IT disaster recovery revs into high gear

The extraordinary damage caused by the terrorist attacks last week on the World Trade Center (WTC) towers and the Pentagon has pushed traditional disaster recovery practices to the limit and pointed to the future uses of the Internet and IP-based networking as the next-generation fabric for recovering cataclysmic events.

“Disaster recovery today is woefully inadequate,” said Jim Johnson, chairman of the Standish Group, a West Yarmouth, Mass.-based analyst firm. Conventional means of backup, outdated testing and plans, narrow redundancy, and IT environment mirroring often fail to comprehensively cover the needs of most enterprises, Johnson said.

For instance, only 10 per cent of all applications – usually the critical ones – are covered while the distributed applications and platforms that are also essential to business get short shrift when it comes to disaster planning, he said. “The Internet is the ultimate disaster recovery fabric,” Johnson said.

For typical hot site backups for mainframes and midrange platforms, the standard disaster recovery approach is generally adequate, analysts said. And that may be enough for some users, said Michael Flynn, an analyst at Meta Group Inc., the Stamford, Conn.-based market research firm.

There is also a growing range of multi-channel options for firms – the financial institutions that suffered the most recent attacks need high-availability disaster recovery that includes coverage of front-end, middle-level, as well as backend systems, Flynn said.

For the moment, like many financial firms, OppenheimerFunds Inc., which employed approximately 600 people at its WTC office, is turning to networking to cope with the crisis. OppenheimerFunds’ parent, MassMutual Financial Group, based in Springfield, Mass., called upon its disaster recovery team to help. Bruce Bonsall, chief information security officer for MassMutual, met with colleagues to resolve the problem, made easier because OppenheimerFunds’ backup tapes were not located at the WTC location.

“We went to get the backup tapes [on Tuesday] so that we could get it into the hands of the recovery team,” Bonsall said. “We … then transferred that data to Denver [where shareholders records are kept],” said Greg Stitt, public relations director for OppenheimerFunds. For the meantime, the New York operations will be working out of a remote facility.

“We have a disaster recovery site ready in New Jersey. We learned a great lesson from the 1993 bombing [of the World Trade Center]. Our computer and technical people have been there from Tuesday around the clock. It will be fully operational for portfolio managers and to conduct trades once the market opens up,” Stitt said.

For immediate needs, users have turned to disaster recovery giant Comdisco Inc., of Rosemont, Illinois Comdisco’s 35 corporate customers, mostly in New York, have come to it for help in the aftermath of the disaster, said Mary Moster, Comdisco vice president of corporate communications. The company primarily provides workspace for customers who lose their offices as well as disaster recovery and high-technology leasing services. “We count each [specific service] contract as a different disaster declaration. We actually have 68 different declarations coming from 35 customers,” Moster said.

Most of the customers have required office space at Comdisco facilities in Queens, New York, or across the Hudson River in New Jersey, she said. These customers would bring magnetic tapes of their data to Comdisco sites.

In addition to serving companies directly impacted by the attacks, Comdisco received service requests from companies housed in offices in other major cities nationwide, where buildings were being evacuated, Moster said.

Efforts to help get customers back online in the New York metropolitan area were hindered by travel restrictions put in place after the attacks, including air and ground travel limitations, Moster said.

“In some cases, they just had difficulty getting people from New York to New Jersey,” Moster said. But Comdisco anticipated that by late Wednesday, it would have met all service requests related to the tragedy.

There are firms with needs beyond data backup, and EDS Corp. is helping a major financial services firm restore its network after it suffered an attack at the WTC, said Rebecca Whitener, director of security and privacy services with EDS in Charlotte, N.C., who declined to identify the firm, only that they were in the process of finding office space for them “across the river,” Whitener said.

The company has lost a “bit of transactional” data, Whitener said, but that is not the real issue for this company or for any company creating a business continuity plan.

“The challenge is to restore connectivity [to the network] and the desktop and to get to the backup information in terms of stored information. That is the critical problem,” Whitener said.

Although the future may include a matrix of traditional and IP-based disaster recovery, no amount of planning could have anticipated the incredible level of destruction that occurred last week.

“[Users] all [have data recovery plans], but on the other hand, this is a catastrophic event,” said Sunil Misra, managing principal of Unisys Worldwide Security Practice in Boston. In response, Unisys is providing a wide range of recovery and hosting services, Misra said. “Not everybody’s recovery plan talks about planes crashing into your building.”

There are also companies such as ijet Travel Intelligence Inc., which monitor and aggregate information from most of the major Federal law enforcement agencies in the United States. They take that information and put it into a security context appropriate for subscribers. Companies like this may soon play a more important role in the business community.

“You have to start with the context and create a taxonomy around that. Then we have the ability to go through thousands of pieces of information, legally accessible by the average person, and apply it to our intelligence context,” said Greg Meyer, CTO at ijet in Annapolis, Maryland.

ijet analyzes the data and sends its customers pre-trip travel intelligence reports, which are continually updated during the trip. The company also sends alerts as needed as well as the ability to connect to an ijet analyst.

“We do no go out and gather and analyze data on anything unless it is specifically related to a well-defined intelligence requirement,” added Meyer.

ijet signed a deal this week with Magnet Point to deploy a wireless component to its alert capability. By the end of the fourth quarter, subscribers to the service will be able to receive security alerts via RIM devices, SMS messaging, Windows CE devices, or WAP (Wireless Application Protocol) services on cell phones. Palm devices are expected a few months later as is text-to-speech capability for relaying information over the phone.

ijet gathers information for travelers in 10 categories, the most subscribed to being safety, health, and security. Among ijet’s current corporate customers are Archer Daniels Midland Co. and Prudential Securities Inc.