• 		Enterprise Infrastructure
  Data Centre Servers and Mainframes Storage and Storage Sub-Systems Operating Systems Systems Management Peripherals Virtualization

• 		Communications Infrastructure
  Network and Management Planning Performance Management and Monitoring Network Devices Unified messaging Carriers and Cellular Wireless LAN

• 		Information Architecture
  Service Oriented Architectures Messaging and Collaboration Databases Data Warehousing Identity Management

• 		Integrating IT
  Development Environments Tools and Languages Project Management Middleware / Utilities Outsourcing and Application Service Providers (ASP)

• 		Departmental and End User Computing
  Personal Systems and Peripherals Personal and Portable Devices Personal and Office Productivity Applications Small-Area Networking (SAN) Help Desk and End-User Support Mobile Applications Future Technology

• 		Enterprise Business Applications
  Enterprise Resource Planning (ERP) Business Intelligence and Data Mining Enterprise Portals Open Source and Linux Online Retailing and Ecommerce Customer Relationship Management (CRM) and Customer Self-Service Supply Chain Management (SCM)

• 		Security
  Security Products, Practices and Infrastructure Disaster Recovery / Business Continuity Hacking and Viruses Alerts, Patches and Fixes Privacy Issues

• 		Voice Data and IP
  Carriers and Service Providers Protocols and Standards Hardware, Software and Emerging Applications Regulatory Issues

• 		IT Workplace
  Human Resources Issues Hiring and Retention Careers and the Job Market Salaries and Benefits Education and Training Consulting and Contracting Knowledge Management Knowledge Worker Tools

• 		Leadership
  Issues for CIOs Budgeting / IT Alignment Value Management and ROI Human Capital Management Best Practices Industry News IT Executive Development

• 		E-Government
  Case Studies and Best Practices From Canada and Internationally Legal and Government Policy Issues Management Issues Privacy and Security

• 		The good the bad and the ugly
  The good The bad and the ugly Useful and fun tips

• 		Green IT
  E-Waste and Recycling Hardware lifecycle management Power and cooling Paper and printers Green thinking

• 		News Briefs
  Breaking News

• Blogs

• Salary Calculator

• IT Executive Development Series

• Video Library

• IT World Canada Technology News Daily ITwire Global Newswatch

• Slide Show Library

• White Papers

• Product Reviews

• Careers

• ITWorld Canada RSS Feeds

Seven strategies for keeping disaster recovery ON TARGET

Advertisement

It was a normal Monday batch process at a well-respected global bank – until, that is, a critical back-office system failed. At first, IT administrators took it in stride. This wasn’t the only time they’d had to recover lost data. But soon it became clear something more ominous was occurring: the bank’s multi-terabyte database had become corrupted.

The administrators tried to switch to the hot offsite backup. No luck: it had mirrored the corruption. In the IT world, the situation was beginning to spell ‘crisis’. Applications teams and anyone else who could help had to suspend all priorities to focus on the failure. Despite best efforts, the target recovery time – four hours – came and went without a clue as to the problem’s root cause or fix.

It began to look like an episode of ‘House’, with IT managers anxiously brainstorming for more than a day, trying to diagnose the mysterious disorder in their dying patient. They knew a premature move could make matters worse.

To the outside world, the bank showed no sign of its grave condition. Customers continued trading, unaware that this high-profile institution was on the verge of losing millions, being investigated by regulators, and spoiling its good reputation.

Out of view from customers, the IT teams struggled to keep the patient alive. They scrambled to find a clean backup. They found out the corruption had happened two days before the crash; it would take 36 hours to run a check on earlier copies of the data to see if it was clean. They worked on updating the production system, rerunning transaction log files to catch up to the crash point, and processing days of transactions that had since accumulated. Senior managers burned the midnight oil to decide which processes to give priority. By end of day Friday, the bank was uncertain it could open for business on Monday. It might be too risky to go more than five days without accurate settlement reconciliation. The bank alerted regulators. The team plugged away on catch-up processing over the weekend. Fortunately, they completed it in time. By Monday the patient was out of danger and the bank was able to open its doors.

	Security Threats & Solutions Webinar
	To view this Webinar, hosted by John Pickett, go to the IT World Canada home page and click on Disaster Recovery in the Security section of our Knowledge Centre.

A MATTER OF WHEN, NOT IF

This bank is not alone. Indeed, similar near misses are increasingly common. One global retailer had its point-of-sale transactions freeze for 18 hours during the holiday shopping season. The cause: a storage-network software bug that was never precisely identified. Despite the happy ending at the global bank, its senior managers and IT teams were left troubled. Losses had been modest but had the failure struck at year-end instead – when trading was running at full tilt as investors tidied their portfolios – the outcome could have been disastrous.

It turns out that a tiny conflict between a packaged software bug and the server-management software – something nobody could have foreseen – had caused the potentially monumental disaster. This was a problem not addressed in any standard operations manual. For the bank’s leadership, the unsettling truth was this: Despite the bank’s full compliance with internal policies and external regulations, despite its readiness for loss of a site or failure of a major hardware component, it remained ill prepared for disaster recovery.

Advertisement

The bank is one of many enterprises and public institutions for which a combination of complacency, complexity and strained legacy systems are raising the risk of IT disasters to an alarming level. This is despite the fact that in recent years, disaster recovery and business continuity have gained visibility and significant funding. Improved as practices are, they are no longer enough.

Many large businesses are now so dependent on the flawless operation of their systems that they are dangerously vulnerable to substantial, even irreparable, business damage. The likelihood of disaster is becoming more a matter of when than if.

Too often, organizations let regulators and other stakeholders direct the thrust of business-continuity efforts toward failure of a single IT processing site or component. In the rush to comply, business leaders have lost sight of the other risks they face – the myriad smaller incidents like the one experienced by the global bank. These smaller problems can create big losses when servers shut down or decentralized software fails. A small leak will sink a great ship, to quote Benjamin Franklin.

As a CIO, you can see early warning signs that your organization is ill prepared for disaster recovery by observing any of these conditions:

• The IT organization is more focused on reacting to the most recent interruption than planning for rapid recovery from a major unexpected problem.