DR_ Business Continuity Strategies

8/4/2019 DR_ Business Continuity Strategies

1/30

E NT ER PR IS E C IO D EC IS IO NS A PR IL 2 01 1 1

INSIDE

An Explosionof BC and DR

Hospital Curesits BC/DR Woes

Cloud DR and

BC Can SaveYour Business

Mobile DeviceDR: The NextFrontier

PiggybackDR onto

Virtualization

When You'reNot QuiteReady for DR

The WeakestLink

A PR IL 2 01 1 VO LU M E 7

BusinessContinuityand DisasterRecoveryStrategiesCIOs are finding thateffective BC and DR planshinge on an understand-ing of emerging tech-

nologies and confidencein their supply chains.

Enterprise

CIODecisionsGuiding technology decision makers in the enterprise


2/30


3/30

server rooms

that requireGPs NaviGatioN.

W g ha virualizaion can driv a br ROI. Highly crifid

by Microsof, VMwar, HP and ohrs, w can valua, dsign

and implmn h righ soluion for you.

Wll g y f CDW.c/lzn

soLveD.

2011 CDW LLC. CDW, CDWGand PeOPLe WHO Get It ar radmarks of CDW LLC.
http://ad.doubleclick.net/clk;236471861;60113042;u;pc=[TPAS_ID]http://ad.doubleclick.net/clk;236471861;60113042;u;pc=[TPAS_ID]


4/30

E NT ER PR IS E C IO D EC IS IO NS A PR IL 2 01 1 4

HOME

EDITORSLETTER

UP FRONT

CLOUDDR ANDBC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHENYOURE

NOTQUITE READY

FORDR

THE WEAKEST LINK

1 N EW S, V IE WS A ND R EV IE WS FORSENIOR TECHNOLOGY MANAGERS

UpFrontNews, views and reviewsfor senior technology managersON THE JOB

an explosionof bc and drAUSTIN POWDER CO., an explosives

maker founded in 1833, blasted

through a virtualization project this

past year to find a new idea for its

business continuity and disasterrecovery planningmaking itsCleveland headquarters the hot site

for its three remote data centers.

Unlike the way they reacted to an

initiative to upgrade to T1 lines four

years earlier, Austin Powders com-

puter users didnt see the benefits of

virtualizationbut Chris Benco, net-

work administrator, sure did.We started playing with virtual-

ization because it was an emerging

technology, he said. In hindsight,

it saved us money and we gained

flexibility.

Adventurous virtualized architec-

tures like Austin Powders are in-

creasing in popularity, according to

experts.

The concept of virtualization

absolutely affects business continu-ity and disaster recovery planning,

producing a fundamental change

in the architecture of IT, said Dick

Csaplar, senior research analyst for

virtualization and storage at Aber-

deen Group Inc., a research firm inBoston. The ease with which virtualservers can be imaged and replicat-

ed to servers at remote locations

provides an additional level of secu-

rity, he wrote in a report about off-

site storage.

With disaster recovery (DR), the

mind-set has been to rebuild and

restore using shared storage in a vir-tualized environment. This way, the

IT staff can proactively fail over.

During hurricane season on the Car-

olina coast, for example, a workload

could be moved swiftly to a host

hundreds of miles away.

DR is a cost like insurance, said

UF


5/30

ENTERPRISE CIO DECISIONS APRIL 2011 5

1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERSUF

Greg Schulz, founder and senior

advisor to The Server and StorageIO

Group, an IT consultancy in Stillwa-

ter, Minn. Typically, you get nothing

back. With BC, you can actually useit to leverage that ability for load

balancing and better infrastructure

resource management.

Austin Powder chose Melville,

N.Y.-based FalconStor Software

Inc.s Network Storage Server (NSS)

as its primary storage area networksolution. The company runs two

FalconStor NSS appliances in itsHyper-V environment for better

local availability and to eliminate a

single point of failure, Benco said.

The shared storage helps a lot in a

virtualized environment, he added,making it easier to clone servers and

move workloads on the fly among

the hosts for maintenance or disas-

ter recovery.

The NSS virtual appliances enableremote data replication by taking

snapshots of the database and rep-licating only changes to lessen de-

mand for bandwidth. The danger

with using snapshots, according to

Aberdeens Csaplar, is that you may

lose some data between the time of

a crash and the last picture taken.You could develop a problem 10 min-

utes before the end of a two-hour

snapshot cycle, for example, andlose that one hour and 50 minutes.

Chi Corp., a FalconStor channel

partner headquartered in Cleveland,

helped integrate the NSS appliances

and Symantec Corp.s Backup Exec

to provide backup and disasterrecovery for all business-critical

applications, including Sybase Inc.

and Microsoft SQL Server databases

and email. Austin Powders businesscontinuity and disaster recovery

planning also includes a traditional

disaster recovery partnership with

SunGard Data Systems Inc. for anAS/400 server. LAURA SMITH

BY THE NUMBERS

THE PERCENTAGE OF the most significant network disruptions in

U.S. businesses that could be reduced or avoided by imple-

menting the measures in any comprehensive disaster recovery

and business continuity plan. Its also the percentage of busi-

nesses that said, prior to the disruption, that they had confi-

dence in their IT resources in the event of a disruption.

SOURCE: CDW LLC SURVEY OF 200 MANAGERS AT MEDIUM-SIZED AND LARGE BUSINESSES, SEPTEMBER 2010.

82

DR is a cost likeinsurance. Typically,you get nothingback.GREG SCHULZ

HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST

LINK


6/30

ONE ON ONE

hospital cures

its bc/dr woesNAME: Jeff BellTITLE: Chief operating officerTIME IN THIS ROLE: Two years

COMPANY: Sisters of Mercy

Health System

HEADQUARTERS: St. Louis

EMPLOYEES: More than 36,000

SISTERS OF Mercy Health Systemin St. Louis is among the 3% of U.S.

health care organizations that havean integrated electronic health

record (EHR) system for real-time,

paperless access to patient informa-

tion. The 11 largest hospitals in

Mercys network of 28 hospitals

across Arkansas, Kansas, Missouri

and Oklahoma are already using the

EHR system, and the others arecoming on fast.

To achieve this single record of

truth, Mercy consolidated seven

major data centers and a dozen

minor ones down to three, then built

a new $60 million data center in

Washington, Mo. The new data cen-

ters fully duplicated architecture

with backups for power, cooling andnetwork connectivityenables IT

to maintain and update systems

without bringing the whole building

down, according to Jeff Bell, Mercys

chief operating officer. The facilitycan operate up to 72 hours in the

case of an electrical power outage;

network bandwidth and processing

power can be added as needs arise.

During the 18-month project,

Mercys IT department consolidated

the three remaining older data cen-

ters into one in Sunset Hills, Mo.,which now serves as a backup sitefor Washington, in case of an epic

physical disaster. (The data center

in Washington is built to withstand

an F2 tornado.)

Was backup and business contin-

uity a main driver in your decisionto build a new data center?

The project was a huge enabler for

our BC/DR [business continuity/

disaster recovery] strategy. Efficien-

cy and a single data center with

high-availability attributes are need-

ed in the electronic medical records


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


JEFF BELL


7/30

world. When the record is electron-

ic, dependence on the computer

systems goes up many folds. The

chart is the legal record that all the

caregivers work off of. In the past,computer systems in the back-

ground did workflow management

like routing orders, but [this work-

flow didnt contain] the medical

record. Now that computers contain

the record, they have to be up all the

time. Thats why we built a new datacenter.

What new technology and

architecture did you deploy

in the new data center?

The main attributes are a lot of

redundancies. We have two genera-tors instead of one; two utility feeds

from the power generation plant;

all of the chillers, backup UPStwo

of everything. If you look at themechanical cross section, its a

mirror image. Anything we have to

maintain at [the older] Sunset Hillsfacilityrepair the chiller, for exam-

plewe take the building down. In

Washington, we just take down half

the building.

Are you using any public cloud

services or community clouds?

Private cloud?

We have considered the public

cloud, but its not our strategy. Our

strategy is to be the cloud. We have

virtualized 95% of Windows

servers, a tremendous accomplish-

ment. We have some servers with

as many as 70 different virtual

instances. But the whole attraction

to the cloud is you buy as you go.We have software to tell us how

much each of the [internal] cus-

tomers is using. Some servers are

idle, except for nightly batch work,

which leaves the rest of the resourceavailable for other apps. Its really

neat to watch. We meter it withsoftware and can charge back,

though were not doing that at this

point. As we potentially take on

external customers and chargeback,

then it will be a hybrid cloud.

How important were green

initiatives in designing the new

data center?

Sisters of Mercy has a strong con-

sideration toward stewardship of

the planet, but theres also a very

strong business reason [for going


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


Our strategy isto be the cloud.We have virtualized

95% of Windowsservers But thewhole attractionto the cloud isyou buy as you go.


8/30

green]. Using high-efficiency

chillers and the European power

distribution standard saved us a

great deal. Theres one fewer set

of transformers between the powercompany and the load. Every time

you run electricity through a trans-

former, you lose efficiency. You can

save 5%, which is a lot when youre

spending millions a year. For every

kilowatt on the floor, most organiza-

tions spend another kilowatt to coolthe building, for a ratio of 1:1. Our

ratio is :1. Weve raised the tem-perature of our chilled water loop

to avoid hot spots. In years past, it

was almost frigid in thereyou had

to put on a coat because hotter

areas of servers demanded morecooling.

In-row coolers are extremely

efficient at keeping everything the

same temperature. They dont cool

things down so much as neutralizehot air. We gained a lot of efficiency

there as well: pick up 5% here and

10% there, [for an] overall 50%

reduction in electricity. We used

UPSes from American Power Con-version Corp. by Schneider Electric,

and worked closely with them on

the fundamental design. The data

center was designed to be compli-

ant with Leadership in Energy and

Environmental Design, the standard

for green-building design. All of the

255 tons of steel used, for example,came from recycled sources.

LAURA SMITH


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

1 NEWS, VIEWS AND REVIEWS FORSENIOR TECHNOLOGY MANAGERS

For every kilowatton the floor, mostorganizations spendanother kilowattto cool the building,for a ratio of 1:1.Our ratio is :1.

ON THE AGENDA

DR AND BC TOP OF MIND FOR IT LEADERS

ACCORDING TO A survey last year of 2,803 IT decision makers, improving their

business continuity and disaster recovery is the No. 1 priority for small and

medium-sized businesses and the No. 2 priority for enterprises during the

next 12 months. Six percent of IT operating and capital budgets goes toward

business continuity and disaster recovery, and only 11% of the enterprises

said their budget in these areas would decrease this year.

SOURCE: GLOBAL IT BUDGETS, PRIORITIES, AND EMERGING TECHNOLOGY TRACKING SURVEY Q2 2010, FORRESTER INC.


9/30
http://www.searchcompliance.com/ERM


10/30

JUST WHEN IT seems things cant

get any worse, they get better.

An architect at a very large tech-nology provider recently told me

that the cloud was making it easierfor vendors to bypass the CIO. In

doing so, a salesperson can pitch

the vice president of marketing on

buying his cloud-based solutions

andmaybe the best part for the

vendornot have to involve IT in

the selection, implementation orsupport processes.

For this and other reasons, we

might think that the cloud makes

things worse. But from my perspec-

tive, the availability of cloud-based

solutions can also make things

much better.

For example, disaster recoveryand business continuity planning is

a lot easier now than it was just afew years ago. In the old days (you

know, a few years ago), if you want-

ed a cold, warm or hot site, you had

to build it yourself. And justifying

such an investment was always achallenge. I found it difficult, even

with a generous board of directors,

to convince people to spend money

on something we hoped we wouldnever have to use. But now, with

cloud-based solutions, we can lev-

erage the work of others as well asthe existing infrastructure to reduce

implementation time and costs.

This, combined with effective

planning and analysis, makes disas-


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

1 CLOUD DR AND BCCAN SAVE YOUR BUSINESS

Cloud DR and BCcan

saveyour businessCloud-based solutions, combinedwith effective planning and risk analysis,

can take much of the pain out of disaster recoveryand business continuity planning. BY NIEL NICKOLAISEN


11/30

ter recovery (DR) and business con-

tinuity (BC) significantly easier. Let

me explain my approach.

DR and BC begin with a risk analy-

sis. The risks run the gamut fromnatural to man-made disasters.

Potential natural disasters vary by

location but include events such as

storms, earthquakes, fires and

floods. The man-made disasters

range from disgruntled employees

(typically any member of my staff)to accidents (somebody crashes

into the electrical utility transformerdown the street, knocking out elec-

trical service) to bone-headed-

ness (the system administrator

pushes the wrong button and shuts

off the data center cooling and thenwalks away, not realizing what he

just did).

Next, I like to define the likeli-

hood and impact of the disasters.

For instance, how likely is a forestfire at my data center? Since my

data center sits closer to a desertthan a forest, not very likely. How

likely is a power outage? Given the

potential for heavy winter storms

in my area, my plans typically antici-

pate power outages.

After assessing the risks, I then

define plans for mitigating the risks.How to deal with my power outage

risk? Backup power. How to deal

with bone-headedness? Error-proof

my data center and IT processes.

How to deal with potential natural

disasters? For me, that mitigation

now resides in the cloud.

My cloud-based DR and BC

plans include one more critical step:

systems stratification. One of my

favorite practices is to segregate

systems into A, B and C categories.Category A systems are those that,

if they are down for a few minutes ora few hours, put the business at risk.

Category B systems can be down for

a few hours or days until the busi-

ness is at risk. Category C systems

can be down for a long time before

anyone outside IT notices. This

stratification is the foundation forservice-level agreements, as well asfor DR and BC. I worry about cold,

warm or hot sites for A systems. I

invest in redundancy for A systems.

My risk assessment is focused on

risks to my A systems.

For example, if I am operating a

customer call center and the phonesystem goes down, I cant process

orders. So, the phone system is cat-egorized as an A system, but not the

entire phone system, just the

phones that support customer calls.

Just a few years ago, I would have to

worry about how to create an off-site backup call center. With the

availability of cloud phone services,

my life got a whole lot easier.

Well, its easier as long as Iremember which systemsnamely

those in Category Arequire this

level of attention. I

Niel Nickolaisen is CIO and vice president of

strategic planning at Headwaters Inc. in South

Jordan, Utah. Write to him atnnick@headwa-

ters.com [email protected].


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

1 CLOUD DR AND BCCAN SAVE YOUR BUSINESS
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


12/30

AFTER YEARS OF managing mobile

devices that are synced to central-ized servers and governed by com-

pany policy, many CIOs dont worrymuch about IT disaster recovery and

business continuity plans for mobile

devices.

Those days are overor will be

soon.

The proliferation and ever-

increasing diversity of workplacemobile devicescompany-issued

and employee-ownedwill push

CIOs to reconsider their disaster

recovery (DR) and business conti-

nuity (BC) plans, experts say.

Reducing the risks associated with

workplace mobility will also drive

technology purchases, from mobile

device management (MDM) toolsto desktop virtualization.

Executives are dragging docu-

ments through iTunes and onto their

iPads. They are editing them with

something like Quickoffice or Docu-ments To Go, or Apples Keynote

and Pages products. The documents

are being modified and shared, and

the data stores completely cache-forwarded out there into the field;

nobody is thinking about how to get

them back, said Bill French, a Den-ver-based IT consultant and soft-

ware developer. So, the cart is defi-

nitely in front of the horse on this

one for most organizations.


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

2 MOBILE DEVICE DR: THE NEXT FRONTIER

MobileDeviceDR:Thenext frontier

Lulled by mobile devices synced back to centralizedservers, CIOs havent given much thought to IT disaster

recovery plans for mobile computing.That needs to change. BY LINDA TUCCI


13/30

Mobility in the workplace is a top

concern for CIOs, with good reason.

An average 44% of employees

carry a company-owned mobile

device, according to The NemertesResearch Group Inc.s latest Bench-

mark, an annual study of more than

200 organizations spanning 18 ver-

tical industries. That number is pro-

jected to rise to 70% by 2012.

Moreover, at 11% of the organiza-

tions studied, employees rely 100%on smart devices for communica-

tions and thats just the company-issued devices.

Add to this new reality the grow-

ing trend of allowing employees to

use their own smart devices, and

suddenly mobility is not only a Tier 1service for IT departments, but also

wildly out of IT departments control.

Now you have the risk of corpo-

rate data leaking out into the per-

sonal side of the device. And if youdo implement backup and recovery

for the smartphone, what do you dowhen it is a personal device? said

Ted Ritter, senior research analyst at

The Nemertes Research Group Inc.

in Mokena, Ill. The employee cer-

tainly doesnt want you to back up

their personal data to the corporate

server.Companies that have dealt effec-

tively with this conundrum work

with their lawyers to craft an

acceptable-use policy for employ-

ees to sign; thats a legal process

that can take as long as a year, Ritter

said. Such policies typically state

that if a company needs to wipe the

device clean or confiscate it for rea-

sons of e-discovery or an employee

action, it has the right to do so, even

with employee-owned devices, hesaid. But these policies dont fly in

Europe, where personal data privacylaws are stronger.

DR IN THE AGE OF MOBILITY

So far, however, mobile devices are

not really factoring into a CIOs DR

and BC strategy, experts say.We dont have any real data onmobile devices and disaster recov-

ery, because it is an area that no one

is paying attention to, Ritter said.

We are not seeing people thinking

it through to the step where they

recognize that these devices are

becoming walking computers.

A disaster recovery plan for

mobile devices is not on most CIOsradars, French said. I dont think too

much about mobile devices and DR,

because CIOs are not worrying

about it, he said.

The same goes for players in the

fast-growing MDM market. Theintersection of DR and mobile hasnt

yet been a big topic I have heard

from enterprise customers, althoughI think it is right around the corner,

said Bob Tinker, president and CEO

of Mountain View, Calif.-based

MobileIron Inc.The mobile industry tends to

focus on the device rather than on

the management and security of the


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK



14/30


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


applications on the smartphone,

Tinker said. The key thing for CIOs

is that its not about the deviceits

about the data.

TOP-DOWN MOBILE

MANAGEMENT A RELIC

The lack of awareness is under-

standable. When company-issued

laptops, BlackBerrys and yesterdays

cell phones represented the bulk of

mobile devices in use at companies,

CIOs could confidently say that DRand BC for their mobile arsenals was

no big dealprovided, of course,

that they had solid plans. Research

In Motion Ltd. offered decent DR

with its BlackBerry Enterprise Serv-

er. With other so-called ruggedized

devices (a Windows phone, for

instance), the data typically wassynced to some centralized server.

When a cell phone got lost or stolen,it didnt matter much, except for the

pain of re-keying in phone contacts.

Not so long ago, when the issue of

DR and mobile devices came up, the

conversation was assumed to be

about how organizations could take

advantage of employee cell phones

and the handful of executive not-so-

smartphones to instruct and informpersonnel in the event of a disaster.

The advent of the iPad and other

mobile devices that can not only

access data but also be used to gen-

erate and store data means that DR

plans now have to consider them as

endpoints.

Consider the caseload of Atlanta-

based MDM vendor AirWatch LLC,

which supports the spectrum ofmobile platforms, from the Apple

iOS to Symbian. In January alone,the company worked on three cases

involving business executives losing

personal iPads that held sensitive

corporate data and lacked the secu-

rity software to wipe it clean. OneiPad, left behind by a CEO in a back-

seat pocket on an airplane, contained

notes on a top-secret acquisition.

This is not a classic example ofdisaster recovery, where a catastro-

phe brings down a data center. But

let me tell you: This is a disaster thathas to be dealt with, said AirWatch

Chairman Alan Dabbiere.

MOBILITY DRIVING

DESKTOP VIRTUALIZATION

One of the ways companies aredealing with DR and BC for mobile

devices is by investing heavily in

desktop virtualization, NemertesResearchs Ritter said. You can still

get to the desktop and even edit a

Word doc on the device but, techni-

cally, all of that is going on in the

data center. The device is only a

remote client.Another approach is focusing onsecure containers, products offered

by such MDM vendors as AirWatch,

Good Technology Inc. and BoxTone

Inc. that address the security issues

posed by errant iPads.

This is not disaster recovery in


15/30


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


the way we usually talk about it, but

security. Security is the biggest risk

factor in deciding which mobile

devices to allow onto the corporate

network, Ritter said.Rather than focusing on trying

to back up mobile devices, what

we have seen organizations do is

restrict the amount of data that can

be downloaded as much as possi-

ble, Ritter said. So, if the device

supports Microsofts ActiveSync,for example, the employee can

access email but will be blockedfrom SharePoint and other servers

holding corporate data, he said.

That is pretty much the approach

taken by Malvern, Pa.-based invest-

ment firm The Vanguard Group Inc.,said Abha Kumar, its principal for

IT. Employees are given the option

of using a company-issued Black-

Berry or the smartphone of their

choice.Nothing is stored on the personal

device, Kumar said. We provide apipe [using software from Good

Technology] into our email and cal-

endar at this point, so the device is

secure from that point of view, she

said. There might be something on

the cache that holds data, but as

soon as we find that a person haslost the device, we can zap the

application.

With their company-provided

BlackBerry, Vanguard crew mem-

bers (as they are called) can access

their work email, calendars and

some business applications, such as

Vanguards Siebel customer rela-

tionship management application

and the company intranet.

If a crew member submits an

expense report, I can approve it onmy BlackBerry, Kumar said.

Being a regulated business wheresecurity is paramount, client data is

off-limits to mobile devices. Van-

guard client service reps, who rou-

tinely deal with client information,

do not have BlackBerrys because

Vanguard does not want client infor-

mation to go outside its four walls.So, even as we talk about new tech-nologies and being more flexible and

being more mobile, the thing we

protect above all is client informa-

tion, Kumar said.

Brownlee Thomas, a principal

analyst at Cambridge, Mass.-based

Forrester Research Inc., agrees thatmost companies do not have a for-

mal mobility policy, never mind adisaster recovery plan for mobile

devices.

They have lots of policies be-

cause mobile, fortunately or unfor-

tunately, is not a centralized provi-sioning at most companies. It is

either provisioned at the division

level or through corporate procure-

ment, the same people buying anddispensing your staplers, Thomas

said.

The CIO doesnt necessarily havea lot of control. I

Linda Tucci is senior news writer for Search-

CIO.com. Write to her [email protected].
mailto:[email protected]:[email protected]:[email protected]:[email protected]


16/30

RARELY DOES A disaster recovery

plan appear high on the list of priori-

ty IT budget items, and sometimes

it doesnt make it onto the list at all.More often, IT executives piggyback

disaster recovery (DR) planningonto a data center consolidation

project or, as Irving, Texas-based

Christus Health did, a desktop virtu-

alization project.

Server and desktop virtualization

projects are under way at Christus

Health to meet business goals thatrange from more flexible access to

data and less power consumption

to electronic health care regulations

and disaster recovery planning.

We were hit by hurricanes that

caused major outages in our organi-

zation. Now were building a client

computing model that allows aphysician at a hospital that went

down to pick up a satellite phone,

or whatever is at hand, and getimmediate access back to our infra-

structure, said Todd Bruni, director

of client computing services and

configuration management atChristus Health, a health care

company with 30,000 employees

and 40 hospitals and affiliated

facilities.

If a hospital loses power, employ-ees or physicians remain tethered

to the companys primary or backupDR facility because Brunis team has

been steadily virtualizing all client

devices using virtualization tech-

nologies from Citrix Systems Inc.

The first phase of the project was

HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

3 PIGGYBACK DR O NTO VIRTUALIZATION

PiggybackDRontoVirtualization

Virtualization is not a cure-all for disaster recovery,but it does simplify DR planning and procedures

and can save money, to boot. BY CHRISTINA TORODE



17/30

the introduction of Citrix-based

server-based computing to host

applications in the data center. The

second phase was moving about

10% of the application portfolio(which covered approximately 50%

of employees data needs) off desk-

tops and into the data centerusing

thin clients as the front end and Ter-

minal Services on the back end. The

stage under way now is the build-

out of a virtual desktop infrastruc-ture (VDI) for more complicated

clinical scenarios, such as access tomedical records and back-end finan-

cial systems.

These are solutions that were not

well built or intended for a server-

based computing model or TerminalServices, so we needed VDI, Bruni

said.

Virtualization by no means re-

places a full-fledged disaster recov-

ery planChristus Healths data isreplicated in hot, hot scenarios

between its primary and secondarydisaster recovery facilitiesbut

virtualization simplifies real-time

replication and data portability.

Virtualization is making it possi-

ble for our client services to be

portable in case of a disaster, Bruni

said. All you need is an agent onany client device, and some type of

Internet access.

A core business app running on a

virtual server infrastructure allows

for portability and replication that

we wouldnt have had with dedicat-

ed physical systems, Bruni said.

COSTS AND BENEFITS OF VDI

A VDI is costly, however, as Chelo

Picardal, chief technology officer for

the city of Bellevue, Wash., found

when she started investigatingdesktop virtualization for 1,500

employees in 13 departments.

Server virtualization was an easy

sell because youre replacing the

cost of buying physical servers any-

way, she said. With virtual desk-

tops, you still have to buy PCs forpeople, but now you also have to

buy the virtualization software andinvest in an infrastructure that will

hold all the data that used to be on

the desktops. Where is that funding

going to come from?

Picardal does not see desktopvirtualization as benefiting the citys

DR strategy but views it instead

as an efficiency play for the IT

department. You can give remote

workers access to their data, but weare looking at it more as an efficien-

cy gain in terms of maintenance.Ask her about the DR benefits of

server virtualization, on the other

hand, and Picardal has a checklist

readily available:

I Workloads are easily portable

from the primary to the secondaryDR site, and users experience no

downtime.

I Virtualization eliminates the need

to buy double the hardware toreplicate physical servers between

the two facilities. This reduces


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK



18/30

costs as well as drift and hardware

compatibility problems among the

primary and secondary facilities.

That, in turn, reduces downtime.

I Applications that need to behighly available remain that way

when a failover to an alternate

site occurs.

When you think about high avail-

ability, the VM [virtual machine]

becomes the point that fails over,

said Chris Wolf, an analyst at Stam-ford, Conn.-based research firm

Gartner Inc. Thats a really big deal

because, traditionally, enterprise IT

could cluster only a small percent-

age of apps for high availability

because that type of architecture

had to be written into the apps.Whereas, with virtualization, any

application can be made highly

available and resilient to hardwarefailure.

Above all, however, Picardal can

guarantee her performance service-

level agreements (SLAs). For a long

time, there were a lot of things we

couldnt promise that the customer

really wanted. The best we could dois get them back up maybe in a half-

hour in a disaster scenario. Now,with server virtualization, unless the

entire [data center] facility goes

down, the customers dont even

notice it.

With the citys VMware Inc. serv-

er virtualization technology tied to

its storage area network, which has

deduplication, you can get really

close to or exceed what the cus-

tomer needs, Picardal said. Let thecustomer drive your DR needs, and

youll find that virtualization reallyallows you to meet those needs fair-

ly easily.

The citys public-facing applica-

tions, which have a high-availability

SLA, can be backed up and returnedto service with minimal downtime

as a result of virtualization. That

was the case when one of the citys

websites was defaced, Picardal said.

DR TESTING MADE EASY

Testing a DR plan is perhaps one of

the most painful tasks an enterprise

IT department faces. The process is

so complicated and demoralizing

that some workers have been re-

duced to just reading the DR plans

documentation and checking a boxstating they are prepared for a dis-aster, Wolf said.

Ive seen companies just quit

testing disaster recovery because it

was bad for morale. They would run

into so many problems trying to

recover data, application and hard-

ware in the DR facility because the

hardware wasnt an exact match;and it would often take the IT staff

days to get through the DR exer-

cise, Wolf said.

Virtual machines, however,

remove the necessity that hard-

warefrom devices to the firmwareon thembe an exact match


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK



19/30

between the production and DR

facilities. Its so easy to validate

that an application is going to come

on-line in a VM, and test that regu-

larly, Wolf said. Thats generallynot an option with physical hard-

ware.

Because DR testing is simple to

do in a virtual environment, many

enterprises arent testing just Tier 1

applications but are now moving

down the line of business applica-tions to test their ability to bounce

back from a disaster, Wolf said.Because VM environments are

easy to isolate, you can do recovery

testing to your hearts content with-

out having any impact on the pro-

duction environment, said NelsonRuest, principal at consultancy Res-

olutions Enterprises Ltd. in Victoria,

British Columbia. Recovery testing

is as simple as changing a [network

interface card] that is assigned to aVM.

THE NOT-SO-SIMPLE PART

With server or client virtualization,

overall systems maintenance and

recovery are simplified. Workloads,

whether theyre on a server or client,

are isolated from the underlyinghardware and can be moved from

one system to another, from one

facility to another. In addition, most

virtualization technology has DR

capabilities built in to automate and

prioritize the system recoveryprocess.

This could free up IT from per-

forming a few steps in DR, but many

of the procedures needed to back upand maintain systems remain.

With server virtualization, we

gain high availability at a lower cost,but we still have to patch, monitor

and troubleshootthat doesnt go

away, Picardal said.

In addition, if you do choose to

deploy virtual desktops, dont think

it will be as easy as your server vir-tualization project. With server vir-tualization, you worry about CPU

cycles, memory, disk, network con-

nectivitythe same things you did

before, Christus Healths Bruni said.

In the client [virtualization] space,

you have to worry about screen

shots, latency on circuits and

whether that causes Flash video not

to perform appropriately. There area lot of things that [now] run on a

desktop that never used to run in a

data center.

The tradeoff? Peace of mind,

Bruni said. The core benefit [of

virtualization] back to the businessis knowing that they have multiple

ways of accessing data, services or

applications [because] the coreinfrastructure is designed to ensure

that core services remain avail-

able. I

Christina Torode is news director for SearchCIO.

com. Write to her [email protected].


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

mailto:[email protected]:[email protected]:[email protected]


20/30

THE CLOUD WOULD seem to be a nat-

ural next step for disaster recovery

solutions, but many large enterpris-es are not turning to it yet for full-

fledged DRdespite its manyenticements.

For one, many enterprises already

have multiple data centers in place

that can be used as primary data

centers and backup DR facilities.

Security, performance and control of

cloud-based DR also raise concerns.Its all about quality, not about

low-cost services anymore, said

Lalitendu Panda, global CIO of D&M

Holdings Inc., based in Japan. Inter-

ruption of service is an issue. We

have had a couple of situations. Its

not like having your own [infrastruc-

ture] that you can modify. You haveno control over what else is running

on the cloud that could degrade per-formance.

Still, the ease of use of cloud stor-

age is proving to be a draw for some

enterprises.

When this cloud concept cameup, we were prepared, said Dan

Zinn, CIO of the 15th Judicial Circuit

of the Florida State Attorneys Office.

Zinns IT department had beendeduplicating data to minimize the

amount that needed to be backed

up, as well as encrypting data ontapes for a weekly rotation. With the

cloud solution provided by Comm-

Vault Systems Inc. and Iron Moun-

tain Inc., scheduling a backup and


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

4 WHEN YOU'RE NOTQUITE READY FOR DR

When yourenot quite

readyforDR

Enterprises ponderthe possibilities forDR in the cloud.BY LAURA SMITH


21/30

clicking a button freed up the sys-

tem administrators time, and gave

me a solution so I didnt have to

worry about [the tapes], Zinn said.

The heaviest users of cloud stor-age for IT disaster recovery are

small and midmarket businesses

with annual revenues between $50

million and $1 billion, according to

Dick Csaplar, senior research ana-

lyst for virtualization and storage at

research firm Aberdeen Group Inc.

in Boston. Enterprises with morethan $1 billion in annual revenue

typically have data centers in multi-

ple geographic sites and have less of

a need to use the cloud for DR, he

said.

In October, Aberdeen studied 100

organizations with formal DR plans

to learn whether they used cloud

storage and, if so, what benefits

were realized in DR performance.

The study found that organizations

that had moved at least part of theirstorage to the cloud recovered four

times faster than those with no for-mal cloud storage program. In addi-

tion, users of cloud storage met

their recovery time objectives

(RTOs) more often than those who

kept data in-house.

The study also found that:

I Companies using cloud storage

had, on average, 2.5 downtimeevents in the past 12 months, which

were resolved in about two hours.

With average RTOs of 12 hours, the

longest downtime event took 5.3

hours to recover from the outage.

I Businesses with no cloud storage

strategy reported an average of 3.5downtime events a year and took

an average of eight hours to recov-er from the outage. With average

RTOs of 13 hours, the longest

downtime event among this group

of companies was 13.7 hours.

Respondents to the Aberdeen

survey said a DR strategy was theirNo. 1 driver for using cloud services,with those deemed best in class

in terms of their DR cloud strategies

taking the following measures:

I 55% deployed a secure connec-tion to the cloud.


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


[With the cloudsolution], sched-uling a backup

and clicking abutton freed upthe admins timeand gave me asolution so I didnthave to worryabout [the tapes].DAN ZINN,

CIO, 15th Judicial Circuit of

the Florida State Attorneys Office


22/30

I 40% utilize server failover to the

cloud.

I 22% do continuous data replica-

tion to the cloud.

I 10% use multiple cloud providers.

TIERED STORAGE

AND IT GOVERNANCE

Cloud storage does not work well

for data warehousing in a situation

in which one database is accessedby several different applications,according to Andrew Reichman, a

senior analyst at Forrester Research

Inc. in Cambridge, Mass.

Cloud DR also presents gover-

nance issues. The problem is never

with CommVault or Iron Mountain.

Its always, Where is my data?

said Zinn, noting that its tough to

keep track of the amount of data ris-ing by the hour.

At the Sisters of Mercy Health

System in St. Louis, storage

demands for clinical studies are

astounding. Fifteen years ago, the

first milestone was a terabyte of

storage, total. Now were doing that

each week, said Jeff Bell, chief

operating officer at Mercy, a net-work of 28 hospitals across four

states.

Analysts at Gartner Inc. project an800% increase in the output of data

during the next five years. Eighty

percent of that will be unstructured

data, which generally goes

untouched after 90 days, according

to Ray Paquet, managing vice presi-

dent at the Stamford, Conn.-based

firm.

Storage is growing greatly, saidBell, who implemented a tiered stor-

age strategy on an internal cloud:

Older data gets placed on older

disks, while data that repeats gets

compressed.

Dedupe is big, so we dont haveto back up everything, Bell said.

The idea is to store as few times as

possible, put it on the correct tier ofstorage and make sure its available.

Done right, cloud storage promis-

es to free up IT staff members fromcomplex and onerous storage man-

agement tasks, but CIOs shouldpush for service-level agreements

that are as good asif not better

thanones they could offer inter-

nally, Reichman said. I

Laura Smith is features writer for SearchCIO.com.

Write to her [email protected].


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK


Fifteen years ago,the first milestonewas a terabyteof storage, total.

Now were doingthat each week.JEFF BELL, COO,

Sisters of Mercy Health System
mailto:[email protected]:[email protected]:[email protected]


23/30

IN A LEAN but hypercompetitive

business environment, organiza-

tions are relying more on relation-ships with business partners to suc-

cessfully execute their corestrategies. While these relationships

can dramatically improve an organi-

zations capacity and business

structure, they can also decrease

control over critical activities.

In Europe, and the U.K. in particu-

lar, supply chain risk managementhas become a hot issue. During the

past decade, various sourcing

strategies have focused on ways to

reduce costs through offshoring,

outsourcing noncore processes,

consolidating suppliers and optimiz-

ing logistics. But gaining such

advantages also brings certain dis-advantages, according to Lyndon

Bird, international technical directorof the U.K.-based Business Continu-

ity Institute.

The tradeoff is that organizations

everywhere are introducing signifi-

cant but often unseen vulnerabilitiesand dependencies into their busi-

ness. As such, the need to protect

the supply chain through the use of

business continuity and risk man-agement techniques has experi-

enced rapid growth in the U.K. in

particular, Bird said.While understanding this web of

risk is complex, an organization that

takes the time to map and analyze

its supply chain can gain more con-


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK

Theweakest

linkEuropean and U.K. executives are targeting threats thatcould weaken the supply chain. Business continuity andrisk management practices can help. BY PAUL F. KIRVAN


24/30

trol and insights. It also puts the

organization in a position to antici-

pate and ward off possible threats.

For instance, if all sites within a seg-

ment rely on a single business part-ner to provide one of the key raw

materials, then that partner poses

a high risk.

By creating a detailed supply

chain map, organizations can better

recognize such vulnerabilities and

put controls and mitigation strate-gies in place, helping firms to work

around possible supplier outages.Understanding supply chains in

more precise detail can help organi-

zations stay up and running even

when the outage lies outside the

firms reach.A normal supply chain map might

look like the one in Figure 1. Suppli-

ers of raw or semifinished materials

deliver them to a business that

processes them into finished prod-

ucts in preparation for delivery by

distributors to consumers.

Under normal circumstances, if

all members of the supply chain per-form as expected, finished products

will be delivered to consumers in a

time frame acceptable to them.

Supply chains for medium and

large firms can be very complex and

interconnected. Dependencies on

multiple suppliers, coupled withjust-in-time production strategies

and other manufacturing processes,mean that the businesses really

depend on uninterrupted supply

chain operation for success and

profitability. This can place a lot of

strain on supply chains. Given thesignificance of supply chains in

most business models, what hap-

pens if something interrupts or

damages them?


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK

Figure 1: Normal Supply Chain

Customer

Distributor 1

Distributor 2

Customer

Customer

Supplier 3

Supplier 2

Supplier 4

Supplier 5

Supplier 6

Supplier 1

Business


25/30

Customer

Distributor 1

Distributor 2

Customer

Customer

Supplier 3

Supplier 2

Supplier 4

Supplier 5

Supplier 6

Supplier 1

Business

SUPPLY CHAIN RISKS

Supply chain risk appeared in the

headlines of U.K.-based news

sources during the 2010 eruption of

the Icelandic Eyjafjallajkull volcano.According to David Honour, editor

of Continuity Central in West York-

shire, England, the event caused

serious travel disruptions and had a

major impact on many companies

supply chains. Car manufacturers,

for example, were some of the hard-est hit. Both Nissan and BMW had

to reduce production because ofshortages of critical parts, he said.

Reinforcing Birds point, Susan

Young, a risk management profes-

sional in London, noted that the

greater global reach of companiesand markets during the past few

years has resulted in widening the

geographical spread and complexity

of supply chains and their increased

interdependencies have increased

the potential for disruptions.Figure 2 depicts a situation

whereby a supplier is taken out of

the supply chain. Depending on thenature of the supplier and its role

in the supply chain, the impact to

overall business operations may be

known immediately, or it may take

hours or even days to see a real

impact on productivity and profits.

INTRODUCING BCINTO THE SUPPLY CHAIN

If risks to the supply chain are a

consideration, business continuitymanagement techniques can be

introduced as part of the risk identi-

fication, mitigation and recovery

processes. Peter Barnes, managing

director of London-based 2C Con-

sulting Ltd., advises, First and fore-


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK

Figure 2: Disrupted Supply Chain


26/30

Customer

Distributor 1

Distributor 2

Customer

Customer

Supplier 3

Supplier 2

Supplier 4

Supplier 5

Supplier 6

Business

most, recognize that the loss of a

step in your supply chain could

potentially damage your ability to

achieve critical goals.

He reminds us of a very importantmessage: Protecting your supply

chain is your responsibility, not

something you can hand over to a

supply chain partner.

Barnes also notes that reliance

on service-level agreements and

contract wording is not enough.Supply chain continuity requires

genuine partnership and coopera-tion in identifying the risks and

ensuring that all components of the

chain are satisfactorily addressed,

he said.Figure 3 depicts how a disrupted

supply chain can be reconfigured to

restore some level of functionality.

As Supplier 1 is no longer in the

chain, Suppliers 3 and 4 now pro-

vide products and services directly

to the business. To make this recon-

figuration work successfully, the

business needs to carefully analyze

its supply chain for risks and thenidentify opportunities to maintain

continuity of the chain.

BCIs Bird contends that business

continuity actively helps organiza-

tions identify and understand the

risks associated with supply chains.

This allows decisions to be madewith full knowledge of the conse-

quences and actions needed to miti-gate disruptions.

IGNORING BC LEAVES RISK

Assuming your organization

depends on its supply chain, what

are the risks of ignoring business

continuity as part of how you pro-

tect the supply chain? According to


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK

Figure 3: Recovered Supply Chain


27/30

What Is a Supply Chain?SUPPLY CHAIN MANAGEMENT encompasses the planning and management of all

activities involved in sourcing and procurement, conversion and logistics

management. Importantly, it also includes coordination and collaboration with

channel partners, which can be suppliers, intermediaries, third-party service

providers and customers. In essence, supply chain management integrates sup-

ply and demand management within and across companies. I

SOURCE: THE COUNCIL OF SUPPLY CHAIN MANAGEMENT PROFESSIONALS

Young, inconvenience at best, busi-

ness failure at worst.

An overreliance on a few suppli-

ers can be potentially disastrous,

she said. Be sure to review yoursuppliers business continuity

arrangements as part of any initial

due diligence and/or periodic

review.

Research conducted by the Busi-

ness Continuity Institute in 2009

and 2010 showed that media-reported supply chain disruptions

are just the tip of the iceberg. Morethan 70% of organizations surveyed

by the BCI experienced some form

of disruption, which led to lost pro-

ductivity, increased working costs

and customer dissatisfaction, BCIsBird said.

To that, 2C Consultings Barnes

added, failing to address this issue

is like a senior manager switching

off all accountability every time heor she steps outside the office.

While business continuity initiativesat the office may be adequate, igno-

rance of the supply chain could

threaten your organizations goals,

reputation and livelihood, he said.

RESEARCH ON

SUPPLY CHAIN RISKS

The issue of supply chain andbusiness continuity management

has been researched extensively

in Europe. In fall 2009, the BCI

published a research report that

found:

I

Approximately 75% of the 201companies surveyed experienced

disruptions in their supply chainsduring the previous 12 months.

The chief causes of disruption

were economic recession, H1N1

pandemic flu (swine flu) and

IT/telecom disruptions.

I The impact of the disruption was

primarily a loss of productivity,although loss of revenue, cus-

tomer complaints and delayedproduct availability were high on

the list.


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK


28/30

Nearly 74% of businesses are tak-

ing a hands-on approach to supply

chain risk management, according

to Aon Inc.s 2009 Risk in 21st Cen-

tury Supply Chains survey. Keyfindings of the survey included:

I More than half of the firms sur-

veyed launched regular communi-

cation and audit policies with sup-

pliers.

I Compared with Aons previous

supply chain survey, companiesactively managing risks around

contracts to ensure they are cov-ered from the negotiation phase

through defining quality controls

grew by 15%.

I There was a 20% increase in the

number of companies investigat-

ing their suppliers suppliers to

assess the overall strength of thesupply chain.

I Although insurance is still a key

risk management strategy, 20%fewer companies are using it as

the only form of mitigating risks.

I Only one in 10 firms placed an

emphasis on evaluating ethicalissues they are being exposed to

by their suppliers.

I Some 55% admit to having no in-

dicators in place to monitor supply

chain risk management perform-

ance.

In another report released by

Marsh & McLennan Cos. in 2010,

13% of respondents had experi-

enced supply chain disruptions in

the past two years. The report sur-veyed 220 risk and business conti-nuity managers across Europe, the

Middle East and Africa.

STRATEGIES FOR MITIGATING

RISK IN THE SUPPLY CHAIN

Assuming you wish to protect your

supply chain from unplanned dis-ruptions, consider the following

strategies:

Proactive Risk Management.

Begin your efforts by mapping the

entire supply chain and its depend-

encies. You should also determine

threats, risks and vulnerabilities, as

well as identify single and multiple

points of failure.Next, implement strategies to

remove or reduce these issues.

Remember that this is a continual

process and can be supported by

specialized software, from a handful

of developers including Oracle Corp.

and Microsoft Corp., but also small-er ones such as Epicor Software

Corp. and Infor Global Solutions Inc.

Business Continuity Management.

Leveraging BC management tech-

niques within the supply chain

ensures that important suppliers

arent at risk from long-term down-time caused by disruptive incidents.


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK


29/30

One way of doing this is to require

critical suppliers to develop busi-

ness continuity plans and make

them available for auditing. For

example, a business impact analy-sis, a key component of a BC man-

agement program, can be modified

to analyze supply chains and their

relationships to the organization.

Insurance. It is often thought

incorrectlythat supply chain riskscan be mitigated with business

interruption insurance. Inclusion offorce majeure clauses in such insur-

ance policies may address supply

chain disruptions. But to avoid cov-

erage issues with business interrup-

tion insurance, some organizations

buy specialized supply chain insur-ance policies from insurers including

Zurich Financial Services AG and

Aon.

Simply recognizing threats to the

supply chain is not enough. There

must be proactive efforts to define

how supply chain integrity can beprotected and how to mitigate the

identified risks. The good news is

that business continuity is beginning

to play an increasingly strategic role

in the protection of supply chainintegrity. I

Paul F. Kirvan, FBCI, CBCP, CISSP, has more

than 20 years experience in business continuity

management as a consultant, author and educa-

tor. He is also secretary of the Business Continu-

ity Institute USA Chapter. Write to him at

[email protected].


HOME

EDITORS LETTER

UP FRONT

CLOUD DR AND BC

CAN SAVE YOUR

BUSINESS

MOBILE DEVICE DR:

THE NEXT

FRONTIER

PIGGYBACK DRONTO

VIRTUALIZATION

WHEN YOURE

NOT QUITE READY

FOR DR

THE WEAKEST LINK

5 THE WEAKEST LINK

Enterprise CIO Decisions Ezine is produced

by TechTarget CIO/IT Strategy Media,

2011 TechTarget.

Jacqueline Biscobing

Managing Editor

[email protected]

Rachel LebeauxAssistant Managing Editor

[email protected]

Scot Petersen

Editorial Director

[email protected]

Linda Koury

Director of Online Design

[email protected]

Christina Torode

News Director

[email protected]

Linda Tucci

Senior News Writer

[email protected]

Laura Smith

Features Writer

[email protected]

Ed Scannell

Executive Editor

[email protected]

Ben ColeAssociate Editor

[email protected]

FOR SALES INQUIRI ES, PLEASE CONTACT:

Theron Shreve

Senior Product Manager

[email protected]

(617) 431-9360
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


30/30

RESOURCES FROM OUR SPONSORS

See ad page 3

Disaster Recovery: Plan for the Worst, Expect the Best

Guidelines for Successful Business Continuity Planning

How to sell business continuity to management in tough times

About CDW:

CDW's business model focuses on small- and medium-sized businesses with 97 percent

of sales derived from commercial accounts. CDW has built strong relationships within the

technology sector and we are a leading direct source for Cisco, HP, IBM, Intel, Microsoft,

Sony, Toshiba, and other top name brands. Our success is due to our exceptional coworkers,

who are the most important element of CDW's business strategy. To foster our coworkers'

success, CDW has designed a rewarding and challenging work place, recognized as one of

the best companies to work for in America.
http://www.bitpipe.com/detail/RES/1252088488_76.htmlhttp://www.bitpipe.com/detail/RES/1292870134_91.htmlhttp://www.bitpipe.com/detail/RES/1252446193_738.htmlhttp://www.bitpipe.com/detail/RES/1252088488_76.htmlhttp://www.bitpipe.com/detail/RES/1292870134_91.htmlhttp://www.bitpipe.com/detail/RES/1252446193_738.htmlhttp://www.cdw.com/

DR_ Business Continuity Strategies

Documents

Transcript of DR_ Business Continuity Strategies