People, Planning Key to ‘Business Continuity’

Despite all the publicity and money devoted to information security,
problems continue to confront IT professionals from a variety of directions.
While hackers and disgruntled employees attract a great deal of attention,
natural and unnatural disasters also can have a devastating effect on the
security of an organization’s data.

The ability to recover from an incident that could potentially devastate
your data is sometimes known as “disaster recovery,” and it received a lot
of attention in the wake of the terrorist attacks of Sept. 11, 2001. But
some fear the term disaster recovery highlights major incidents like the
destruction of the World Trade Center that would directly affect few
organizations. Rather than disaster recovery, which could provide a false
sense of security to organizations that remain at risk from everyday
problems, others prefer to use the term “business continuity.”

Business Continuity

A number of relatively everyday occurences, such as utility workers hitting
a line or a basic office relocation or server migration, can put businesses
at just as much risk as a national disaster. According to experts,
organizations are still woefully unprepared for incidents like those when
the mundane becomes a disaster.

“What needs to happen is an intelligent customer needs to realize it doesn’t
take 9-11 to bring a business to its knees,” said Elaine Price, CEO of CYA
Technologies, which develops software for security, business continuity,
back-ups and archiving.

CYA’s products focus not only on saving data, but on preserving business
processes and the relationships between data. According to Price, it’s
saving the processes during a disaster that allows your business to
continue. For large software installations of the content manager
Documentum, for example, every client’s system is different and it’s not
easy to go back to the drawing board when something goes wrong.

Where to Start

Figuring out where to start when developing a business continuity plan can
be a daunting task. “Information that is the lifeblood of your organization
should be at the top,” Price said.

Developing a plan takes more than one person. Organizations developing a
strong business continuty plan will go department-by-department and find
someone who understands the processes used by each department and discern
what is mission-critical. The highest-priority information must be kept in a
back-up location with the proper hardware and software.

After taking an inventory of your assets, processes and components;
prioritizing; and identifying the key people involved in maintaining
continuity, more work has to be done outside of your organization. Who are
your external service providers? What type of recovery and continuity plans
do they have in place?

According to Price, people often confuse high availability with business
continuity. Making sure a Web site can handle a surge in traffic, for
example, is a different matter entirely than making sure the site still
operates when a building is destroyed by an earthquake or fire.

“People get overwhelmed,” Price said. “At what point do you feel like you
have enough insurance?”

Budgets vs. Safety Nets

With IT budgets still tight, many organizations are forced to choose between
implementing a business continuity plan and running the risk they won’t need
one. Price said CYA has spoken to customers who have been waiting to buy for
six months but haven’t gotten the funding.

“Companies know they need [business continuity],” she said. “But they are
being put through gruesome processes to cut a check.”

In some cases, it may fall to the IT staff to convince senior management
that a business continuity plan in necessary. The basic selling points
should be liability and potential loss of revenue. One old standby is to
examine what the competition is doing. You can also come up with realistic
scenarios that could effect your company and estimate what impact they would
have on your organization.

It’s not a problem of technology. New storage systems give users tighter
control over what to keep and for how long. Archiving software can take
users back to a certain point in time.

“Today, the technology is there, the problem is with the people,” Price