The Keys to Executing a Business Transformation
K12 Enterprise: Business Continuity and Disaster Recovery Planning
The Basics of Business Continuity and Disaster Recovery Planning:...
Information Security is More than Information Technology
Building Relationships - Establishing Contingencies before a Disaster
Julia Halsne, Business Continuity Manager, EBMUD
Business Continuity and Disaster Recovery - Business Technology Insurance
By Martin P.Rose, CIO, Pinellas County Government
A disaster is defined as “a sudden event, such as an accident or a natural catastrophe that causes great damage or loss.” For technology systems, a disaster can be spilt into two events. “Blue Sky” events are non-weather related disasters while “Gray Sky” events are predominately weather related. For example: an internal data center fire would be considered a Blue Sky event, however, a hurricane which destroys a data center would be considered a Gray Sky event. Both events result in damage or loss of technology systems and applications.
Initially, technology disaster recovery plans meant a backup mainframe in a secondary location which could be used in case the primary mainframe went down for any reason. The secondary location should be located as far away as possible from your primary data center. Technology staff would be dispatched to the secondary location to bring systems back online. Business user connectivity would be expensive and isolated.
Disaster Recovery has become more involved in the post-mainframe world as distributive systems recovery is more complex. Technology reaches well beyond the data center or even the office with mobile devices and an ever-growing mobile workforce. Disaster recovery plans have also morphed into larger and more in-depth strategies which include Business Continuity Planning (BCP) or Continuity of Operations Planning (COOP). Today, every computer controlled system, business application, location or business user needs a BCP or COOP and not justa DR plan for data center systems.
BCP or COOP serve the same function, to make sure individual or collective business operations continue to function after a disaster. BCP or COOP can be created for any operational parameter including people, buildings, machinery, finances, supplies, equipment, product, and technology systems and applications.
Technology based BCP or COOP starts with the disaster recovery of on premise technology systems, usually the core Data Center. Data Center disaster recovery plans have many options. One option would be to contract a third-party vendor who can provide space and equipment at an alternate disaster recovery site. A manifest of equipment and services must be well defined. Technology staff lodging and travel expenses will also be needed for this option. Business user access must be in place or procured at the time of the disaster.
Another option is to build your own DR site. Distance for the DR data center from the primary data center is important. Efficiencies could be recognized if both sites are being utilized. Duplicate production environments could be deployed across both sites for load balancing or production environments can run atthe primary data center while staging environments can be run from the alternate DR site.
Two less desirable options are bare metal restore, which would involve procuring new hardware and performing a re-build from scratch, or the least desirable option to simply do nothing.
Fortunately, a new option has emerged: the Cloud. Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and even Mobile Backend as a Service (MBaaS) have gained popularity as an alternative to the traditional on premise technology models,especially with regards to disaster recovery and non-production technology systems.
Cloud has even become mainstream with government entities who previously shied away from Cloud for security reasons. Cloud providers have created multiple Clouds, one for the private sector and one for the public sector. Government Clouds or “Gov Clouds” have the certifications required by Federal law, such as HIPAA and FERPA, which were traditional roadblocks of the private sector Cloud. Gov Cloud is more expensive due to the additional security and certifications, but still affordable for short term on-demand DR.
With Cloud services, Business Continuity and Disaster Recovery becomes more affordable, accessible and flexible. The Cloud provides the ability to run a replication of the production database as well as a small application environment in the Cloud during normal operations. When a disaster occurs, you have the ability to increase resources and completely build out the entire production technology environment within hours. The best part is, the cost follows the pattern. You pay a small amount during normal operations, then pay more when you need to turn up the environment for DR. With technology systems and applications in the Cloud, business users can have secured access from anywhere, anytime.
Be careful, one size does not fit all. An application with multiple system interfaces would require all systems be hosted in the Cloud, or a hybrid of Cloud and on premise with a direct connection between both. Certain Commercial off the Shelf (COTS) vendors have their own Cloud, however, COTS vendors stay on the latest version. Potential issues with interfaces oruser functionality is possible with a version change.
So what is the right solution? Whatever works for your organization! Everything in the Cloud sounds great but it may not be affordable or practical. Complicated systems might run in a secondary data center while small to medium applications including portals reside with Cloud vendors or COTS vendor cloud solutions when available and applicable. Don’t forget about your staff. Office locations can be affected, not just Data Center locations. Staff will need secured access from mobile devices anywhere, anytime. There are multiple BC/DR/COOP models available. Choosing what works for your organization can be just as challenging as choosing the right insurance option.