CHATTANOOGA, Tenn. (April 21, 2011) — As I was preparing this article, the disastrous earthquake and tsunami struck Japan on March 11, and I have to admit, it's hard to think about loss of data in the face of the loss of lives in that country.
But the other side of disaster is business recovery. Disruption of business affects employees and their families, the economy and the future of the business.
Mother Nature is not the only threat to the continuity of your business. Here is a list of events that can affect your bottom line:
- Natural disasters such as tornados, hurricanes, earthquakes, flooding and more;
- Power outages caused, among other things, by storms, accidents and rolling blackouts;
- Human error;
- Computer server and hard drive failures;
- Hardware or system malfunction;
- Software corruption or malfunction;
- Employee sabotage;
- Office fires and sprink¬ler systems malfunction;
- Computer virus attack;
- Hacker attack;
- Theft;
- Building collapse;
- Heating, ventilating and air conditioning (HVAC) failure;
- Internal water leak; and
- Accidental cutting of data lines.
So how can data loss affect your business?
How much data do you keep on one server? Your business accounting, inventory and customer service records? Your contact management database, office documents, customer quotes and tax documentation? What if an employee accidently pushes the “delete” key? What is the cost to your business if you lose your data?
You've probably read stories in the news about servers and tapes being stolen from hospitals, insurance companies and large businesses.
What's more, errors can occur in the formatting of tapes, preventing a backup of the data. And, improperly stored tapes can be damaged from things such as moisture or magnetic fields, which can erase an entire tape library.
I read a story about a company that diligently backed up tapes, organized and labeled them meticulously and carefully stored them in a basement storage room. Unfortunately, the room was behind the elevator shaft, and a magnetic field erased and corrupted the data.
In another case, the disks were not formatted correctly. No one tested them, and six months down the road—when the need arose to access the data—the tapes were blank.
Horror stories, all of them.
Every business, regardless of size, depends on technology for its day-to-day operation. The ability to access data is mission critical when events cause a disruption, so it's important for every business to take the time to think through a plan in advance.
No plan in sight
Makes sense, right? You may be surprised to know that almost 60 percent of North American businesses do not have a disaster recovery plan in place, according to Info-Tech Research Group Inc.
The statistics are shocking on what happens to the unprepared:
- 50 percent of companies that lose their data due to disasters go out of business within 24 months. (Source: Faulkner Information Services)
- 93 percent are out of business within five years. (Source: U.S. Bureau of Labor)
- 70 percent of small firms that experience a major data loss go out of business within a year. (Source: DTI/PricewaterhouseCoopers)
If I back up my data, I have a disaster recovery plan, right? Or is that business continuity?
Backup is not disaster recovery and disaster recovery is not business continuity. The following gives a very high level description for each, and how they are different, which will be important to your planning.
Backup is your first step.
Backup is copying your files and databases to an external source so that they can be protected and available should something happen to their primary location. From your PC to your servers, the frequency and completeness of your efforts will pay off when you need to retrieve, or restore, your data. Remember, if your backup fails, there are no data to recover.
There are different ways to back up:
1. Full backup takes all files on your computer or network and backs them up. Copies of all data and log files are made, and objects are marked in a way that when subsequent backups are made, only changed information will be updated.
2. Incremental backup saves only the files that have changed since the most recent backup, which provides a faster way of backing up rather than doing full backups over and over.
3.Differential backup takes all the files that have changed—a file is changed if content, attribute or access permission rights are changed—since the last full backup and backs them up. In other words, it backs up everything that's different since the last full backup.
4. Mirror backup is the same as a full backup, except that it is a straight copy of the files at a given moment in time. All files and folders are kept separate in the destination, uncompressed, like a mirror, each time.
Here are some backup storage options:
1. On-site external backup (tapes and disks) may adequately back up your data, but they are not the best choice for disaster recovery or security. With your data backed up on-site, they are vulnerable to the same disruptions that your primary computers are facing, such as natural disasters, fire, or loss of power.
2. Remote backup (also known as online backup) allows for files, folders or all content from a hard drive to be sent to an off-site data storage location via the Internet. You may also hear this referred to as Web-based backup. Look for a provider that offers encryption and password protection to ensure privacy and security. The advantage of online backup is that by continuously backing up data on a remote hard drive, the risk of catastrophic data loss as a result of a disaster is practically eliminated.
3. Cloud backup is very similar to online backup, except that data are stored in a remote data center's virtual environment instead of physical disk and tapes. The provider will have a cluster of highly available and scalable servers that have Web interface so that you can store and retrieve data anytime and from anywhere. Cloud storage offers an unlimited amount of online disk space that is secure and inexpensive and works for PCs, laptops and servers.
Preparing for disaster
What exactly is disaster recovery?
It is the process, policies and procedures used by a business or individuals for recovery or continuation of technology infrastructure critical to an organization after a disruptive event. Best practices involve routine off-site backup and defining processes for restoring vital information and systems. A comprehensive disaster recovery plan includes many facets of your organization—your computers, network, phones, employees and customers—but perhaps most important to your business is how quickly can you restore your systems and data and get back to the business of running your business.
There are many factors to consider when determining the appropriate disaster recovery environment. It will rarely be a single version of the options mentioned earlier, unless simple cold backup is chosen. Typical high-end IT (information technology) infrastructures will incorporate at least three of the previously listed options, including at least one failover and both backup options.
Some questions to consider:
1. How much does an hour of downtime cost and what is the maximum acceptable time to recover? When you know both of these numbers, it will be much easier to justify, or eliminate, options based on price.
2. How much data and how many systems need to be protected? This will be a large factor in the cost of the environment, regardless of which types of recovery systems are implemented. This will also be one of the major deciders of the types of backup media that are truly viable for your business.
3. What type of data? This will determine the viable types of backup software and, in many cases, the acceptable forms of replication and the associated platforms.
4. How long and how often? There is a large price difference in monthly backups, with one-year retention and daily backups with seven-year retention. Often this is where the decision of disk vs. tape vs. both is decided. This also is where which type of each system is determined.
5. Where? This is a consideration for both failover and backup. It is a substantial cost factor with failover, but it is typically to meet best practices, certification, or legal requirements when considered for backups. This also raises the need to consider encryption. It is a simple choice and should be dictated by the sensitivity of the data in question.
Planning ahead
Here are several tips for disaster recovery planning. Your goal is to ensure that you have business continuity, minimal damage and loss prevention. Practice and test your plan and review monthly or quarterly.
1. Know your data, how they are used and where they are stored.
2. If you don't already, ensure that you have off-site, secure and available backup that allows for recovery 24/7. If you outsource your backup needs, make sure that you choose a provider that offers security, monitoring and support.
3. Test your plan; be sure that you are familiar with the recovery process and confident that it works smoothly. Your provider should walk you through a test-recovery procedure.
4. Designate a point person to manage backups internally or work with your provider to get your backup solution carried out.
5. Outline and communicate assigned steps for each person involved in recovery efforts and update the plan as things change.
6. Review your data regularly to be sure you're backing up everything you need. For example, if you add a new server in your office, your backups should reflect this addition. This should be done every other quarter if not once a quarter.
7. Remember to train new employees on your backup protocols and processes for recovery.
Keeping it going
Business continuity is the first cousin to disaster recovery.
This process takes a look at every aspect of your business operations—from logistics to where and how employees report to work during an event. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus of the plan. For others, information technology may play a more pivotal role, and the plan may have more of a focus on systems recovery.
So is all of this overkill, you might ask?
Not at all. As your business becomes more and more reliant on technology systems, data storage and electronic commerce, the impact of data loss on your company can be a game changer in today's economic environment. An effective disaster recovery plan enables your company to continue to work in event that catastrophic problems strike the underpinnings of your business.
Vocabulary pop quiz
As you investigate and plan your own disaster recovery plan, you may come across these terms. Learning a new vocabulary will help you understand what you need to do and/or communicate better with potential vendors.
- Clustering: Cluster is the logical grouping of physical resources. Cluster computing can be used for load balancing as well as for high availability. It allows automated failover between servers in the cluster and facilitates close monitoring of critical applications and their components.
- Co-location/hosting centers: For some businesses, a dedicated failover site or buying redundant equipment is not cost-effective. Third-party co-location or hosted disaster recovery services are an excellent alternative.
- Cost of downtime: Potential losses as a result of a disaster and the recovery cost.
- Failover: The process where a standby unit in a redundant system takes over when a software failure or a hardware failure is detected on the active unit. A failover site 100 or more miles from a primary location can help ensure that secondary systems are not impacted negatively by local disasters.
- Mirroring: Creates dynamic, real-time copies of data volumes, which reduce the amount of data-loss risk. Mirroring can be accomplished using Level 1 Redundant Array of Independent Disks (RAID) features through the motherboard or a controller card build into a dedicated disk array.
- Recovery time objective (RTO): The minimum time in which the business must recover.
- Recovery point objective (RPO): The point of time when the data must be recovered—start of the day, the last backup or last transaction.
- Replication: Files are copied from a primary location to a secondary location for use in the event of a system failure.
- Virtualization: Allows virtual machines to transfer or fail over to dissimilar hardware, enabling the virtual machine to be online in minutes.
Connie Roberts is the director of marketing at Terenine Technology Solutions, based in Chattanooga, Tenn. The firm—a service mark of Basenine Inc.—helps businesses find alignment between business goals and technology innovation. The company offers a full array of technology solutions tailored to a customer's environment, including virtualization and cloud-based services, co-location, disaster recovery, backup and tiered storage, applications development and professional services. Its website is: www.terenine.com.