/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMUMBAI, INDIA: It's always a fascinating irony to wonder upon- While the Titanic was made by the world's best professional experts of its time, the Ark was made by a bunch of amateurs.
No one wants to face a D day but yet it's always a necessary burden to invest in binoculars or lifeboats or whatever that can make you sail through hidden and visible ice-bergs. Now the funny thing is that more often than not, DR or Disaster Recovery (DR) is that tiny fire extinguisher that just sits around your kitchen, car or office parking. There is no way to find out its real worth unless the penny drops, which is a sound most of us would rather avoid.
So is DR just that? A happy blind state of complacence that everything is under control? Is there any way to test those fire-fighting cans before something big knocks in? Is it a good idea to rent them when needed and not buy those lifeboats-like-machines that apparently lie idle, take too much space and spoil the view for VIP passengers?
We recover answers to these and other DR smokescreens in this chat with Sundar Raman, CTO, Perpetuuiti Technosoft Services.
Perpetuuiti is incidentally a global software product company in business continuity, disaster recovery and process automation space, which was in news recently for having one of its products shortlisted for InTech50, (by iSPIRT and Terrene Global Leadership Network) a list of seemingly-the-50-most-promising software product companies in India for the year 2014.
Raman shares his unique view on the big list of doubts, options and promises that CIOs are accosted with on the DR route.
What is your assessment of significance of DR on overall capex and budget areas as a CIO would view it?
Disaster Recovery planning and management is a major expense to organizations. Traditional models of DR have a significant impact in the CAPEX and budget areas. The costs associated with in-house DR are typically due to the high cost of procurement of Hardware and Software components which form the back bone of the DR infrastructure. In addition to that, there is an operational cost to be considered as subject matter experts, technologists and engineers have to be deployed to manage the day-to-day activities of the DR. The other cost which is incurred by organizations pertaining to DR are through huge storage costs. As data keeps growing, the storage and data replication requirements keep rising on a yearly basis which is considered to be some of the most expensive components of the DR infrastructure. A CIO not only has to plan for the smooth functioning of the DR but also has to make sure that the capacity planning and management is optimized. Due to the complexity of the issue at hand, CIOs tasked with addressing business continuity (BC) and disaster recovery issues are keen to achieve quick wins, and the ‘tick box' audit approach, which tries to copy successful strategies used elsewhere, is often adopted without consideration of the suitability.
Are new approaches to DR timely and useful enough?
If we look at the approach is to outsource the DR management to a third party vendor, the capex costs are low but the opex costs are much higher when compared to the in-house setup. Also there is no Real-time visibility of the impact of downtime on business, 99.999 per cent uptime SLA, service credits given by partner have no linkage or accountability to revenue loss, building expensive redundancies still having no visibility/confidence of readiness and business resiliency, executive decision making delayed due to no real-time information of disruption/ impact. Plus, BC/DR Drill are an eye-wash - not actually giving the confidence that it will work, as tested only for limited environment with people/outsourced partner dependencies.
How then to deal with the dilemma of DR being a necessary evil/baggage as usually perceived by many, or DR being a cost centre?
Â
Planning is expensive but not planning is even more expensive! It has been estimated by Gartner that a report by HP states "A Company that experiences a computer outage lasting more than 10 days will never fully recover financially. 50 per cent will be out of business within five years." Picture this: An estimated 25 per cent of businesses do not reopen following a major disaster. Some 70 per cent of small firms that experience a major data loss go out of business within a year. As to companies experiencing catastrophic data loss, 43 per cent never reopened, 51 per cent of companies closed within 2 years, 80 per cent do not recover from a disaster within one month are likely to go out of business and 75 per cent without business continuity plans fail within three years of a disaster. Companies that aren't able to resume operations within ten days (of a disaster hit) are not likely to survive. Of those businesses that experience a disaster and have no emergency plan, 43 per cent never re-open; of those that do re-open, only 29 per cent are still operating two years later. These numbers show us that planning and investing in DR readiness is critical for business resiliency.
So accept and be ready for the worst?
Whether it's a natural disaster, human error, computer virus or hardware failure, disasters are bound to happen from time to time. In fact, 93 per cent of businesses admit to enacting their disaster recovery plans at some point. With the average cost of downtime estimated at $336,000 per hour, it's no wonder more businesses are urgently mapping out their BC/DR plans. In addition to the tremendous costs associated with downtime, businesses also lose customers and reputation due to the expectation of 24/7/365 access.
What is a more important metric for assessing DR plans and options: RTO/RPO or failover parts?
All these 3 components RPO (Recovery Point Objective), RTO (Recovery Time Objective) and actual failover parts are very important metrics for assessing DR plans/options. Besides this, there is another important metric which is MTPOD (Maximum Tolerable Period of Disruption) which sometimes also referred as MAO (Maximum Allowable/Acceptable Outage). Among all these metrics, Actual failover happening or not is the most fundamental and critical one. Because in case of DR or business disruption, if actual failover doesn't happen then all other metrics are of no use. In this case you are not really sure about business continuity and that's a big loss to the businesses. In an overall DR drill if failover part is tested well and guaranteed then next three parameters come in picture. One is RPO, in which case you need to determine that how much data can be at risk. Second is RTO, in which case you need to determine that how much downtime business can afford to failover to happen and third, MTPOD is the maximum amount of time for which an enterprise's/business's key products or services can be unavailable or undeliverable after any disaster/ event that causes disruption to operations.
As a CTO what would be his internal view for Perpetuuiti and strategy take on DR in today's scenario?
Planning for BC or DR is more than just a proverbial checkmark in the box. CIOs tasked with addressing these issues are keen to achieve quick wins, and the ‘tick box' audit approach, which tries to copy successful strategies used elsewhere, is often adopted without consideration as to suitability. Instead, CIOs need to be tasked with providing a true disaster preparedness strategy and an executable plan to recover core systems in the event of a disaster.
To that end, there are three integrated areas where organizations should focus their efforts with respect to Business Continuity Plans - People, Process and Technology.
Elaborate.
These areas need to be integrated into a centralized console so as to allow real time visibility, preparedness, management and execution of BC processes and IT DR automation. The value that a CIO/CTO will recognize in this integration includes: automation of the BC/DR Orchestration- Removing dependencies on people, process and technology through single-click over a smartphone or tablet; eliminating delays in executive decision through providing real time visibility/confidence of readiness and business resiliency in turn helping organizations realize their BC/DR plans work every single time, eliminating dependencies on subject-matter expertise.
That approach leads to more real gains in your reckoning?
Â
Tying organizational business impact analysis to the IT Infrastructure in a single unified dashboard providing real time visibility and confidence for DR readiness through a BC management and DR automation solution. Extending huge Cost savings by giving insight into the integrity of DR infrastructure & BC readiness helps organizations from over-engineering or replicating. It also helps in reducing RTO and eliminating single point of failure.
Where does DR stand today on the confidence-meter of a rollback?
It's a tough piece specially for large enterprises. In case of an outage, a business is caught in a difficult situation and the interesting thing is businesses usually do not quantify losses during such downtime windows. DR is ideally about being back in business in the next five or six hours, Business Continuity Planning window is about six months while resiliency is around a six year time frame. Most companies do not usually have a data centre failover/switch testing, unlike us. For most companies DR is just a tick mark, a myth at the best. A drill does not guarantee a real-world situation assurance. We try to address this part by automating all of the cycle with intelligent software and minimal human intervention.
Should enterprises be perturbed by the BYOD (Dropbox, Box, Google Docs etc) side of information storage?
It is a consumer level technology. Or something for low-end segments that want to save costs but enterprises cannot run applications based on space-offerings like these.