One on one with Richard Coccihiara of IBM
Nobody denies the need for disaster preparedness. Unfortunately, its very nature and the myriad of ways things can go wrong makes it a highly challenging topic for enterprises.
We asked IBM (NYSE: IBM) Distinguished Engineer Richard Cocchiara a number of questions on how businesses may better plan for disasters, as well as what to watch out for to best leverage the cloud. With more than 30 years under his belt at IBM, Cocchiara is the chief technology officer and the managing partner of consulting for IBM's Business Continuity and Resiliency Services.
FCIO: What are some of the most common mistakes or assumptions that companies make relating to disaster recovery?
There are several common mistakes companies make relating to disaster recovery. The first is not getting executive management buy-in and sufficient participation by the business side of the house when it comes to establishing a business continuity program. Without both executive buy-in and business line participation, any chance for a working business continuity plan will be lost.
Another common mistake is not having an accurate inventory of all critical technology and how they relate to the applications necessary to run the business. Maintaining an accurate configuration database is critical if technology is to be recovered in a timely manner. Another is not testing enough or realistically. Testing ensures plans will work when needed.
Finally, assuming that employees will conduct themselves in a logical manner and follow plans during a regional disaster is just asking for failure. Employees are human and will be more concerned with the well-being of their family and their homes during an event like a hurricane, earthquake, etc. Disaster recovery plans must take this into account.
FCIO: How can businesses leverage the cloud to implement disaster recovery?
Cloud can be used to ensure that data backup takes place offsite from a client's primary location in a cost effective and reliable manner. Cloud affords small and medium-size companies with the ability to have a "second data center" without paying for it, and enables larger companies to take advantage of the geographic diversity of a cloud provider. Companies should look to leverage cloud for backup and for server failover when necessary.
In addition, the cloud provides for certain critical functions, like business continuity planning software that could be accessed from remote locations during a regional disaster. Business continuity plans kept in the cloud are safe, secure and accessible rather then stored on storage devices in the affected data center. To take advantage of cloud, a company needs to start by first understanding what risks the company is trying to mitigate and if cloud helps them achieve that.
Once the high level decision has been made, they need to then understand their technology environment and if cloud can be integrated into it without causing missed service levels or security issues. Once this is achieved, a new integrated disaster recovery architecture can be created and the disaster recovery plans and procedures updated to reflect the change. Finally, test it and adjust accordingly.
FCIO: Do you have any suggestions on how privacy implications of using the cloud for data backups may be alleviated?
Companies using the cloud need to assess the security needs of their company as they relate to data. Critical data may need to be encrypted and security implemented to ensure there is no unauthorized access. For companies looking to use the cloud for backup, the best advice is to talk to their cloud provider to understand what security they have implemented to ensure no unauthorized access to their sensitive data. Not all data is created equal and the goal is to safeguard critical and sensitive data while not paying for excessive security for non-critical information.
FCIO: Won't limited Internet connectivity pose a potential bottleneck to recovering data quickly?
Data access via any network has the potential for a bottleneck. This is another reason why I always suggest to clients that while using the cloud for disaster recovery affords them considerable flexibility, it still requires proper planning and design if it is to meet their goals. Rather then just offer a client cloud capabilities, IBM works with our clients to design a solution that works. This includes sizing their network requirements so as to avoid bottlenecks and ensure the solution meets their service-level needs.
FCIO: Do you have any anecdotes of how disaster preparedness carried the day despite multiple things going wrong?
It is amazing at how little you hear when things go right. IBM has a 100 percent track record for restoring operations for our clients. This is not to say that we don't have speed bumps along the way. There are numerous times when clients have come to one of our recovery centers following an event with a truck full of tapes only to find that their data does not match their configuration information.
Fortunately, we have always been able to work through the problem by using our skilled resources to decipher what the configuration should be and restore the systems back to client use. We have had incidents where clients have arrived after a disaster with their entire family in tow worried about how they will be able to work not knowing where their family will be staying. Again, we plan for this and always have accommodations ready for not only the employee, but their families, including pets, as well.
FCIO: Do you have any other comments or tips to add?
A good business continuity plan is one that is flexible. One that knows that things will not go as planned and that decisions will sometimes have unplanned problems. Sometimes, you have to cobble together several plans in order to address the event. Rudy Giuliani, former Mayor of NYC, when asked how he knew what to do on September 11 simply stated that the city did not have a plan for what to do if two planes hit the World Trade Center.
However, they did have lots of other plans and by pasting together a few of them, they had a workable plan to deal with the event. That is the sign of good planning.
More TechWatch one-on-one interviews:
The fine art of deploying Wi-Fi: Keyur Shah of Aruba Networks
"The biggest security issue I see right now": Tenable Networks CEO Ron Gula
Reducing outages, deployment time, hardware spend: BMC CIO Mark Settle