http://www.informationweek.com/story/showArticle.jhtml;jsessionid=MGTYF2PYUBHQ0QSNDBESKHA?articleID=56200650 By Martin J. Garvey Jan. 3, 2005 Business-continuity plans are good, but not good enough. Almost 80% of 300 respondents to InformationWeek Research's Outlook for 2005 survey, part of our quarterly Priorities series, say business-continuity plans are in good enough shape to ensure operations continue even in the event of a terrorist attack, but nearly 70% also cite business-continuity planning or disaster preparedness as a key priority this year. "There's always this dichotomy because companies include operational recovery and disaster recovery under business continuity," says David Hill, an analyst at IT market-research firm Mesabi Group. "Disaster recovery is in place, but few companies have covered all operational needs." They may have smart processes and technology to deal with extreme emergencies but not, say, for recovering data after a virus attack. Other areas for business-continuity improvement may center on performance issues. Companies are protected with backups on tape but likely would prefer a faster medium when they need to recover data. "With tape storage, recovery could take hours, and even days," Hill says. MidAmerica Bank, a wholly owned subsidiary of financial holding company MAF Bancorp Inc., has set up mirroring and recovery between sites on hard-disk storage--using a combination of Symmetrix Remote Data Facility and MirrorView software from EMC Corp., the bank moves information from headquarters to a hot-standby data center. That's the highest form of availability, with the company able to assure business units of data recovery within four hours, but the bank still wants to finesse its continuity efforts. That's because not all applications need to be recovered within four hours. So in 2005, Paul Stonchus, first VP and data-center manager at MidAmerica Bank, plans to create a multitiered recovery infrastructure. Under that plan, only five applications require recovery within a four-hour period. No hot-standby server will need to be at the recovery site for lower-ranked apps, so the bank could redeploy those servers as needed. If a case can be made to add other apps to the fast-recovery list, they will be added. "Our business units review their business-continuity processes, and we tie contingencies to our disaster-recovery plan," Stonchus says. "Our IT perspective is to always make data available to our users." There's always room for improvement in planning because companies learn from experience. Doug Smith, IT disaster-recovery manager at Southern Co., a utility-holding company, says Hurricane Ivan tested plans last year. "We already have much-improved communications-infrastructure views, but we're finding out what went wrong with our handling of Ivan," Smith says. "Our plan in 2005 is to combine the right combination of IT and operations so we have the right resources for support." But not everyone puts business-continuity plans into practice--and that's a problem. "Most business-continuity plans sit on a shelf, and they're never tested," says Peter Gerr, an analyst at IT market-research firm the Enterprise Strategy Group. "One out of five recovery efforts fails." _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Jan 04 2005 - 06:23:42 PST