U.S. crisis puts disaster planning at the forefront

Faye West remembers when the brass turned down her proposal to conduct a test of her company’s disaster recovery plan. “It hadn’t been acted on. I suppose because it wasn’t a priority,” she said.

However, when West, director of information systems at the Alberta Research Council in Edmonton, arrived at work on Wednesday morning, she got a small taste of the changes overtaking the post-terrorist attack world.

“This morning, [the plan] was approved – without comment,” West said. “I don’t think it’s a coincidence.”

Only days after the devastating terrorist attacks destroyed parts of New York and Washington D.C., it’s already become commonplace to hear how the world is no longer the same. And experts say the IT community will not be immune to those changes.

“Anytime a disaster occurs it causes all of us to realize that this could happen to you,” West said. And that means many firms will be taking a closer look at their own data security and disaster recovery plans.

Not only will West hire a firm to help the Council test its disaster readiness, she said the mayhem caused as survivors tried to reach family members made executives realize that they don’t ask travelling staff members to leave their contact information.

“We knew what city they were in, but we didn’t know how to reach them,” she said. “I think that will probably be a corporate policy from now on.”

Bill Margeson, president and CEO of CBL Data Recovery Technologies Inc., a Markham, Ont.-based firm which specializes in helping companies both prevent and restore lost data, said it often takes an emergency to get IT folks seriously thinking about backup plans.

“We always see the underbelly. (Customers) come her for surgery,” Margeson said. “People feel too secure. It’s an illusion.”

Although something as catastrophic as the World Trade Centre bombing can hardly be predicted, Margeson said business and IT executive need to ask themselves how crucial their data is to their future prospects, and plan accordingly. He pointed to the devastating 1999 mudslides in Venezuela, when a company lost the country’s manhole and sewer line maps, as an example.

“When there’s this kind of quality of data, there has to be archival strategies, for sure,” Margeson said.

CBL has an office in Armonk, N.Y, located just outside New York, and Margeson said he plans to send extra resources there in light of recent events – but only if demand warrants it. “We don’t want to be seen as vultures waiting in the wings,” he said.

Analysts with Stamford, Conn.-based research firm Gartner Inc. held a phone conference on Wednesday to offer advice on disaster recovery and business. Their advice to companies: prepare yourselves, because business in the U.S. has changed forever.

They pointed out how the World Trade Center and Pentagon attacks underline the need for disaster recovery plans, crisis management teams, and business-continuation processes throughout corporate America.

On a more dramatic note, one analyst stressed that nearly all aspects of U.S. business need to be reassessed because the country has moved into a political climate of heightened terrorism, and perhaps war.

“One thing I would urge companies to do is not to take this particular type of incident as isolated, (and as one that is) not going to happen in the future. Massive terrorist attacks are no longer just the realm of theory,” said French Caldwell, a research director with Gartner who focuses on U.S. policy and non-IT threat assessment.

Another analyst, Rich Mogull, warned that the way companies conduct business online will change, too.

“With global tensions increased, especially if the United States takes retaliatory action, we can expect attacks on our infrastructure,” Mogull said. He suggested companies should assess the likelihood of cyberterrorism and closely monitor Web sites for signs of attack. The institutions he considers to be at high risk are financial and e-commerce companies, as well as infrastructure concerns such as airlines and utilities.

Other analysts stressed the importance of having a disaster recovery plan that is simple to follow, documented, and known by employees. Relying on one employee or on a process that is not documented will only leave a company vulnerable, especially in a life-threatening event.

Gartner analysts also said that it’s never too late to devise a disaster recovery program. Tuesday’s attacks should give concerned IT professionals working at companies that haven’t devised such plans the proof they need to convince executives of the importance of disaster recovery plans.

West noted that devising a recovery plan involves many complications and details, as well as weighing each risk with possibility. But she said few if any firms could have been ready for events on the scale of those witnessed on Tuesday.

“I don’t know if it’s reasonable to try and plan for that.”

– With files from Cara Garretson of IDG News Service

Gartner Inc. is at http://www.gartner.com

CBL Data Recovery Technologies is at http://www.cbltech.com

The Alberta Research Council is at http://www.arc.ab.ca/