Posted by: S R Balasubramanian
CIO's challenges, disaster recovery, DR planning, DR strategy, DRM, DRP
Organizations worldwide face various threats and mishaps that disrupt their operations and cause loss to business. Reference is to disruptions caused due to the failure of the computing infrastructure. And yet, disaster recovery has been ignored by many organizations citing prohibitive costs or due to pure apathy. Some feel that if nothing untoward has happened so far, nothing is likely to happen in future too. The approach is: ‘let’s cross the river when it comes’.
Disaster recovery explained
Disaster recovery (DR) is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.
Why DR planning is important
Disaster recovery, as a concept, got developed long time ago when organizations became more and more dependent on the computer systems and related technologies.
Many a time, when problems occur, companies take long to recover, leading to disruption in work, and often causing loss to business. For instance, interruptions in manufacturing, delay in dispatch of goods, or invoicing may lead to delay in reaching of goods to the market, drop in sales, or loss of customers. Nowadays, organizations are more worried about the dent that disasters may cause to their reputation. Another driving force for ‘DR’ is increasing government regulations mandating business continuity and disaster recovery plans for organizations in various sectors of the economy.
Worldwide, it is estimated that the most large companies spend between 2% and 4% of their IT budgets on disaster recovery planning. By spending on DRP, they aim at avoiding larger losses to business that the damage to IT infrastructure and data can lead to. Of companies that have had a major loss of business data, many never reopened, many closed business within two years, and others survived in the long-term. Today, DR planning is important even to small and medium companies; at times, it is mandated by the principals to whom they supply goods or services.
A CIO’s task
We, as CIOs, have our bounden duty to protect the organization from the fall-out of any such disaster and take measures to both, avoid any such an interruption and to recover soon if any such unforeseen event happens. Such measures, however, cannot be taken in a jiffy; they require detailed study of the computing environment, listing of possible faults, appropriate mitigation measures, and a good amount of planning.
The DR plan (DRP) is a set of defined policies and processes that detail steps that need to be taken to recover access to software, data, network, and hardware in case of any disaster either caused by human negligence or due to natural causes. DRP is complex process and requires a good amount of thinking and application. The plan should take into account all business critical activities and their impact on business and the cost of counter-measures to take care of such disruptions.
A DR plan (a.k.a. DR strategy) is important as it defines objectives clearly and identifies the measures to be taken when a disaster strikes. Execution of the plans, however, is equally important and in my opinion, it is here that many of us are found wanting. Sometimes we take too long for planning, especially when the issues are complex or when business leaders do not show the required urgency. Sometimes a grand plan could be halted due to the CIO not being able to justify the costs involved. During these periods of delay, the risks persist and may even get more acute with time and if a disaster occurs, the CIO may be left groping for answers.
In such cases, the CIO can start implementing some smaller measures that are simple and lend more protection to the environment. The set-up becomes more secure than earlier and we get free form those small but recurring problems that cause headache often. The larger measures can always follow in due time but we would have some protection in the meanwhile.