FRAMINGHAM – While bracing his IT systems to weather another hurricane season, Max Prather can’t help but recall just how swiftly undetected weak points in his IT disaster recovery plan were cracked by Hurricane Katrina.
“We thought we were prepared but did not count on a complete disaster. It may have well been a nuclear bomb; that’s how much it affected our business,” said Prather, IT manager at the Louisiana Organ Procurement Agency in Metairie, La.
The nonprofit organization’s offices sit less than eight miles west of New Orleans, which was devastated by the massive storm in August 2005.
“I would hate to see any company go through [such] a disaster to see exactly what’s wrong with its plan,” Prather said. Last Friday marked the official beginning of the Atlantic hurricane season, which runs from June 1 thru Nov.30. Weather forecasters say conditions this year are ripe for spawning several major storms.
Prior to late 2005, the organ procurement agency’s disaster plan focused on having some patient and employee data hosted on NeoSpire Inc. servers in Dallas. However, when Katrina hit New Orleans, employees scattered and the agency lost power, phone service and Internet access, exposing gaping holes in its electronic communications strategy, said Prather.
After the storm, the agency deployed Neverfail for Microsoft Exchange, a disaster recovery system from Austin-based Neverfail Inc., to ensure uninterrupted employee connectivity throughout service shutdowns, Prather said.
The organization has also added an internal backup generator and fail-over phone system, implemented daily backup procedures, and constructed a hot site and duplicate server environment in its Shreveport, La., facility, Prather noted.
The organ procurement agency continues to use the hosted servers in Dallas, he added.
Thomas Comella, CIO at Neighborhood Centers Inc. in Houston, also updated his company’s backup plan following a major hurricane. Comella said he decided to abandon the company’s policy of storing backed-up data in a nearby facility once he saw how employees were scrambling to evacuate from Houston ahead of Hurricane Rita in 2005.
Earlier this year, the nonprofit operator of community centers and educational facilities in southeastern Texas began using ViaRemote, a backup and managed services offering from Arsenal Digital Solutions USA Inc. in Cary, N.C.
“We had a couple of close calls a few years ago, and we knew we needed to do something with our data,” Comella said. “My main goal for this [hurricane] season was to get this [backup service] up and running so my data would be safe off-site and out of the city.”
Other users say spending money on unused disaster recovery plans for years can prove prescient when a major storm hits. For example, the Calcasieu Teachers and Employee Credit Union in Lake Charles, La., made little use of its contract with SunGard Availability Services in Wayne, Pa., to provide backup systems for about eight years prior to Hurricane Rita.
But when that storm hit, a SunGard Mobile Data Center housed in the trailer of an 18-wheeler took over the IT systems and kept the company in business, so the investment paid off, said CEO Bruce Thomas.
“Going into the [SunGard] contract, we felt like you have to look at what is your biggest threat,” he said. “For us, the biggest threat is a hurricane.”
Researchers at Colorado State University in Fort Collins have said that 17 named storms, including five with winds of more than 115 miles per hour, could form in the Atlantic Ocean this year. In comparison, a typical hurricane season includes two major storms, noted Philip Klotzbach, a research associate at the school.
James McManus, a technology risk management professional at Jefferson Wells International Inc., a consulting firm in Brookfield, Wis., suggested that companies take several steps to protect against hurricanes. First, he said, IT managers should distribute to employees USB thumb drives carrying critical data and application backups that could be used from remote locations in an emergency. The drives should be kept up to date and stored off-site, he said.
McManus also said that companies should set aside time to perform a complete business- impact analysis, including ranking the importance of systems to determine which ones should be brought back online first after a disaster.