Having an effective and tested disaster recovery plan is vital for companies in all industries. According to META Group research, over 30 percent of companies that suffer a catastrophic disaster, i.e. fire, flood, earthquake - never reopen their doors for business. In addition, that same research stated that 29 percent of businesses suffering a catastrophic disaster close their doors within two years of the event. And, even though the research shows that over 50 percent of Global 2000 companies have a credible disaster recovery plan in place, the events of September 11, 2001 have caused even these companies to re-examine their plans to cater for event the most extreme worst-case scenarios.
Even though disaster recovery has received increased attention in the aftermath of 9/11, terrorist acts or by no means the only security risk that organizations are subjected to. According to an FBI survey, 84 percent of large businesses and government agencies detected security breaches in the past year. Of those, 35 percent (186 respondents) quantified financial losses from those breaches, which totaled over $377 million.
In many ways, according to Brian Reuter, director of marketing at DataPeer, the events of 9/11 have impacted the way people look at their business in the short and long term as it pertains to strategic planning, product development, and research investment. But in many other ways, he says, it has not had as profound a difference on long-term IT development as people would think. "The 'repositioning' of storage products as addressing disaster recovery or contingency planning requirements was already happening before 9/11 - although the events of 9/11 did accelerate new messages and value propositions that were being pushed into the marketplace," he continued.
Dianne McAdam, an analyst at Illuminata, believes that the events of 9/11 had a strong impact on the placement of data centers. "Corporations are no longer looking to place data centers 10 to 15 miles outside of a major metropolitan area, they are looking at much further distances (such as 100 miles), " she says. "We all knew about the importance of disaster recovery prior to 9/11, but now we are thinking about it differently," she continued. And, even though McAdam says that companies overall understand that testing back-up is important, they are still not giving it the critical importance that it requires. She admitted knowing of companies that were backing up their data to tape and leaving the tapes on the servers.
Wayne Lam, vice president of FalconStor, believes that businesses are not only being more realistic about their DR commitments, they're also candid about maximizing the TCO on any implemented storage solution. According to Lam, companies now realize three important issues: (1). Data replication is vital for disaster recovery purposes (even though price and performance are also crucial evaluation criteria for a replication solution.) (2). Companies do not want to be locked into a proprietary solution. And (3), companies are looking for a solution with interoperability across vendor lines and applications.
Lam also feels that storage vendors are also taking steps to address data availability and are giving companies more choices in how their data is handled during the storage process. He says that businesses are looking at disk-based backup as a complement or alternative to tape recovery, for the purpose of immediately restoring data lost to soft errors in the short term. In addition, he says that realizing that one of the major technical challenges in maintaining a backup center is keeping the data and the backup data center synchronized with the data in the primary data center, companies are also looking for solutions enabling them to choose storage equipment, even mixing brands and types of storage, leveraging their present infrastructure with the ability to acquire new storage at any given time, he continued.
While the events of 9/11 raised the consciousness of many businesses in terms of disaster recovery and contingency planning, and the critical need to provide safe, secure storage of company data, Reuter believes that the economic environment has had more of a significant impact on the way businesses have been looking to provide uninterrupted availability and enhanced reliability. "We were already seeing shifts towards centralized storage instead of direct storage because of scalability issues," says Reuter. "And, we were already seeing more focus on the TCO and ROI because of multiple device proliferation," he says. "In other words, while there will always be trends and corresponding products and solutions that come out of political and social situations, more often than not -- business need will drive new IT solutions and products within a business and in a marketplace," he continued. "This has definitely been the case in terms of storage development as companies continually look to access, manage, and protect their data."
So has the storage industry learned any important lessons post 9/11? Lam seems to think that, from a business point of view, the notion of their critical information all-residing in one or two central locations has changed. "From a vendors point of view, openness and interoperability are what the customer wants today," he says.
With that said, you might think that spending budgets on disaster recovery solutions would have increased since the events of last September. Not so, says Lam. "Spending budgets have not dramatically increased, but the urgency to get a business continuity strategy in place has," he says. "Businesses today have to consider their overall business continuity strategy, and how to balance disaster recovery and high data availability in their plans," he continued.
On the other hand, Reuter says: "For companies that are required to exist in a 24/7 data access mode, such as financial institutions, the commitment to contingency planning, business continuity and disaster recovery remains strong both strategically and financially. He goes on to say that for small and medium sized businesses, the events of 9/11 probably have been a wake up call since many of them exist in a static file back-up mode versus looking at protecting the entire infrastructure (hardware, software, applications, systems, etc.). They have seen all too clearly how the cost of downtime can impact a company's viability. However, because of continuing economic challenges and a greater focus on profitability and immediate return on investment, many smaller companies may not have the means or time to invest the significant dollars they need on well-designed, well-thought out disaster recovery solution. This", he says, "creates a Catch-22 situation where back-up, recovery, redundancy and contingency planning may be business critical, but not as critical as retaining employees or paying the rent."
The events of 9/11 have proved that having a credible disaster recovery plan - one that is up-to-date, tested, and effective - is business critical for companies of all sizes. The events have also focused senior management interest on business continuity planning, making it just that much easier for CIOs to sell the importance of disaster recovery to the front office.