Identify Critical Apps for DR

About DR Compliance

Area of concern

DR planning is a top issue in most CIO minds, but some are clueless about
how exactly can they make their organizations disaster-ready. DR is a costly and
complex procedure, especially in case of a large number of applications.

CIOs recommendation

It is critical that we do not implement blanket DR on all business
applications. Out of 10, there may be only two truly critical applications that
deserve a full recovery within two hours; rest can probably wait for more hours
or days. It is also important to clearly segregate mission-critical data from
all that is churned out by your users and applications. If you are able to
achieve this, you say you are DR compliant.

Sometimes, there is also time-based criticality. For example, a car
manufacturer cannot afford a disaster in the month of March, as it is the period
when he is making maximum sales on account of temptation to claim depreciation
benefits. Typically, recovery has to happen in a fraction of a time in case of
services companies compared to product companies, as formers’ customers demand
uninterrupted access at all times and at all locations.

Safeguarding Your DR Site



Area of concern

We can entrust our critical data and applications to a remote site for DR.
But how do we make sure that the same is safe, secure and reliable at the remote
location, just as it is within our primary locations.

CIOs recommendation

The whole DR system has to be made secure from external and internal
vulnerabilities. And quite often, the real danger lies more internally than
outside. Physical security itself is a critical area–you must plan and grant
access and authorization rights carefully.

"Compared to product companies, recovery has to happen in a fraction of a time in case of services companies" Ashok Sharma, CTO, Crane Software "Spending 60-70% of your time on planning to detail will only yield you a sound DR strategy" Ajay Nair, GM-IT, Royal Sundaram Insurance "It is difficult to outsource all requirements, as IT security itself is a sensitive issue" N Nataraj, CTO Aztec Software "DR is not a technology; it is a process–that can help you stay in business in face of an adverse situation" Sudipto Sen MD, Comsat Max "Higher the level of automation, higher is the risk for a disaster happening" Sanjay Ghosal CTO, Philips Software "Given the kind of infrastructure we have, we must plan for security and redundancy many times over" Easwar Das Associate Editor, Dataquest

The more automated your business processes become, the more vulnerable you
get to a disaster affecting your business seriously. And that is where it is
necessary to identify your risks with possibility of a disaster, and to attach
tangible and intangible value to those risks. Would you be in a position to take
those risks on the presumption that even if it actually goes wrong, you will
still be able to survive and come out mostly unscathed? When outsourcing DR–be
careful with type of data that is outsourced as data and IT security are equally
important.

First Steps in DR

Impact analysis is the first step for a sound DR system. Next, the
enterprise has to identify its most critical application or two and replicate it
at an external DR site, even if the entire IT infrastructure is not centralized.
The next step has two options –own a site and put your own alternate servers,
networking and infrastructure in place, or go through dedicated DR service
providers.

Two vital and alternate parameters for DR planning are: Time objective–how
much time can be afforded to restore, and the data value objective–how much
data loss can be sustained in case of a disaster.

The Art of Doing DR

DR is a function of entire organization and everyone has a responsibility to
participate in DR planning. Each department should come forward with its own
requirements and recommendations for DR services.

Businesses should set out an optimal cost of recovery–the maximum cost that
can be afforded by organization to recover from a disaster in a minimum
acceptable downtime. At the same time, it is critical to ascertain value of your
data, which is usually far more than a simple calculation, for revenue loss.

You should quantify your tangible and intangible assets, including valuations
for customer trust and employee satisfaction, to come up with value of possible
loss of data. The key to a good DR strategy is meticulous planning. If you can
spend 60-70% of your time in planning and use the rest for actual
implementation, you will implement a good DR strategy.

Finally–you must identify critical users who need be given uninterrupted
and continuous access to all your services regardless of a disaster, as not
everyone needs their systems up and running within minutes or hours of a
disaster.

Rishi Seth in New Delhi