DR/BC

Needed: Continuity

Demand for continuity varies according to business requirements and hence it is affecting the DR/BC policies of medium businesses. By Kushal Shah

We live in a world of absolute uncertainty with the risk of losing everything we have in no time at all. Disasters can well make that risk a reality. In last five years we have probably seen more disasters than in the last five decades. Disasters can occur in any form; be it a natural disaster such as earthquake, floods or a hurricane or a man made situation such as theft or fire, virus attack; all of which result in immense damage to property and other assets.

Imagine the situation of a company which runs a real-time critical operation whose data centre gets washed out in a flood-like situation. All the branches of that organisation across the country come to a standstill with losses ranging way beyond the imagination. Losses are inevitable in case of a disaster, what is required is a way to minimise these losses. Organisations need a well structured disaster recovery policy through which they can resume business in no time at all.

The medium segment of Indian enterprises is a little bit better in terms of DR and BC policies. It lacks proper implementation even though critical operations running across the country are not uncommon. According to the survey, only 27 percent of organisations had their DR and BC plans in place. It is not about maintaining the continuity of business at a single office; these companies all have multiple branches in India which need business continuity. An average of 13 branches in India, most of them interconnected usually have a single point of failure. A disastrous situation at the headquarters or main server will result in zero business. Maintaining a hot or a cold site seemed out of the reach of these organisations which lack hefty budgets for such processes. Rather than spending millions on DR/BC processes which doesn’t yield much value for these organisations, they can go in for various other policies which can enable them continue their business after any event or it should be such that the downtime faced by them is minimal.

For such organised implementation, all they need is proper understanding of technology and the tags of benefit associated with it in terms of better ROI and customer satisfaction.

Segmented importance

The importance of DR and BC varies from business to business. Some businesses are data critical and some are not so dependent on data and can even work for a few days without access to data. For such companies heavy spending on DR/BC operations hardly serves any purpose. On the other hand, businesses such as financial services and IT/ITES are completely dependent on data and the continuity of business is of high importance. All have some way or the other to tackle disasters. They have various means of backing up data and continuing to do business in a crunch situation.

The most cautious segment which cared the most about business continuity was IT/ITES. Almost 50 percent of the organisations in this category cared about this issue and had a defined DR/BC policy. Many ITES companies, for whom the business revolves around client data and providing round the clock service, take every possible step within their reach to improve business performance. All of these companies had well-defined recovery time objective and recovery point objectives. Even after these policies are in place, implementations of high end technologies and hardware are few. Most rely on disk-to-disk-to-tape methods for maintaining data and applications. “We are not at all looking for a dedicated DR site. What we are doing is managing the organisational data very well,” says Navin Kumar, Vice President –Technology, Go..IP solutions Ltd. Apart from traditional data backups on optical media such as CD or DVD they are using five levels of RAID for storing and securing data. According to Kumar, it would not take more than half an hour to get business up and running after a disaster.

Business continuity for such ITES companies should be such that even if one of the centres or branches goes down, another office should take the load and continue the business with minimal wastage of time. Regular drills should take place in order to assess the process which will make the job of an IT manager easier.

The sector which had the best security in place as far as technologies and implementations are concerned; FMCG /Consumer Durables was last in implementing the DR/BC policies and planning. Only 18 percent of the organisations in this segment had taken care of these issues. Low concentration on DR/BC policies in this segment can be because of low usage of computers for day to day business in this sector which is evident from the fact that the average number of computer nodes for this sector is around 75, whereas the industry average is 361. Though the aggregate of implementations were low, whoever had some system in place had the full knowledge of the seriousness of the topic and had taken best possible measures to make sure that the system can recover from any calamity. Companies such as Apeejay Surrendra Corporate Services didn’t have a cold or a hot site but they had well defined storage policies and off site storage facilities which are being managed by a full fledged IT team of over 50 people.

Next to the top spot taken by IT/ITES, Manufacturing/ Engineering comes second but way behind IT/ITES. Only about 29 percent of organisations in this category have a DR/BC plan in place. Some of them are not so data critical businesses and some have taken serious steps towards making their business continuous at all the times by making sure that data is safe and recoverable at all the times. OM Logistics Ltd is even planning a dedicated DR site. On the other hand, BLA Industries limited is taking all the steps to ensure data security and reliability by constantly backing up the data but RTO and RPO do not serve any purpose for them as the business can even run for two to three days without the IT infrastructure, after all a coal mining site can certainly work without relying on computers.

Most other verticals ranged between 20 to 30 percent implementations in terms of DR and BC planning. They all looked at DR in terms of securing and backing up their data.

What they do

Organisations like these spend a significant amount of money on IT. The average expenditure on IT lies in the range of Rs1.7 crores for the medium segment. Unfortunately hardly any amount is spent on DR/BC operations. The most common practise amongst these company’s heads is that of adopting disk-to-disk-to-tape backup policies. Most organisations have a dedicated backup server for storing data and which in turn is archived on to external tape drives.

“Real-time backup of critical data is taken on the server automatically and with the help of scheduled operations, this data is retaken on to the tape drives offline,” explains Atul Bansal, Manager –IT, BLA Industries Limited. He adds that the data is initially taken on to the local server which is located at the remote site and from there the local data is archived on a weekly basis and finally the central server is updated with the help of this data. Retrieval of this data does not take much time but they can even do without the recovery for few days because of which they do not have any RTO or RPO. Even if it is not so critical, they are planning to spend on a hot site in the near future.

Almost similar process is followed by Apeejay Surrendra Corporate Services, “The data is stored in centralised storage devices. Regular archival of the data is also a common practise for us which is done twice a week. At the offsite location data is stored in a locker. After all these local processes, the head office server is updated with the changes,” says Jitendra Nath, CTO, Apeejay Surrendra Corporate Services Pvt. Ltd.

Jagsonpal Pharmaceuticals Ltd backs up data with the help of optical media apart from storing data on servers. “Apart from these technologies, we make our employees aware of the importance of backing up data and tell them to back their data on their own on regular basis. On an organisational basis, only application data is stored on to servers,” says Prakash Pradhan, Head –IT, Jagsonpal Pharmaceuticals Ltd.

OM Logistics relies on the main server at the Delhi office for data storage and backup and takes occasional backups to a tape library and special storage devices. This process takes about seven to eight hours for recovery. Wagh Bakri, a major tea provider, makes use of replication facility of the servers to copy backed up data. The archival is done with the help of DVDs.

Some companies have no provision for organised DR/BC. Pasupati Spinning and Weaving Mills Ltd use traditional backup policies in the form of CD and DVD backups without any IT department in place which surely poses a threat to the data.

Need of the hour

With number of disasters growing at the rate faster than most economies, it is essential to make provisions to handle the worst case scenarios. Once gone, data is gone forever; one catastrophic event can wipe out the data on your existing system forever and if not backed up, a lot of critical information can be lost. Organisations need to understand the criticality and the importance of their data and need to continue doing business. All growing companies want to have their piece of the pie in the growing economy but nothing can be achieved with a slow paced business. One needs to work round the clock for better results and customer satisfaction. In order to achieve this goal, one needs to put an expert to planning for business continuity and data recovery to survive.

Organisations are spending a lot on their security, but they forget that no security is foolproof. There is always room for some attack to take place. Once attacked, only option left is to recover the system with the help of stored backup and carry on with the business as usual. In case of absence of a recovery plan, the entire organisation will grind to a halt and all the critical data can be lost which, in turn, will affect your business since customers will churn away to your competitors. Organisations should plan polices keeping in mind their needs and budget, and if needed there is no harm in increasing the expenditure on DR/BC processes and reducing less critical IT spending.