Disaster recovery (DR) is no more an esoteric concept for most Indian
enterprises; it is increasingly becoming an essential component of their
business dynamics. One of the primary drivers of DR today would be the
increasing options available for integrated enterprise applications. After
having implemented ERP and other enterprise applications, the dependence on
information architectural systems increases, and that is the reason why
organizations, today, are sitting up and thinking-"If these systems go
down how do we continue to run our businesses?" Of course, events like 9/11
and others have sensitized people to what disasters are, and what disasters
could mean for IT setups.
Keeping in mind this growing importance of DR amongst Indian enterprises,
DATAQUEST, in partnership with Comsat Max, organized a five city panel
discussion where CIOs deliberated on different issues related to DR
implementation, in their organizations. Held in Mumbai, Delhi, Chennai, Kolkata
and Bangalore, CIOs debated on issues involved in planning for DR and the steps
involved in implementing a DR program. A look at some important points that
emerged from these discussions:
|
Planning for DR
This is one crucial aspect where most organizations falter. First of all, DR
planning should not only involve the IT personnel but also various business
people from the organization. It should not only be a plan restricted to the IT
department but also incorporate the expectations of the various business people.
Most importantly, the DR plan has to list people who are going to be involved
with it, otherwise the plan is bound to fail. Organizations should realize that
disaster really is a challenge for the entire business, not merely for the IT
department. Therefore, the CEO has to be the champion of the DR plan and the
core team has to have stakeholders from various aspects and departments of the
business.
Secondly, it is imperative to have the DR plan documented and tested
continuously. Without documentation, disaster recovery could instead become an
unmitigated disaster-especially in today's times of high attrition. When a
disaster strikes, the plan should be ready to take care of extraordinary
solutions, which would not be possible without a documented plan. Not only
documenting, a DR site needs to be tested continuously so that it can withstand
the pressures of an unexpected contingency.
Defining a Disaster
Disasters have became synonymous with mega events-events which occur maybe
once in a century or twice in a century-like the Titanic sinking or the plane
crashing into a building in New York. The consensus is that if disasters are
such an infrequent event why bother planning for them! Most of the CTOs and CIOs
are interested in knowing whether the DR facilities are nuclear bombing proof or
not because the concept of a disaster has become linked to war with the neighbor
or a nuclear holocaust.
But then if it's disaster of that magnitude, it might not really be worth
planning for, since we probably would not be in a position to even think about
what needs to be done or how to keep the processes running afterwards. Looking
back at today's need for DR, one would like to define disaster as any event
which could be man made, accidental, internal to your organization or external,
but which could create a situation as a result of which the IT resources are
unavailable for unpredictable periods of time. The key word here is 'unpredictable'.
Disaster can be an event as small as a short circuit or as huge as a
political disturbance in your city-but something that ensures that you are not
able to deliver services to your internal customers for unpredictable periods of
time. So, what are the recovery solutions-obviously solutions that ensure that
there is a restoration of the computer and networking facility within a
predefined, pre-agreed, period of time. Now, we talk a lot about BCP and DR,
which is a subset of it. However, DR is used in relation to the IT
infrastructure-a business continuity plan which basically ensures not only
that the IT infrastructure is up but also that the people and the processes
associated with it are also functional, thereby ensuring steady, seamless data
and information flow within your organization.
|
Outsourcing DR-is it on?
Outsourcing, here, would primarily depend on the size of the organization.
Bigger enterprises which could afford to have their own DR sites, might not look
at outsourcing. However, it should not be only a question of monetary muscles,
but also of technical expertise. Take the case of BPCL-the company has
invested Rs 60 crore on a DR site, and no third party would have the capability
to manage an operation of that scale. In such cases, obviously, there is no need
to outsource. However, smaller enterprises should look at a third party, and the
third party itself should be a large reputed company that possesses the relevant
skill sets.
|
These enterprises also have to ensure that their DR partners are
adhering to strict parameters of corporate governance. Care should be taken to
ensure that stringent SLAs are in place, the service provider must be
accountable for any discrepancies. Outsourcing DR makes economic sense for
smaller companies only in cases where the third party vendors themselves invest
on hardware.
|
Rajneesh De in
Mumbai