when bad things happen to good businesses

8/9/2019 When Bad Things Happen to Good Businesses

http://slidepdf.com/reader/full/when-bad-things-happen-to-good-businesses 1/14

Moving from DIY Disaster Recoveryto Unfailing Business IT Resiliency



•

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

The Changing Face of IT Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Are You Being Lulled into a False Sense of Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Where DIY Disaster Recovery Falls Short . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

It’s Not About Disaster Recovery – It’s About Business IT Resiliency . . . . . . . . . . . . . . . . . . . . . 11

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13



•

Whether you’re in charge of your organization’sinfrastructure or are responsible for minimizing

risk throughout the environment, IT infrastructureresiliency is likely top of mind.

This E-book explores the costs and impactsof unexpected business disruptions, and thetendency for businesses to rely too heavilyon do-it-yourself (DIY) recovery methods. Itillustrates why the DIY approach often falls short,and the consequences when DIY recovery fails.It also outlines in what ways DIY solutions differwhile explaining other ways to ensure businesstechnology resiliency.



•

Organizations like yours have no choice but toinvest in IT recovery. Your stakeholders, customersand employees are completely unforgiving of anydowntime — they simply expect their apps andsystems to work at all times. But are you makingthe right investments and taking the right approachto ensure true resiliency?

Easy availability of computer resources — such asco-location and simple virtual machine recoverybackup tools — have made disaster recoveryappear so easy that organizations sometimesbelieve that alone is enough for business resiliency.In fact, many CIOs are investing signi cant fundsto build secondary data centers to serve as areplicated site, making co-location the secondhighest area of investment for disaster recovery. 4

While these technologies offer great promise and

have made life a little easier when it comes torecovery, here’s the problem:

• None of these tools perform application orinfrastructure discovery to nd the shadowor forgotten IT platforms where criticalapplications reside.

• None of these approaches reveal the complexinterdependencies between hundreds ofapplications that run the business — nordo they subsequently address the processexpertise needed to orchestrate recovery ofenvironments on disparate tiers.

• None of these approaches handle the peopleand staff impact. Speci cally, can IT folks getto work at that second data center in case ofan outage?

4 Ibid



•

The result? Business processes stall andcompanies come to a halt because there isn’tconsistent recovery performance to bring all criticalapplications, data and infrastructure back onlinerapidly enough.

Knowing the facts we’ve just presented, areyou still con dent about your organization’sresiliency strategy? Can you really meet yourde ned RTO and RPOs? Often, de ned RTOs arevastly different than achieved RTOs.

Even if you manage to achieve a stringentSLA of say, a six-hour RTO, it means nothing ifstakeholders expect or assume a much faster timeframe given the real risks or needs of the business.

HAArchitecture

SecondDatacenter

Easy accessto compute -

1153 coloproviders

Load balancingcapability

with exibleresource pools

BusinessResiliency

Figure 1 . Readily available technologies and computeresources do not equate to business resiliency.

Figure 2. The majority of companies receive a failinggrade for their disaster recovery program.

A

B

C

D

F

51%

22%

16%

9%

2%



•

As much as organizations like to think that disasterrecovery is only needed in the event of “disasters,”such as hurricanes, storms, oods or man-mademalicious attacks, those account for a smallpercentage of downtime. As shown in gure 3, thetop causes of downtime are largely man-madeor operational in nature.

Many businesses attempt to handle recoverieson their own. But planning, implementing andexecuting a recovery is complicated. Here’s whymany DIY disaster recovery attempts fail:

Misconception. A misperception that the cloudmakes disaster recovery easy. Enabling full

recovery of all business processes end-to-endrequires far more than storing and accessing datain the cloud. Every application relies on the network,

rewalls and load balancers. If you’re running anapplication and replicating it to the cloud, all of theother components of that application stack must bereplicated to ensure a complete recovery. Otherwise,you can recover your infrastructure and data, but notyour entire business.

Figure 3. The top causes of downtime are man-made or optional in nature.

Human Error Unexpected Patchesand Updates

Server RoomEnvironment Issues

Power Outages Onsite Disasters

60% 56% 44% 29% 26%

DRJ/State of Disaster Recovery Spring 2014 Survey

67% of disasterdeclarations arecaused by eitheroperational failures orman-made mistakes.

- Forrester/Disaster Recovery Journal,November 2013 Global Disaster Recovery



•

Complexity of hybrid IT environments andchange management. Most companies relyon multiple operating systems and it’s hard torecover such an environment. For the most part,IT managers are on top of their game managing

integration technology to make all systems worktogether smoothly at top ef ciency. But ensuringbusiness continuity and disaster recovery for ahybrid environment is much more complex andrisk-laden.

To reliably recover a hybrid environment — andyour applications and data — you need to replicatethe precise mix of servers, storage, operating

systems, hypervisors, networks and softwareversions. And that means keeping abreast ofany and all changes to that mix at every momentin time. After all, business applications areinterdependent on one another — the unavailabilityof even one system or application can trickle downto impact many business processes.

Understanding true costs. Don’t know whatyou don’t know and costs quickly spiral outof control. Sungard AS has found that 70% ofits customers lack up-to-date con gurations and40% have gaps in con gurations. That means they

have a discovery problem because they can’t becertain about the make-up of their environment.This lack of clarity can lead to big expenses. Thinkabout it this way: Costs associated with disasterrecovery span recovery infrastructure, backup,labor and additional services. You can fairly easilypredict labor and backup costs. The cost foradditional services, such as consultants, is hard topredict, but tends to be relatively small. But costsfor recovery infrastructure can be signi cant. Atthe same time, they can vary greatly companyby company, so it’s not really possible to use abenchmark as a predictor.

Recovery starts withgood data, but gooddata requires reliable

backups. More than40% of customers fail adisaster recovery testdue to poor backups.

- Sungard AS Customer Survey



•

Lack of personnel and expertise. Manyenterprises think they can design a few toolsfor disaster recovery and they’re all set. Butthey forget the human cost and effort to recover theentire business environment. For instance, your IT

manager may need to order equipment, but not beable to get it delivered for a few days.

Or your organization may not have the rightperson in-house to properly conduct a disasterrecovery test. In other words, it takes quite a bit ofcoordination of technology, people and processesto enable effective disaster recovery. And many

companies simply can’t pull this off.

Virtual Machine DeploymentThe ease of virtual machine deployment can contribute to one of the biggestchallenges in recovery. VMs can be created and deployed more rapidly thanchange management processes can verify that all of the latest productionchanges made it into the recovery environment. Even if everything isidentical, a bare-metal restore from a cloud provider can play havoc withrecovery time objectives.



•

A summary of the DIY disaster recovery costs thatmany companies commonly overlook:

• Accounting for the additional burden that DIYmeasures place on internal disaster recoveryand IT teams, including costs for travel time,additional coordination, and the orchestrationrequired for the various platforms.

• The cost and steep step-function associatedwith storage and infrastructure lock-in at athird-party secondary site.

• The operational costs if a recovery is delayedor fails completely during a disaster event.

IT isn’t given enough budget to address therisks associated with disasters. Demands forbusiness uptime are on the rise, but the reality isthat IT staff is typically dedicated to managing corebusiness processes and applications; its secondaryresponsibility is disaster recovery. In otherwords, the majority of IT resources are focusedon the operating environment, and a very small

percentage to disaster recovery.

A false sense of security due to over-investment. Once they decide to go the DIY route,many organizations over-invest in co-location, highavailability architecture and lots of technology. Butwithout the right people, processes and preparation

— including testing the recovery environmentmultiple times per year — all of this investment isfor naught. And 23% of organizations admit theynever test. 5

66% of IT decisionmakers at enterprisesrated improving BC/

DR a critical or highpriority for 2014…but only 5.8% of IToperational and capitalbudget is allocated toBC/DR.— Disaster Recovery Journal and Forrester

BC/DR Market Study: The State of DRPreparedness, March 2014

5 DRJ and Forrester BC/DR Market Study: The State of DR Preparedness, March 2014



•

Ultimately, business stakeholders want allemployees to be productive and 100% ofapplications running with as little interruption aspossible. However, disaster recovery is only oneaspect of business IT resiliency.

To ensure true resiliency, your company musttake disaster recovery to the next level byleveraging the DR environment for testingand development. By doing so, you continuallyimprove your IT infrastructure, ensure employeeproductivity, and maintain customer satisfaction forthe sake of revenue growth.

In other words, what matters most is ensuring thatyour business is conducting business, not justperforming recovery. Let’s illustrate what this lookslike in the real world.

The Case of the FragmentedInsurance Carrier

Without the proper disaster recovery processesin place, a company can come to a halt, affectingnot only routine tasks, but putting its reputation onthe line for future business. Business IT resiliencydepends on addressing disaster recovery, but itdoes much more.

Over a period of 25 years, an insurance companyspecializing in commercial and personal insurancegrew exponentially by making multiple strategicacquisitions. Its IT environment grew along withall the acquisitions. The company now managesover 430 physical and virtual machines running amix of Oracle enterprise applications and customvertical applications.

Its business processes, such as processingclaims and claim adjustments, must all work inconcert to ensure accuracy and consistencyamong all of the different platforms anddatabases.That means its recovery planmust address multiple applications anddata in a diverse IT infrastructure.



•

When the company was assembling a recoveryteam in response to a natural disaster, a debilitatingDDoS attack brought down its commercial accountweb portal. This portal housed customer data,including client lists, SSNs, nancial data and credit

scores. The inability to view client data in the eldmade it impossible for the company to conductbusiness as usual.

The Case of the StormyDistribution Company

How quickly critical applications and data can bebrought back online can make a difference to yourbottom line. A large-scale ne foods distributorin the Midwest was operating at peak ef ciencywhen a sudden storm snapped the power lines toits data center for 18 hours. Even as the recoveryteam worked under erce pressure to bring all thesystems back online simultaneously, collateraldamage rolled up and down the supply chain as allthe just-in-time warehousing data went blank.

Critical retail and supply chain applications wentdown. ERPs and custom-built apps for WarehouseManagement, Forecast & Replenishment andOrder Entry were not working as needed. Theresult? A great deal of perishable food didn’t get

moved before spoilage…waste set in and thecompany found itself with a huge revenue loss.

The lesson in these tales? Companies cannotafford downtime — they need zero businessprocess interruption. But you do not have toshoulder the responsibility alone. With the rightpartner, the right cloud technology and the rightmanaged solution, enterprises can tap into cloud-

based recovery for always-on, always-availabletrue business resilience.



•

Sungard Availability Services provides managed IT services, informationavailability consulting services, business continuity management software,and disaster recovery services.

To learn more, visit www.sungardas.com or call 1-888-270-3657

Sungard Availability Services650 E. Swedesford RoadWayne, PA 19087

[email protected]

Phone: 1-(888) 817-0925

Trademark information

Sungard Availability Services is a trademark of SunGard Data Systems

Inc. or its af liate used under license. The Sungard Availability Serviceslogo by itself is a trademark of Sungard Availability Services Capital,Inc. or its af liate. All other trade names are trademarks or registeredtrademarks of their respective holders.

http://www.sungardas.com/

http://www.youtube.com/user/SunGardAS

https://twitter.com/SunGardAS

https://www.linkedin.com/company/sungard-availability-services?trk=company_logo

https://www.facebook.com/SunGardAS

http://www.sungardas.com/

when bad things happen to good businesses

Documents