[ISN] Despite 9/11, IT is 'overconfident' about disaster recovery

From: InfoSec News (alerts@private)
Date: Wed Sep 12 2007 - 23:08:13 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=19&articleId=9036099

By Brian Fonseca
September 12, 2007 
Computerworld

Six years after the events of 9/11, many corporate IT operations are 
overconfident about their ability to handle a disaster, according to a 
Forrester Research, Inc. report released on Tuesday.

The survey of 189 data center decision makers found a severe lack of IT 
preparation for natural and manmade disasters.

For example, the report found that 27% of the respondents' data centers 
in North America and Europe do not run a failover site to recover data 
in the event of a disaster. About 23% of respondents said they do not 
test disaster recovery plans, while 40% test their plans at least once a 
year. About 33% percent of respondents described their operations as 
"very prepared" for a manmade or natural disaster while 37% called their 
sites simply "prepared" for such events.

Stephanie Balaouras, a senior analyst at Cambridge, Mass.-based 
Forrester, said she was surprised at how "overly confident' enterprises 
are about their ability to confront disasters when they their 
preparation is actually minimal.

"Without regular testing, the chance that your disaster recovery plan 
will execute flawlessly during a disaster is pretty slim," said 
Balaouras, who authored the report. "The last thing you want is to have 
no idea how to recover" from a disaster.

Balaouras said that many enterprises are leery of conducting tests of 
disaster recovery plans because they can be disruptive to the operation 
of a data center. For example, testing could require key production 
applications to be taken offline for some time, she said.

And as budgets continue to tighten, IT operations and infrastructure 
staff face growing challenges to justify spending on disaster recovery 
programs and testing, Balaouras noted. Companies can validate such 
programs by determining the potential cost of downtime during disasters, 
including revenue lost by not closing monthly books on time, due to late 
payment costs and to lost worker productivity, she said.

Forrester said that many companies must scramble to create disaster 
recovery programs as partners and strategic suppliers increasingly 
require the corporations they deal with to have redundant systems 
running offsite.

The researcher also contended that companies should have an easier time 
creating such operations today due to improvements server virtualization 
technology, the availability of larger bandwidth pipes, declining 
telecommunications costs and storage area network (SAN)-based 
replication.

"That alternate site doesn't have to be just idle. You can read your 
read only workloads there, like reporting, or have secondary workloads 
like application development and testing, or you can offload backup," 
remarked Balarouas.

 
____________________________________
Visit the InfoSec News Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Sep 12 2007 - 23:27:36 PDT