Assuring Business Data Continuity

By Jim Freund | Sep 13, 2001 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/884141/Assuring-Business-Data-Continuity.htm

In light of the fact that the recent terrorist attacks have had their greatest impact upon businesses, particularly financial companies, it is apparent that network managers and IT departments are being put to the test this week, and will continue to do so in the coming months. Businesses that do not have a continuity plan in place will find themselves hard put to recover from a disaster of this magnitude.

Few aspects of business will remain unchanged by recent events. Issues of privacy which were formerly taken for granted may well become a thing of the past as companies get increasingly concerned about their welfare. Security issues, dealing with both the physical plant and monitoring of data will become more stringent.

Network managers will be called upon to assure that if disaster strikes, particularly to the entire physical plant, there will be a way for the enterprise to get back on its feet as soon as feasible. One way is by making sure you have sufficient redundancy as part of your back-up plan, according to Henry Goldberg, Senior Analyst at Cahners In-Stat Group. "It's a good idea to back up all your critical information in an off-site data center," he says. It is clear that in this way, your information assets can survive whatever the circumstances may be. Of course, this does not let you off the hook for maintaining your own redundant back-ups; if for no other reason, to assure that if disaster strikes the data center itself, you are still protected.

Laurie Vickers, another Senior Analyst at Cahners In-Stat Group who works with data and voice networking, concurs with Goldberg. "There are three key elements for assuring recovery: redundancy, back-up, and geographic disbursement," she said.

The redundancy is called for in your network topology. Switches and Storage Area Networks (SANs) typically have used star configurations for their connectivity. Mesh configurations (sometimes referred to as fabric design) use multiple switches to connect to one another and their assets instead of only one so that there will be no single point of failure.

Vickers further imparts the advice that backups should be reviewed and assured that they exist on long-term media. Some of the older media may well have degraded to the point of not being able to recover it. Many companies still maintain boxes of paper-based backup of data, only to find that the ink has faded from the page. (Businesses that depend on paper-based information, such as conventional law offices where nothing less than a certified original will do, are in deep trouble.)

As for geographic disbursement, make sure that wherever possible, you decentralize. "If you have your offices in California, Nevada may be far enough away," Vickers opined. Enterprises should trade back-ups among their disparate offices, and should leverage the use of Metropolitan Area Networks (MANs.) Storage service providers have made great use of MANs to deliver redundant connectivity to their clients, thereby not only availing themselves of a broader customer base, but of being able to replicate data from one sector to another when called for. Asking to be pardoned for the expression, Vickers said "The cost isn't as catastrophic as it used to be."

Larger companies may also consider use of a recovery center, such as those provided by Comdisco. Roberta Witty and Donna Scott of The Gartner Group reported that "as of 12 September, 30 Comdisco customers were in the process of recovery, and Comdisco anticipated that all 35 would be in recovery by the end of the day."

Short of a complete disaster, there are steps you can take which will help out in an emergency. Another Cahners In-Stat Industry Analyst, Amy Cravens, suggested that "Moving the plant presence and Central Office to remote locations, such as the basement of your building or a nearby facility, will help assure connectivity in many instances."

A further precaution is to establish guidelines for dealing with and reporting Cyber Threat and Computer Intrusion Incidents (CIRT). An excellent example of a form you can use is available at the National Infrastructure Protection Center's Web site.

Reportedly, many of the financial companies that were housed in the World Trade Center had their data well-taken care of, and are already on the road to recovery. If your company has not yet implemented and tested such plans, take heed and be prepared. If there's nothing else we have learned, it's that the unimaginable can occur.

As for the human tragedy involved, please check in at our National Crisis Resources page to see how you can help.

Jim Freund is the Managing Editor of CrossNodes.