecular biology. Peter is an inventor on 29 patents and has created over 250 high-tech jobs.