While disaster recovery planning trends can be tricky, it is safe to say that the job of managing and safeguarding data in a distributed environment is leading to a cloudconnected future. Step one in this shift is to stay ahead of the curve. If you have not upgraded your organization's infrastructure to move beyond legacy technologies, you should consider the dramatic benefits provided by this new generation of more capable, secure, efficient, and affordable cloud-connected data protection solutions.

If you are planning an overhaul of key IT responsibilities such as backup and recovery, you should look beyond disk-to-disk offerings to the benefits of cloud connectivity. With distinct yet seamlessly integrated on-premise, SaaS, and hybrid deployment models, you are sure to find the right mixture for your enterprise. And if you need assistance, CCSP-certified VARs and resellers are ready to help you get started.

With the advent of cloud computing, instead of just crossing their fingers or paying for the hardware, software, space, and staff required for storage, an entire mid-sized corporation can rent enough cloud space to keep a real-time, full-server backup copy of all its data, applications, and operating systems. Real time means that every keystroke, every email, every bit and byte is safe, and full-server means that every application and even the whole operating system is safe and available. And it gets better: it's also now possible to copy data into the cloud in real time, and itÂ’s possible to retrieve it from the cloud... just as fast.

What this means for SMBs is that if the store burns down or is flooded, daily operations can resume in minutes instead of daysÂ…or never.

• Develop the contingency planning policy statement. A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
• Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components.
• Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
• Develop recovery strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
• Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
• Plan testing, training and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
• Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.

The success of most business depends on Information Technology. However, business and technology environments are becoming more complex. Being prepared to respond to non-typical events - both planned and unexpected - that threaten to disrupt essential business systems and processes, is a major corporate concern.

A recent survey found that disaster recovery planning is a priority for many organizations. Eighty-six percent of IT executives said they have a disaster recovery plan in place at their organization. While the economy has affected IT budgets overall, 43 percent of IT respondents indicated the economy has not affected their disaster recovery investment (including planning) - with another 33 percent, saying investment in disaster recovery has become more important.

Organizations cannot control whether or not they will be affected by a natural disaster, power outage or other unplanned incident, but they can work to help ensure their business is prepared to respond to and recover from these events with minimal impact. Disaster recovery planning is an organizational requirement that can help reduce risk and help companies effectively respond to situations that threaten to disrupt essential business processes.

Janco Associates has found that enterprises that are successful:

• Focus on employee safety. Every disaster recovery plan needs to begin by addressing the physical safety and psychological well-being of employees. That means the plan must include alternative locations where employees can go if a primary work site is unavailable, as well as incident notification and escalation strategies. In addition, the plan needs to be well communicated throughout the organization so everyone knows how to respond in a disaster situation.
•   Conduct a business and IT impact analysis. Carry out a thorough analysis of people, information, application, and other resources to build an understanding of the consequences - financial and operational - of losing vital components. Take particular care to uncover interdependencies across the organization that is critical to staying in business. This analysis will provide a solid foundation for establishing recovery priorities and timeframes in your plan, allowing you to make informed decisions on where and how much to invest in disaster recovery.
•  Plan with business operations in mind. Involve all key stakeholders in the planning process, including IT, business leaders, human resources, corporate communications, and physical and information security managers. Be sure that in planning you coordinate with other business units in your organization to avoid potential conflicts, such as multiple business units depending on the same facility as a secondary site in response to an interruption.
•  Make the disaster recovery plan a living document. Business processes and IT systems undergo constant change in every organization. Your disaster recovery plan needs to keep pace with new workflows, business applications, and computer systems. Disaster recovery planning software can provide best practice methodologies to help you navigate through planning decisions and plan updates. In addition, regular testing will help you demonstrate your ability to recover and pinpoint areas for plan improvements.

The Virginia Information Technologies Agency (VITA) said in a statement that teams have been working throughout the weekend to restore data. In a nutshell, the IT infrastructure of the state of Virginia was reportedly crushed by an EMC storage area network failure. The Richmond Times-Dispatch reports that several systems are still down. The same paper said that Northrop Grumman will have to pay a fine for the failure. And the real kicker is that recently revised its contract with Northrop Grumman and extended the deal for three years. The state paid an additional $236 million for better service from Northrop Grumman.

Highlights of the Revised Contract - Operational Efficiencies

• Consolidates and strengthens Performance Level Standards with a 15% increase in penalties across the board if Northrop Grumman fails to perform on clearly identified and measured performance standards. - PAY-UP 
• Improves Incident Response teams to determine technology failures and expedite repair - FAILED
• Institutes clear performance measurements for Northrop Grumman that agencies can easily track - FAILED
• Adds new services to contract such as improved disaster recovery and enhanced security features - FAILED

Among the key parts of the VITA statement:

Successful repair to the storage system hardware is complete, and all but three or possibly four agencies out of the 26 agency systems have been restored. Agencies continue to perform verification testing.

Progress continues, but work is not yet complete for the three or four agencies that have some of the largest and most complex databases. These databases make the restoration process extremely time consuming. The unfortunate result is the agencies will not be able to process some customer transactions until additional testing and validation are complete.

According to the manufacturer of the storage system (EMC), the events that led to the outage appear to be unprecedented. The manufacturer reports that the system and its underlying technology have an exemplary history of reliability, industry-leading data availability of more than 99.999% and no similar failure in one billion hours of run time.

The outage was blamed on the failure of two circuit boards installed and maintained by EMC. It is a big disconcerting that two circuit boards can bring down a stateÂ’s IT infrastructure for nearly a week.

Among the things that don't add up in the Virginia IT outage:

• Why wouldn't these boards be replaced quickly?
• Why was there a single point of failure?
• Service was restored for 16 agencies, but 10 require a lengthy restoration of data. Where was the disaster planning? After all, Northrop Grumman touted its disaster recovery for the state just two years ago.
• Where did the IT management fail?

It was unanimously passed by the 50 countries that participate in the committee and provides an international agreed upon benchmark for emergency and disaster management for individual organizations.” In the UK the has created BS 25999, the Business Continuity Management Code of Practice offering general guidance, and the Specification for Business Continuity Management, listing the requirements that can be objectively and independently audited.

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don't have a disaster recovery plan or haven't updated yours recently, now is the time to take this critical step to protect your business.

At the same time there are more security requirements that need to be met.  With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

For example, initially it is necessary to understand the underlying risks and the potential impacts of disaster. This is the primary building block upon which sensible and cost effective business continuity plan or disaster recovery plan is built. When the plan itself is created, there are the maintenance and testing phases, to ensure that the plan remains current. Even having arranged all these matters there are the external auditors to consider - and of course, there is the not so small matter of ISO 27000, SOX, HIPAA, and PCI-DSS compliance.

The industry standard solution is the Disaster Recovery and Business Continuity Template by Janco Associates. The template includes all of the right tools to assist with business impact analysis and risk analysis. You can quickly create a core plan (some of Janco's clients have created an operational plan in less than thirty days), maintain the plan, audit the DRP BCP, and create a cost effective budget to support the disaster recovery business continuity process.

An Uninterruptible Power Supply (UPS) can protect the system from damaging power problems and improve server availability by allowing users to continue working without interruption during a short power outage. During an extended power outage, defined as any outage that might outlast the UPSs runtime, if the system is equipped with UPS shutdown software, it can communicate with the UPS and perform a graceful, unattended system shutdown before the UPS battery is exhausted.

A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:

• Define necessary staff levels for critical business processes
• Identify who can work remotely and who has to be in the office
• Validation of vaccinations for key staff members
• Identify the lights out processing issues for computer operations staff
• Identify the network and remote access capacity requirements – what percent of workers do you need to be on the system for the enterprise to continue to operate
• Train and test of users and IT staffs in how to operate from remote locations
• Put in place process for the synchronization of OS system patches and VPN updates – if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
• Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
• Define change management and version control processes to be used and how they will be controlled during the pandemic.

Keep people working with business as usual

Planning for employees, business partners and customers makes up the most critical aspect of business recovery planning, Janco Associates says. Depending on the nature of the outage, you may need to figure out how and where people can continue working. For a brief period of time, everyone may need to work remotely, but youÂ’ll need to have these contingency plans ready, along with automatic notification to tell employees to work at home.
Make accommodations for facilities

Facilities make up an important part of business recovery planning. According to the U.S. National Fire Protection Agency, 35 percent of businesses that experience a major fire are out of business with three years. So, if having everyone work at home is not the best option for your business, recovery vendors can provide interim workplaces such as prefabricated mobile offices or buildings designed specifically for use in times of crisis.

Secure information before the event

Data can make or break a business. According to the U.S. National Archives and Records Administration, 80 percent of companies without well-conceived data protection and recovery strategies go out of business within two years of a major disaster. Backup tape and storage testing services can help ensure that critical data will be available after a major outage. Ideally, says Janco Associates, backups should be performed offsite, preferably at a facility far away from everyday operations. "The best way to protect the information for a small business is to use a remote data backup facility, which actually transmits the data either overnight or at scheduled times to a remote site where it is stored."

Prepare alternate networking routes

Can you keep networks open - or restore them quickly? What happens if you don't have local area network (LAN) or wide area network (WAN) connectivity for an extended period of time? Or phone connections and e-mail? In the worst-case scenario, your business may not have access to any of these vital services. LAN and WAN contingency plans can include services such as remote data access so critical information can be managed and administered from any location. A failover system for e-mail is also highly recommended by Janco Associates, who note that keeping in touch with partners and customers can make all the difference in remaining in business. These solutions can be activated in seconds, but keep in mind that these systems need to be in place prior to an outage.

Keep technology up-to-date and aligned with recovery plans

Keep tabs on how technology is applied within your organization. This can be as simple as making sure a security patch has been correctly applied. Otherwise, recovery plans can be easily derailed when new software and hardware is added or upgraded without testing the potential consequences of changes to business technology. That's why experts like Janco Associates recommend routine system checkups, as well as longer-term business continuity and resilience planning services. "Resilience is the ability to take a blow and keep on going," they say.
Regular checkups provide the best results

Janco Associate recommentds business recovery plans be tested at least semi-annually.

"Plans go out of date very quickly," he says. "Exercise your plan at least once every six months. People find that"s when they realize what they really need to do to improve their plans.

Organizations that ensure survival following a disaster understand the basics of creating a good plan; however, there are many obstacles and pitfalls that can easily be avoided.

Based on working with thousands of customers, Janco Associates has developed a Disaster Recovery and Business Continuity Template that includes everything that you need to create a custom Disaster Plan.

You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.

Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery.

Nevertheless, the consensus within the DR industry is that most enterprises are still ill-prepared for a disaster. According to the Janco Associates Disaster Recover Business Continuity web site, Despite the number of very public disasters since 9/11, still only about 50 percent of companies report having a disaster recovery plan. Of those that do, nearly half have never tested their plan, which is tantamount to not having one at all.

These managers often need to build a compelling business case for deploying online data protection services rather than continuing current methods of backup and recovery – or implementing other onsite alternatives. In order to show the profitability of reducing operational costs through an investment in Software as a Service (SaaS) backup and recovery, an ROI analysis must:  

• Present the changing landscape of business data management, and the challenges this presents for protecting desktops and laptops throughout an organization  
• Identify all the costs of current methods (and other alternatives) of data protection  
• Estimate the cost savings of on-line data protection over both current and alternative methods

Such disaster recovery responders will be on 24/7 standby to attend the client site. The responder will have conducted a survey of the site in advance of an incident, noting critical information so that any recovery and restoration objectives will be expedited without delay.

Speed of response is vital: in order to reduce the level of disruption and physical secondary damage; and to limit the time in which function is lost. Dealing with an incident within the first few hours may reduce the total time of the disruptive event by weeks.

Download this outline learn how the Janco Disaster Recovery Business Continuity Template can reduce RPOs and RTOs even more. 

With lost data being a competitive liability, there is no room for downtime in today's business world.

The following steps should be taken when planning a presentation seeking to gain management support of a Disaster Recovery and Business Continuity program.

• Define the scope, objectives, and requirement - It is not enough to have an objective of getting more funding or gaining executive support.  Define exactly how much funding is needed, or exactly what form the executive support should take.
• Verify expectations - Define what management's expectations for the meeting are.
• Focus on business continuity - It makes more sense to get the commitment for resources to achieve a 24-hour recovery time objective (RTO) than to demand the resources for a two-hour RTO and get nothing.
• Anticipate objections - realize that the number one objection is the cost, and prepare accordingly. Let the results of the business impact analysis (BIA) justify the "investment" (not "cost").
• Prepare a competitive analysis - Executives care what their competition is doing. Annual benchmark studies and surveys are good sources of information on the investments in DPR/BCP being made by industry, by size of organization, etc.
• Prepare examples of what has happened to others - Remind the executives of the regulations that affect their business, and the impact of not complying with them. Examples of such regulations are Sarbanes-Oxley, HIPAA, Foreign Corrupt Practices Act, and Gramm-Leach-Bliley. In addition,  research companies that have been damaged significantly in highly publicized news stories because of their failure to act responsibly.
• Define the Risk/Reward of DRP/BCP - Research and develop the business continuity program's return on investment.
• Package Resources - Work with vendors like Janco Associates who can package infrastructure solutions like the Disaster Recovery Business Continuity Template to accelerate the process and minimize the cost.
• Get buy-in for key decision makers before you meet to ask for a decision - The effort will have greater success if key decision makers and other departments within the organization support the DRP/BCP program. The power of a presentation supported by key executives, marketing, IT security, physical security, human resources, facilities, and risk management is highly significant.

Here are some of the things that can go wrong with your data and the backup requirements that need to be addressed:

• Accidental or malicious deletion of critical data - Requirement that provides the ability to quickly and easily restore individual files and folders.
• Data that is lost or corrupted over a period of time - Requirement to roll back individual records to fix  database corruptions. The ability to recover data from any previous point in time, and have it as granular as possible.
• A crashed disk - Requirement to recover a disk volume is different than recovering a single file, but it should be done just as quickly, and with automation to help keep operational disruptions to a minimum.
• A server failure - Requirement to restore operations when replacing a broken server may be complicated by the need to install different drivers on the new system if the hardware is not an exact match. It helps to have the capability to move the application workload to a standby server (with different hardware) or virtual server while the system is being replaced or repaired.
• A local or regional disaster - Requirement when you lose an entire office to fire, flood, or other disaster, have a current copy of your important information in another location that is outside the disaster zone.
• Remote offices and branch offices - Requirement  to have a process in place to restore with minimal technical support as remote and branch offices often do not have the luxury of having an on-site technical resource to assist in backups and restores.
• Resource-intensive backup processes - Requirement frequent or even continuous backup that is not resource-intensive .
•  Security breaches - Requirement to secure data. When moving data between sites, it needs to be protected from potential security breaches. A breach of data security, whether actual damage is done or not, can be devastating to your company's reputation, as dozens of large enterprises and government agencies have found in recent years.

• Security - With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
• Business Continuity and Disaster Planning - As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, “follow the sun” (global 24/7) operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason – system failure, natural disasters – has a domino-like effect across the entire organization, at any time of the day or night.
• Flexibility - Most businesses now operate across international borders and CIOs must be able to respond to opportunities and challenges faster than ever before. CIOs are usually battling well-resourced organizations that may be based where the opportunity originated, or another globalizing company that is reaching out for new opportunities. In order to compete, a business has to be faster to deliver a product or service as good, or better, than that of potentially any other company in the world.
• Simplicity - Increases in technology have typically led to increased complexity. While per unit costs of technology are always decreasing, in aggregate companies see an increase in cost. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer an acceptable approach to managing information technology. Successful CIOs are investing in numerous technologies including; continuous data protection, virtualization, and wireless connectivity.  They are trying slim down ITÂ’s footprint while increasing their businessÂ’s competitive advantages. The CIO is typically in a difficult position, assessing where to try and cut costs while still moving forward with a plan to continually enhance IT services to the business.