The changing face of business continuity

OUT-LAW News, 09/08/2006

There’s long been an understanding that a contingency plan needs to be in place to protect a business in the event of some kind of calamity – indeed, this forms the basis of the insurance industry, which has been going since the days of the Babylonians, circa 1750 BC, when merchants would insure loans against the risk of the shipments being stolen by pirates.

This article was contributed to OUT-LAW by Ian Bond, Consulting Systems Architect, Cisco Systems UK & Ireland

Today’s rigorous market conditions demand something more than recompense in the event of disasters – there is a real need to keep a business up and running in order for it to remain competitive. The risk to customer confidence, brand value, market position and the financial implications of being kept from doing business for any period of time are too great to be ignored. Further to this, the nature of the threats involved is expanding in scope, and having an impact over larger physical areas. And of course, there’s always the pressure from regulators to reduce corporate risk exposure – another area in which our Babylonian predecessors had an easy ride.

Where pirates or storms were the ancient Babylonian’s principle concerns, today CXOs must be concerned with natural and man-made disasters on a scale that would have boggled the minds of the ancient businessmen. Although natural disasters are as much of a problem as ever, the increased reliance on digital information and the networks that form the life-blood of most modern businesses means that there is a new breed of threats that need to be considered; those that might impact your customer and operational data. As the nature of the risks change, so must the contingency measures.

What’s the worst that could happen?

“What’s the worst that could happen?” is the first question any business should ask when coming to devise a business continuity plan. Although the nature of the risks vary, the issue of consequence is the cost of an outage – if you had a complete stop on all business operations, from sales, to accounting, to supply chain, and so on, how much would that cost your business.

Once the operational losses are totted up, from lost sales opportunities, cost of getting back online and so on – and this can amount to millions of pounds for a large enterprise – there is the impact on share price. Financial services and internet companies have both seen a dramatic impact on their overall valuation following well-publicised outages, and the emergence of millions of weblogs over the last couple of years will ensure that any outage that touches customers will be publicised.

The threats

Disasters on the scale of London’s 7th July bombings are extremely rare, and will hopefully continue to be so, but do need to be planned for nevertheless. The range of man-made threats has potentially far wider impact than before – the (slim) possibility of a dirty bomb in any urban centre often foils many contingency plans, as it could take out an entire urban area – many businesses place their second ‘backup’ data centre within a few miles of the primary site.  Similarly with digital threats – malware, denial of service attacks and user error can result in servers, branch offices and even data centres going completely out of commission for indeterminate periods of time.

Some of the same measures to protect against the potential man-made physical threats can be implemented to secure against more mundane threats – for example, a power outage within a certain range of your first data centre might also hit your second, if it stands close by. If you co-locate some distance away, possibly in a completely different city, you would have a measure of security against this.

Similarly with natural disasters; whilst hurricanes are few and far between on the British Isles, floods are less rare; snow has been known to knock out power supplies and isolate urban areas, and the threat of a natural epidemic putting an area into quarantine, whilst potentially far fetched, should be considered.

Technology supporting planning

The historical need for the nearby co-location of data centres was due to the prohibitive cost of creating high-speed links between primary and secondary sites over large distances. This issue has been resolved with the increasing availability of multiprotocol Storage Area Networks (SANs), supporting fibre-channel over IP (FCIP), a technology that enables very long-distance co-location of data over thousands of kilometres. Cisco itself, for example, has two data centres, one located on the West Coast of the United States, and the other on the East Coast – cities more than 2,500 miles apart. Through use of FCIP to extend the storage infrastructure, a disaster recovery process is in place which, in the event of one data centre going down, the other will keep staff, partners and customers at US and other global sites up and running.

Further to this, new wide area acceleration technology is allowing branch offices to consolidate their data into central silos, enabling more straightforward business continuity planning. Where implementing manual backup measures at local branch offices can prove complex to administer and slow to restore, maintaining a central data store means that all a branch office needs to restore its business operation is a new site – and this is something that can be made available from many data centres. CSC UK, the UK arm of a global consulting firm, has used wide-area file services technology to consolidate their site data, ensuring that data management, backup and restoration will be more straightforward.

For businesses such as those in the financial sector, with the need to provide a continuous data protection environment, advanced technologies integrated into the storage network enable continuous, transactional backup of data to a secondary site.

As far as protecting the integrity of the networks on which this data circulates, careful security planning is needed; as a central infrastructure supporting the applications critical to business functions, it is key that corporate networks have enough intelligence to defend themselves against fast-evolving digital threats.

Conclusion

Business continuity planning is not about frightening the board into assigning money to defend against unlikely probabilities. It is about taking a realistic assessment of the cost of downtime to your business, and putting proportionate measures in place to secure against those risks; whether they come from man made or natural disasters, physical or digital threats, or a result of complying with regulatory requirements.

New technologies, including FC-IP, continuous data replication, intelligent self-defending networks and wide-area file services make long-distance co-location and consolidation of data into secure centres more straightforward and cost-effective than was previously possible; supporting a new breed of business continuity solutions to protect against the new breed of threats that businesses are now facing.

See: www.storage-expo.com

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer