Disaster Recovery and Backup 1
Disaster Recovery and Backup
Stephen Craig
6 July 2008
IT 230
Disaster Recovery and Backup 2
Introduction
Common natural disasters area a leading cause of data loss says Bud Stoddard, AmeriVault
President and CEO. Events such as the 8.3 earthquake that struck Hokkaido Japan September 25,
2003 and the firestorm in San Diego just weeks ago are just two examples of how natural
disasters are devastating millions of unprepared businesses around the world. These are not the
only events that must be considered, however. The terrorist attacks against the US on 9/11/01
and the biggest blackout in North American history in August 2003 are examples of man-made
disasters.
A 2002 U.S. Bureau of Labor study showed that 93 percent of companies that lose a
significant amount of data fold within 5 years. Another survey found that only 60% of businesses
have a credible disaster recovery plan that is up-to-date, tested, and executable. But just any plan
won’t do. A business recovery plan is a live document, it need to change, evolve, and mature,
says Joe Richardson, executive vice-president of operations and administration at CIT.
In this paper, we will explore the pros and cons of basic prevention, outsourced
prevention, and advanced prevention. We will also report on Implementation strategies, how to
choose a method, return on investment, planning, and testing. We have also included a case
study as an example of why disaster recovery planning is so important to businesses today.
Basic Prevention Off-Site Tape Back Up
We are going to share a few different ways to help insure that data is safe in case of a disaster.
Unforeseeable problems such as fire, floods, viruses, theft, or corruption are just a few of the
disasters that can a strike a business. And because data equals money, they need to have their
data protected, somehow, someway either backed up and/or replicated off site. According to
Rick Lacroix of EMC in Hopkinton, Mass. Information protection has taken on new importance
over the past several years and customers and companies of all sizes are looking for ways to
safeguard their information.
One way to preserve the safety of data is tape backup. There are several software and off-site
facilities that will provide a service to customers needing this protection and it is not unusual for
an enterprise to spend 25% of its information technology (I.T.) budget on disaster recovery.
Many companies have tape backup as their entire disaster recovery plan. For some businesses
this is all they need or can afford although this is the least costly of the options presented in this
report, it is a risky way of ensuring your data is safe. Unless the media is moved off-site, a
disaster has the potential to destroy your backup tape along with your original data. Obviously,
this is the least expensive way to protect your data, but one must way the cost of storing data off-
site as opposed to the importance of the lost data. Research has shown that more than 80% of the
businesses suffering from catastrophic data loss have gone out of business within 12 months.
This shows the importance of data and computers in businesses of all sizes.
Outsourced Prevention Offsite data center
There are many alternatives to data recovery systems. No matter the size, all organizations need
to consider having some type of a data recovery system in case a disaster strikes. According to
Claude Brazell, U.S. program manager for business-recovery services at HP in Santa Clara,
Responsibility for disaster-recovery planning still falls to I.S. 99% of the Time. The I.S.
Disaster Recovery and Backup 3
organization needs to evaluate and analyze the impact of a loss of company data. This
evaluation leads to a plan to protect the company information so that they will be able to recover
from a major disaster.
Offsite disaster recovery vendors offer many services and full security of their client’s data. On a
recent visit to the SBC disaster recovery center in Irvine, we were able to see first hand some of
the different options offered to companies to meet their individual needs. For example, options
include office space rental so that a company would have somewhere to work and address
critical business issues in an emergency. Clients are allowed 24-hour access to their data and
technical support is on available around the clock. Back-up generators supply power in case of
emergency and the electricity runs through a power conversion system to ensure its purity. The
data center utilizes the latest in fire suppression technology; systems constantly sample the air,
monitoring for possible fire or flooding. Depending on severity, either dry pipe suppression or
temperature reducing measures will be enacted. SBC also offers service in other geographical
areas, allowing a company to distribute risk in multiple areas. It is in a company’s best interest
to not keep all of their eggs in one basket and research all options available in order to protect
their business data. Prevention is better than cure.
Advanced Prevention Hot Site plus tape
All organizations main objective is to resume business as usual within a reasonable amount of
time. But why should a company invest in a costly disaster recovery plan? Nearly one in three
companies operate without a formal DR strategy in place according to Imation Corporation.
Natural disasters only account for three percent of incidences reported by BI-Tech. However,
since 9-11, the power outages across the nation, viruses, and many natural disasters recently have
changed many organizations opinion of having such a plan.
So how does an organization implement a strategy? First management with I.T. must work
together and agree that a hot site is necessary. The second is to determine a geographic area for
this location. The hot site must be equipped with servers, networking capabilities, tape and disk
storage. This steering committee must be held responsible for the follow through of the DR plan.
Frequent tests must be performed to ensure the integrity of the data, software, and hardware.
Lastly, document the plan and maintain a copy onsite and offsite the organization.
How much would a plan cost to be implemented? There are several different types of products
that can be purchased such as firewalls and external tapes recorders which all vary in cost.
Equipment may also need to be purchased to activate the secondary site. In addition to the
hardware and software, communications such as cellular phones, satellite phones, and fax, must
be taken into account. A secondary power source, such as a diesel generator, is necessary
considering the purpose of the structure. There will be several on-going costs like rental space
and consulting.
Maintenance is crucial in a successful implementation of a DR plan. Updating software and
hardware, periodic testing of the system, procedures, and constant training of employees must
continually be visited. No one can predict what may happen but it is always safe of an
organization to be prepared for the worst case scenario.
Disaster Recovery and Backup 4
Implementation Strategy
Specific disaster recovery strategies vary by company; the primary reasons are the differences in
reliance upon I.T. and the time required to recover in case of a disaster.
One measure of reliance is determining the I.T. operating budget as a percent of the total
operating budget. Another measure of reliance is to simply evaluate operations to determine
how long it can run without a given computer system. Tape recovery yields the longest amount
of time following a disaster, while a hot site would provide the fastest recovery time.
Some organizations spend a great deal of money on business continuity; the nature of the
problem prevents any organization from achieving a 100% foolproof solution. However, there
are diminishing returns when spending money on disaster recovery. A company can gauge an
appropriate amount by doing the following:
1. Listing disasters that might occur based on the geographic location of the I.T. systems,
proximity to major cities, and business type
2. Multiply the number of days of downtime based on a given disaster times average
revenue lost per day
3. Average those figures
4. Compare against costs of each proposed recovery method
Finances may limit a company to a given budget for disaster recovery; the method above gives a
rough idea on the costs of a disaster; since disaster recovery is effectively an insurance policy,
managers can weigh the return on investment for each method.
After choosing a given disaster recovery method, I.T. departments must plan for its
implementation. This plan should address the concerns of a business in the case of a disaster,
plus provide expectations for recovery given a disaster. A good plan should be tested at least
annually. Per Sarbanes-Oxley regulations, there are requirements for public companies to test
their disaster recovery plans. Testing, while painful, is a necessary part of a good plan. A false
sense of security can oftentimes do more damage than not having a plan.
Conclusion
In summary, careful planning and diligence in plan execution are necessary to implement a
business continuity strategy. The expenses associated with carrying out DR plan vary with each
organization; as long as companies rely on computers, there will be a need to implement a
disaster recovery plan.
Disaster Recovery and Backup 5
Bibliography
Cantor Fitzgerald - Forty-Seven Hours by Edward Cone and Sean Gallagher
http://www.baselinemag.com/article2/0,3959,675273,00.asp
Computer Weekly, 9/9/2003, Anthony Adshead.
http://encarta.msn.com, 1997-2003 Microsoft Corporation
http://interchange.novastor.com/datasheet/tapecopy.html
http://www.computerwork.com/securitytopics/security/recovery
http://www.horizons.bc.ca/support/disasters.html
http://www.simplesan.com/benefits/dr.htm.
http://www.swc.com/new/articles/disaster.html
Information Management Journal, November / December 2003.
Richardson,,Joe: Executive Vice President of Operations and Administration at CIT.,The
Secured Lender, Disaster Recovery Planning are you prepared?, Mark Elmerick.
Stoddard, Bud: AmeriVault President and CEO, Information Management Journal,
November / December 2003.
The Secured Lender, Disaster Recovery Planning are you prepared?, Mark Elmerick.
World Trade Center, Microsoft Encarta Online Encyclopedia 2003