Technology briefing: Reluctance to pay for business continuity can lead to costly mistakes
Business continuity could be said to be the ultimate grudge spend. Unlike security, which can be presented as a positive asset, business continuity solutions come into play when the worst happens, and only then. Due to this invisibility, it is easy for it to slip to the bottom of the list of expenses, and be the first thing to be neglected when budgets get squeezed. However, this is a dangerous trap to fall into, as the business damage resulting from even a relatively minor incident can be huge. SC helps you take a look at the latest tools, consultancies and techniques to keep your business going in the worst case.
Whatever the actual disaster, whether major or mundane, the results can be similar if no planning has been undertaken. So the first step is – a business continuity plan. This will vary according to the business and its assets. However, broad guidelines are available: the Business Continuity Institute (BCI – www.thebci.org) has both good practice guidelines and more in-depth advice on relevant British Standards. The BCI guidelines identify six business continuity management stages.
These six principles explain the process and terminology of business continuity management in a way applicable to all organisations, regardless of size or industry sector, and are intended for use by business continuity management practitioners, risk managers, auditors and regulators, says the Institute.
This is the most common problem in a disaster – recovering lost business data. Once the preserve of a backup tape and a safe deep in the IT department, the options are now enormous. For SMEs, physical backup is still a cost-effective method of mitigation, but the opportunity for human error is large and if backups are left onsite then a fire, for example, still damages or destroys the backup along with the original.
Online backup is the obvious method of backing up valuable data offsite. However, the security concerns attached to this are considerable. Encrypting the data both in flight and at rest is vital, while ensuring that the third party is trustworthy is key. This is of particular importance for businesses seeking to comply with legislative demands to back up customer data.
SecurStore DS-Client is an online, automated and managed data backup and recovery tool that claims to be agentless and covers virtualised environments. Data is compressed and de-duplicated and a new encryption key management tool can store and maintain encryption keys for DS-Clients.
A more wholesale solution is Neverfail's technology, which clones and then maintains a real-time copy of all data and settings of Microsoft Exchange from a primary server to a secondary server. Should a problem occur, Neverfail will attempt corrective action, switching to the secondary server as a final resort. The company says the system is totally seamless in operation, removing the need for recovery techniques.
There are SME-targeted services, for example, Siber Systems' GoodSync – an automatic synchronisation package that analyses, synchronises and backs up emails, financial documents and other important files locally as well as remotely through FTP, SFTP, WebDAV, local networks and the web.
One of the top buzz-words in IT at the moment, virtualisation offers many benefits and business continuity is one of them. Instead of having to mirror vital data held within the organisation onto a secure alternative site outside the organisation, having a virtual environment means that the data can be held externally and additional virtual machines can be easily and cheaply created to minimise risk of data loss.
However, there is a technical downside – virtual machines are easy to create, but need to be managed correctly, otherwise duplication or gaps in backed-up data can occur in a sprawl of unmanaged virtual machines. Additionally, traditional backup products assumed a one-to-one ratio, such as one physical server to one operating system. However, virtualisation operates on a one-to-many ratio, which can degrade performance of non-optimised solutions. Other barriers to cloud-based virtualisation adoption are the high initial expenditure, which can be prohibitive, and a perceived lack of internal control over systems. However, these are both being gradually eroded by falling costs and increasing demand for cost savings.
One example of virtualisation in action is Plan B DR's, which recently launched a fully managed, virtualisation-based IT disaster recovery and backup service for SMEs. The company claims to use “unique” server image capture and P2V conversion technology to create virtual machine copies of a company's servers. The company's “intelligent snap-shotting appliance” plugs into a company's network and automatically takes copies of its IT systems; these newly created system images (rescue images) are automatically tested, so in theory they will be available within 15 to 30 minutes of a disaster. All transmitted data is protected by strong encryption and PKI technologies, according to Plan B DR.
Of course, a slew of manufacturers has begun to offer support for both virtual and physical servers in order to bridge the gap. CA's XOsoft claims to offer data protection and “near-instantaneous” failover and restoration via WAN-optimised replication of databases, along with continuous data protection with “Rewind” for granular and fast recovery, plus the ability to take VSS snapshots for periodic protection. It also offers automated DR testing and web-based centralised management. It supports both physical and virtual servers such as VMware Infrastructure and ESX, Microsoft Hyper-V, Citrix XenServer and Virtual Iron.
Of course, in the event of a natural disaster, aside from power constraints, communications networks would be the next point of failure. Fixed line services can be disrupted by relatively minor events, such as high winds or localised flooding, and mobile networks begin to collapse in quality within an hour of a local power failure. According to the Government's UK Resilience website, “[Mobile] infrastructure is designed to revert to backup batteries. After around an hour on battery, supply services become increasingly degraded.” There is a considerable variety of alternatives, depending on the mission-critical issues identified by the business continuity plan.
Many enterprises choose backup connectivity solutions, such as CI-Net's RedKite service, a “leased line in the sky” WiMax-ready 2-100 mbps internet service. Currently available in 11 UK locations, including parts of London, Birmingham and Oxford, such services allow businesses to mitigate the loss of wired connectivity to a certain extent.
Other options include satellite-based connectivity, but this can be prohibitively expensive and bandwidth is restricted.