Data Management, When Things Go Wrong – Really Wrong!

Inland Business Catalyst Magazine Article written by John Ames, Published May 2008.

Data Management When Things Go Wrongs – Really Wrong!

When businesses think about disaster preparedness, they often think of a fire or another sort of cataclysmic occurrence. But there are other events—hardware failures, software failures, prolonged power outages—that vex companies on a more consistent basis.

For the times when things go wrong—really wrong—companies back up their data. But which data ought to be backed up? And how quickly can data be restored?

Enter John Ames, a business-continuity specialist at IT-Lifeline Inc., of Liberty Lake. IT-Lifeline offers off-site data management, which involves data backup, data restoration and crisis management.

Ames, a 33-year veteran of data backup and management, sat down with Catalyst recently to talk about data management.

In general terms, what should a company think about when looking at data management, data backup and data recovery?

Actually, you’d be surprised how few businesses even think about it.

One question is: What do you do with it once it’s backed up? There’s a right place to put it and a wrong place to put it. Taking it home is not an option. It should not be an option for the business.

Put it someplace safe. But then the other side of that is, if you have that event, even though you’ve got your data backup, how long is going to take you to restore that data? Most businesses that are backing up are traditionally doing so up to tape. Now, the average tape restore with the average company data—if there really is such a thing—takes three days.

Look at dependency on technology in today’s world. That technology is what drives our ability to communicate with the customer. Can you tell the customer, “Come back in three days because we haven’t quite restored our data yet”? If you happen to be in the banking business or the financial side, can you say, “I’m sorry. I can’t give you your money. I can’t deal with your investment. I can’t help you because I don’t have your data”?

That’s when customers start looking at electronic backup, or digital backup, because digital restore takes minutes as opposed to days.

We do a business-impact analysis where we ask what functions need to come back the day of the event. Which means (snaps his fingers) instantaneous. You identify all this stuff that needs to be recovered; you identify when it needs to come back; and then you match the data-backup solution.

What it really boils down to is how much risk you want to assume and how much money you want to spend. Some folks need that digital backup. Some people can stick with the traditional tape restore.

Why do companies decide to back up data off-site?

Some of them are actually being forced into it. There’s the regulatory driver out there. The banks and the medical community—they basically have no choice. They have to back up; they’ve got a lot of data, and they’ve got to use the tools and deal with some of the redundancy. They have no choice.

One of the biggest drivers we see today is a client driver. The client wants to do business, but the first questions out of his mouth are, “Do you have a business-continuity plan? Do you back up your data? Could you help me if your building decided to burn to the ground?”

How many businesses are operating without a backup plan?

I just was doing some research, and 50 to 60 percent—depending on which article you read—of businesses don’t even have a plan. They haven’t gone through what the industry calls an enterprise-wide, process-oriented approach to looking at their data. Then they don’t know whether they’re backing up the right data.

Are they backing up? Sure, but you know what they’re also doing? They’re taking it home. Other say they take it and put it in a bank vault. Banks are only open what percentage of the time? If your building burns down on a Friday night after 5 p.m., you can’t get to your data till 8 o’clock on Monday morning. And if you’re in a position that you need that data to support your clients, you’re out of luck.

So again, they don’t go through that process, and they don’t know what they’re adequately backing up, if they’re adequately backing up, and then we’ve got the testing side of that. Test that data to make sure that if you have an event, what you bring back is what the business expects to see. There’s a number that’s been floating around since Katrina/Rita (hurricanes that hit the Gulf Coast in 2005) that 300 businesses declared a disaster. That means they had someplace to go, which is good. But when they got there, it really became a data-backup issue because almost 75 percent of that bunch could not recover 100 percent of their data. In some cases, the data that were actually restored was not what the business expected to see. So there’s this gap that exists.

When you talk about events, one of the examples you give is a large-scale natural disaster, and the other is a fire. Those are things that certainly can happen, but not the sorts of things businesses run into every day. Are there other events that are more common?

When you look at the five leading causes of business-disaster declaration, No. 1 is computer hardware failure. No. 2, computer software failure. Three and four are telecommunications failures inside the organization and outside the building. Five is power failure. Those are the five leading causes of business-disaster declaration over the last 30 years.

Those are the events that people don’t even really think about. We actually lead people through an exercise of natural events, technological events and human-caused events, and then they look at it from their organization’s perspective. People need to look at all those types of events and determine what the impact on their business would be.

Talk a little bit about what types of redundancy you try to employ.

My first approach to planning when I worked for the bank was I wanted them to have a second data center. Obviously, if the first one went down, we’d have the second one. And the response from senior management was, “We’ve already got one of those. It’s expensive enough, and we are not going to have two.”

All right, but what we look at is what equipment really needs to be off-site somewhere. Take for example the exchange server used to deal with e-mail. That’s how people do business today. We have exchange servers located in this building that are mirror images of what’s running in our clients’ businesses because they can’t afford to be without e-mail. But it’s only the exchange server; it’s not everything.

For some, it is everything. Rockwood Clinic has an 8-second failure backup for the patient-care system. There’s a liability associated with not being able to, in their case, address the symptoms and deal with the symptoms and the whole nine yards. So, something goes wrong at its facility on the South Hill, there’s a little flicker of the screen—literally. It’s invisible to the doctor and the patient, but it’s critical.

A lot of the data that you are talking about is confidential or of a sensitive nature. What about the security of the transfer of that data?

There are a variety of ways to do that. We have information coming in directly off the Internet. Some of it is encrypted, and some of it’s not encrypted. I’ve talked to folks about risk and data protection. The tool that we use is an IBM tool. It’s not a Microsoft product. The way viruses work is basically they go from Microsoft product to Microsoft product to Microsoft product to Microsoft product. There’s a canyon between Microsoft and IBM technology and the software that runs them. You can’t pass that on. A lot of customers like the IBM solution because of that gap.