Data centres infrastructure is looked upon to provide a certain degree of agility coupled with next-gen concepts. Eric Hennessey, Business Continuity Solutions Evangelist, Symantec Corporation, gives a perspective on current and way forward.
Presently, what is the main challenge in the business continuity that organisations are facing?
The biggest challenge in business continuity is to replicate the data. For some IT shops, replicating the data from primary workload site to the recovery site seems to be the biggest cost factor. For large enterprises, which operate multiple data centres, their DR piece is fairly easy to them. For example, if an organisation has data centres in both Mumbai and Delhi, then the workload in Mumbai can fail-over to Delhi and vice-versa. For a smaller organisation, it would be utilising third party services fail-over to the cloud. One of the technologies we are collaborating with Microsoft is on DR-as-a-service, where Microsoft Windows customer can easily fail-over to Microsoft Azure cloud services. How CIOs optimise the cost of the business continuity plan is going to be driven largely by how much real-estate they own.
There are concerns when it comes to DR-as-a-service on how secure is the data in such a set-up, and ultimately whose job it is to assure the safety of the data. Please elaborate?
A lot of it depends on the nature of the contract with the hosting provider, but ultimately it is the owner of the data who maintains the responsibility. From legal perspective, the provider has to be careful in case any data is leaked from the hosting site to the public. For example, a retailer who has bunch of customer records that are located in a cloud service, in case of a data leak, will definitely point out the cloud provider.
How can organisations leverage social media as part of their crisis communications plan?
Crisis communication is not a part of IT disaster recovery planning. However, lot of infrastructure that crisis communication depends upon, falls under DR. It is very critical where the infrastructure of it will be hosted. For instance, one of the customers, whose facility hosted the infrastructure notifying employees of any downtime, was affected and those notifications could not go. Depending on the nature of business and how much is communicated internally and to the customers, it should be a part of something that is hosted elsewhere. If main focus of the crisis communication is outage communication and notifying people of IT system outage, then that should not be hosted in internal IT systems. It is very critical to understand interdependency between different application components.
There are lot of standards in BCP. How can organisations decide which is the best for them?
It depends on the nature of the business. If it is a financial services company, it will fall under the financial regulation. Regardless of what standards an organisation is going to use, it must meet the requirements of the federal regulations. From there they can choose a standard according to their specific business need or unique to their applications. But regulatory requirement will always trump any industry standard that exists.
Presently, how is the way data centres being architected changing in terms of BCP?
In data centres prior to virtualisation, every application was on different servers and prioritised applications were protected by some sort of clustering solution. But now, data centres are architected around continuous availability. These days every company is an IT company. The emphasis is on fail-overing applications if a system fails, or if load changes then moving them around, or in a more dynamic environment one can move CPU or memory to that application. Designing for availability right at the beginning is becoming very critical for organisations.
What is one thing that I/O professionals need to remember while preparing DR from natural disaster perspective?
It does not matter if the outage is caused by an earthquake or a flood. An outage is an outage, and data centres have to be designed to protect against those. Organisations do not know what they have to protect against all the time. It is important not to subject both primary and secondary site to the same problem, and keep in mind that both these sites should not be affected by most likely disaster.