Service and Support : Dealing with Disasters
ComputerWorld Singapore Vol. 8 Issue No. 5
By Gerald Wee
The September 11 attacks in the United States put the IT spotlight
on business recovery services. But as service providers themselves
advise, business continuity has to be engineered into every
process from the outset.
In today's fast moving information economy, an organisation's
IT system is often at the centre of many critical business processes
and activities. Any event that adversely impacts the infrastructure's
performance will cause the company's bottom line to suffer.
"Data is our lifeline in the information age we live
in," said Alwi Hafiz, director, global services, Asean, Compaq.
"Continuous access to information today is not an option: it's
a business imperative."
Strategic Research, a market research and consulting firm, says
the financial outage for a brokerage operation is US$6.5 million
($11.9 million) per hour. It also adds that failure of a credit
card sales authorisation system would cost US$2.6 million per
hour while the fees generated per hour from an automated teller
machine clocks in at US$14,500.
From a storage viewpoint, research firm FIND/SVP puts the average
financial loss per hour of disk array downtime at US$29,301
for the securities industry. The figure is US$26,761 for manufacturing,
US$17,093 for banking, and US$9,435 for transportation.
Whichever way one looks at it, it is clear that downtime is
money, regardless of whether it is a result of natural disasters,
man-made disasters, or critical hardware/software failures.
"For enterprises in Singapore, while we are less vulnerable
to earthquakes/hurricanes wreaking havoc on our business, we
still need to safeguard critical business operations and data
against viruses and system crashes," said Hafiz. "Also, cyber
attacks are not limited by geographical boundaries and hackers
could potentially break into a Singapore companies' enterprise
system if it is not well secured."
According to Gartner, two out of five enterprises that experience
a disaster go out of business within five years, and as such
business continuity plans and disaster recovery services are
necessary to ensure continuing viability. Renewed
emphasis
While such grim statistics have often gone unheeded over the
past few years, the recent tragic terrorist events have served
notice to organisations to get their act in order.
"We have seen a significant increase in the number of enquiries
on business recovery services," said Bobby Lim, general manager,
(Hewlett-Packard) HP Services, Southeast Asia. "We believe that
the September 11 incident in New York has heightened awareness
of such services." "Where business recovery used not
to be the number one priority in business operations, it has
become so in recent weeks," he added.
Eric Hoh, regional director, Veritas Software Asia South, agrees.
"With the attack, the need for comprehensive data
protection and disaster recovery plans is becoming a critical
component in the business recovery/IT strategy and has escalated
to the attention of the CEO (chief executive officer)," he said.
This endorsement of the CEO is important, says Ang Kian Kee,
manager, Business Recovery Services, National Computer Systems.
"Disaster recovery is a business strategy," he said.
"For maximum effectiveness, its implementation must be top driven
with support and commitment of the CEO and the Board." The terminology
used to describe such plans is often varied - disaster recovery,
business continuity, and business recovery - but the intentions
are plain and straightforward. "Disaster recovery
allows an organisation to ensure the continuity of its critical
business functions in the event of a disaster," said Wong Tew
Kiat, manager, business recovery centre, Singapore Computer
Systems.
Having a strategy in place significantly lessens and, in some
cases, even totally eliminates downtime and data loss associated
with disasters, said Lim. Total defence
The scope of such plans is extensive.
The goal for companies today, says Stephen Tan, advisory IT
specialist, IBM Global Services, IBM Singapore, is to achieve
a state of business continuity, where critical systems and networks
are always available. "To attain and sustain business
continuity, companies must engineer availability, security and
reliability into every process from the outset," he said.
In order to achieve this, it is vital that companies go through
a business impact analysis to study how a disaster might affect
each business unit, said Wong. "From this impact analysis,
issues such as recovery requirement, quantification of recovery
resources, recovery time objective, and recovery strategy, need
to be addressed," he said (see "Steps to planning success").
This involves a proactive approach to understanding the business,
determining which processes are critical to continuing that
business, and identifying all the elements crucial to those
processes. Specialised skills and knowledge, physical facilities,
training and employee satisfaction - as well as information
technology - must all be considered. "It is by thoroughly
analysing these elements that a company can accurately identify
potential risks and decide to accept, mitigate or transfer those
risks," said Tan.
One important point at this stage is to recognise that different
aspects of the company's operations require varying degrees
of recovery within the total business continuity process.
|