Archive for the ‘Operational Resilience’ Category

The Hidden Cost of In-House Backup

Posted: March 6, 2013, 9:05 am

By

Today, businesses must deal with expanding data volumes, the added complexity of highly virtualized IT environments, and a growing number of regulations and laws regarding data preservation and retention.

These factors make data backup more complex, time-consuming and critical than ever before. As a result, the staff time required and cost to perform backups are both increasing.

With the lingering tough economic conditions, tight IT budgets and IT staffs being asked to do with fewer resources, it is time to take a closer look at backup operations and evaluate available options. What many businesses will find is that a managed service approach, which was perhaps dismissed in the past as being too costly, might be the best choice today. The reason: There are significant hidden costs associated with their in-house backup operations. And these costs are increasing as data volumes and retention regulations grow.

Let’s take a look at some of the in-house backup costs that are often overlooked or under-estimated:

Businesses must incur the expense of developing and testing backup strategies, selecting and deploying solutions and training staff in backup technology and procedures. And they need to pay to have staff available around the clock to conduct backup operations and respond to problems.

As data volumes grow, more backup hardware must be added. Beyond the CAPEX costs to acquire the additional hardware, there are many operational costs to consider. More data means more backup devices to manage and maintain and longer backup run times.

Then there are software costs. Most backup software vendors charge for licenses based on capacity. Several industry studies have found that data volumes for organizations tend to grow by 20 to 40 percent year over year. So when evaluating the costs of in-house backup, businesses must include annual increases for backup software license fees. Beyond licensing fees, business must pay ongoing annual maintenance fees for the backup software. These fees increase with additional capacity.

Today, many businesses use deduplication technology to help rein in the volume of data that must be stored and backed up. While deduplication reduces storage requirements significantly and therefore slashes overall storage costs, deduplication software nonetheless comes with its own up-front costs, including the initial software license cost. As with the backup software itself, deduplication software vendors require businesses to pay more for software licenses as storage requirements increase. And deduplication software vendors require ongoing software maintenance fees.

All of these hidden costs can add up. And most of them are eliminated or reduced when using a managed backup service.

In fact, there are many advantages to using a managed service for backup. To start, CAPEX costs for backup equipment are eliminated. OPEX costs of developing a backup plan, training, and operating the equipment and running the operations are eliminated or greatly reduced, compared to performing the same tasks in-house.

Rather than buying and operating a system based on the anticipated needs for the next three years, a managed backup service lets businesses pay for the backup capacity they need today, and add capacity as needs grow over time.

Additionally, using a managed service frees up data center space; the facilities and electricity charges to power and cool backup equipment are passed on to the provider. Further, a suitably selected provider can provide the expertise needed to comply with new data retention regulations or simply ensure data is preserved for any future eDiscovery efforts.

Learn more about SunGard Backup and Replication services.

Tags: , , , , , , , , , , , , ,

Posted in Operational Resilience, Recovery As a Service

Add a Comment

Fireproof Your #DisasterRecovery Plans, Because Life is Like a Box of Chocolates

Posted: October 17, 2012, 1:11 pm

By: Nora Hahn, Sr. Marketing Communications Manager, SunGard Availability Services

Last year, Texas was undergoing its worst drought on record.  Scorching temperatures and seven months without rain was wreaking havoc on the state.  But Labor Day weekend was in sight, and my family couldn’t wait to take a little holiday in the Texas hill country just outside of Houston in the small artsy town known as Round Top.

We’d rented a cottage big enough for the grandparents, kids and grandkids, complete with a pool, a couple of horses and one giant Longhorn steer.  Along the way my sister stopped off in Bastrop, Texas – a nearby German community – at an authentic European chocolate shop.  She purchased a box of hand-crafted German chocolates that danced on your tongue and reminded your taste buds what heaven must be like.  We savored these special treats every night after dinner and coffee amidst the cool breezes and cicada symphonies.

This little chocolate shop was known throughout the state as the real thing – real chocolate made by real Germans, based on old country recipes.  Anyone traveling between Houston and Austin knew this was the place to go for a sweet treat that couldn’t be found anywhere else.

A couple of days into the trip, we received a jarring phone call at ten o’clock one night: Wildfires were spreading throughout the hill country, and we were to stay alert for possible evacuation notices.  Thankfully, we never got a second call.  But the next day we learned that the little chocolate factory had burned to the ground.  The place was annihilated; everything was lost – every spoon, every ounce of chocolate, every piece of special candy-making equipment from Europe.  The only thing saved was the owner’s special recipe book and around $200 from the cash register.

To this day, the chocolate shop is still closed.  The owner posts regular updates on his website, but the chocolates are a distant sweet memory.

What’s a small business to do in a situation like this?  Is any business too small to have a back-up plan?  How do you prepare for a disaster that comes out of nowhere?

In today’s technology-dependent world, companies of all sizes have to have a business continuity plan.  Not having a plan for retrieving your business files or connecting with employees, suppliers and customers is deadly.  I was reminded of this in reading SunGard’s white paper “Five Reasons Why Disaster Recovery Plans Fail.”  The little German chocolate shop had no way of contacting its customers or even its business partners.  The owner was left to using a PC and internet connection provided by his hotel.

First things first – personal safety and rebuilding physical structures matter most.  But staying connected to customers, business partners and colleagues is the next step.  The wildfires in Colorado this summer are a stark reminder of the dangers imminent in our unpredictable weather patterns.

In short, your business is never too small to have a disaster recovery plan.  Because as Forrest Gump once said, life is like a box of chocolates: you never know what you’re gonna get.

Learn more about Disaster Testing in this month’s edition of the INSIDER.

Tags: , , , , , ,

Posted in Disaster Recovery, Mobile Recovery Services, Operational Resilience, Recovery As a Service

Add a Comment

Q&A with @SunGardAS User Group Forum Keynote Speaker, Michael Leiter

Posted: October 15, 2012, 9:37 am


Michael LeiterMichael Leiter serves as an expert on counterterrorism, cybersecurity, and national security for NBC News and worked as the director of the National Counterterrorism Center (NCTC) from 2008 to July 2011.

On October 15, Mr. Leiter will deliver the keynote address at the annual SunGard Availability Services Business Continuity International User Group Forum at the Chicago Marriott Downtown from Oct. 14 – 16. In his address, “Leading in a Crisis: Before, During, and After,” Mr. Leiter will share lessons on instilling leadership while managing a crisis and describe his experiences with helping manage scenarios that impacted the nation’s security.

The SunGard International User Group Forum is a symposium that offers peer-to-peer sessions on business continuity (BC), real-life case studies of disaster events and success stories of business continuity plans resolving operational disruptions. Attendees will also learn about implementing BC software in an organization and view the next generation of BC Software enhancements that will shape the future of business continuity management. Follow the conversation on Twitter at #SunGardUGF

In advance of the User Group Forum, SunGard asked Mr. Leiter for his opinions on leadership, crisis management, overlooked factors, and how enterprises can learn from national security threats.

What is the most important factor in leading an organization through a crisis?

First and foremost, it’s the idea that planning is not just for a predicted future. Planning is critical for responding in a time of crisis. It allows you to understand your organization, its surroundings, and what you are faced with. And when an unpredictable or predictable event occurs that throws a wrench in works, it is that planning which allows you to respond in a crisis and change the organization’s priorities because you understand it so well.

When is leadership most important when a crisis or business disruption arises?

I’m a very strong believer in leadership from the very top at all times, but especially before and during a crisis. It affects every part of the organization. Part of the responsibility of the highest level of leadership is to create champions in every part of the organization for your business continuity and crisis plan.

Your professional background includes roles in the highest levels of government, including at the U.S. National Counterterrorism Center and the Office of the Director of National Intelligence. Even at highly organized organizations with respected leaders, do you find that crisis planning still has a role?

When you have a crisis, the best laid plans go out window, except for those pieces that help you understand how your organization can shift and change to respond to new situations. Also, in my experience, in terms of planning during a crisis, it’s critical for a leader to understand all components of an organization and what its capabilities are. Because unfortunately, no matter the organization, many people in the organization may very well lose their cool. The more you have thought about what the organization can do and cannot do, the better position you will be in to react to that time of crisis, to adjust to changed circumstances, and then reshape the organization beyond the period of crisis to be more effective when you have new requirements upon you.

How do you apply lessons you learned from managing major national security threats as director of the U.S. National Counterterrorism Center to business continuity planning for enterprises?

Let’s take the raid on Osama bin Laden [in May 2011] as an example. This was an undertaking that required an enormous amount of planning in the run up to the raid. At various intelligence agencies, people had been working on this mission for over a decade. They had been planning and thinking and identifying every possible eventuality. In this particular case, we knew when the crisis might arise, which was when the operation would be enacted. So in last two weeks before it became active, the plans were shown to an entirely new group of people who had not been involved at all. Everything was presented to them, and we said, “Come up with all the eventualities you can and tell us all things we might be getting wrong.”

Another example is the attacks in Mumbai, India [in 2008]. In evaluating security threats, it was typical at the time to always talk to local authorities like the police. In the Mumbai attacks, it turned out the attackers used fire as a weapon while inside a large building. This was an eventuality no one had thought about.

I think any organization can learn from these examples. It’s great to have intelligent, well-informed people involved in business continuity planning, but also it’s also critical before the finalizing that plan to step back. You want to give that same information and the scenarios to a group of people outside the organization who understand the problem, but who aren’t emotionally involved to the outcomes or the plan. The goal is to try to come up with alternatives to find where the planning may have gone off the mark and to identify the problems.

What are your recommendations for initial steps for building a BC/DR plan for an organization of any size?

You have to start small. You can’t plan for all eventualities and you shouldn’t start with everything falling apart. Start with a smaller crisis, such as what happens if you lose your company email. That can be a crisis, for sure, but it’s much different that losing all your electronic storage. In national security planning, we don’t start with a nuclear attack on Washington. We ask what would happen if there were a suicide bomber in Washington, D.C. and how we would react and handle that. It’s much better to start from a smaller crisis and build out.

As a former national security leader, you had stakeholders across a wide range, such as the White House, agencies like the CIA and FBI, Congressional leaders, and, more broadly, the American public. What advice can you share with organizations about communicating effectively during a crisis to all its important stakeholders?

One thing that immediately comes to mind is that it’s very easy to assume that you understand what a customer wants when a crisis hits. In the case of my own crisis planning at the National Counterterrorism Center, I tried to understand what the President, the White House and members of Congress wanted for information. But I found it’s much better to sit down and ask them, “How do you want this information? When do you want it? What information do you want first?  Who else do you think should be informed about this?” It may be difficult for some businesses to plan this way, but I think it’s important to engage customers and explain that during all these preparations to become well positioned for eventualities, you want to understand their requirements and what information they will want to know.

And internal communications is just as important. In my experience, the vast majority of people find this kind of strategic planning to be an annoyance. When you have a crisis plan developed only by the crisis planning team, it’s helpful but not nearly as useful as one developed by a broader cross section of users.

It’s incredibly important to engage stakeholders inside the organization and, sometimes, leaders have to do that with internal stakeholders by twisting their arm a little. You want to do that in a way that reduces the workload on them, but so that they understand it’s important and you need them. In the end, you will have a much better return on investment. If you leave any part of the organization out, it’s almost guaranteed that’s the part of organization that will open the plan for the first time at the moment of crisis.

During the crisis, it’s obviously about communication, communication, communication. If you can’t effectively communicate messages to employees and leaders across the organization, you could soon be faced with a workforce that thinks there is no plan. Your business crisis will quickly become an existential crisis.

Tags: , , , , , ,

Posted in Business Continuity, Disaster Recovery, Operational Resilience

Add a Comment

What You Didn’t Think About When Implementing a Telework #DR Strategy

Posted: August 6, 2012, 2:10 pm

By


Will work from home work when you need it most?

Workforce RecoveryTelework is getting more popular every year — based on current trends, with no growth acceleration, regular telecommuters will total 4.9 million by 2016, a 69% increase from the current level but well below other forecasts.[1] In fact, the US government’s Telework Enhancement Act of 2010 mandates that every department head identifies who is eligible, partially for emergency readiness, but also to reduce energy use and increase employee retention.

Teleworking has a few basic requirements:

  • A secure place to work
  • A secure computing platform
  • Sufficient and secure data bandwidth
  • Access to appropriate voice services
  • Power
  • No regulatory requirements for employee monitoring

Stockbrokers generally cannot telework due to monitoring regulations. Similarly, call center employees may need special voice equipment, although Voice over IP (VoIP) soft phones should work with many call center applications.

I am seeing more and more companies implementing telework as a workplace recovery strategy, and can’t help wondering if the planners truly thought through all the implications of their decision. When an incident occurs, it is imperative that your critical employees get back to work no matter why they cannot be in the office. And in most cases, telework will not meet this key objective.

As every business continuity practitioner knows, disasters come in three major sizes; single site, localized, and regional. Single site disasters affect one company or one building, localized disasters may affect one or a handful of city blocks, and regional disasters impact a much larger area. Some examples in the United States might be a fire in your computer room, 9/11, and Hurricane Katrina or a pandemic.

As long as your computing infrastructure is running in your data center or your hot site, telework might be a reasonable option in the case of a a single site disaster. Of course, your remote access infrastructure needs to be up, along with internet access through your contracted network provider.

In the case of a localized or regional disaster, telework could be problematic for several reasons. Unlike a traditional hard-wired phone line, there are no government uptime regulations around Internet service providers or local cable and DSL providers. When the power goes out, your landline is required to work for a minimum of 24 hours by the Federal Communications Commission (FCC) [2], but the same isn’t true for your cellular, VoIP and data connections – assuming that you have power in your house to charge your cellular device or keep your router powered up.

In a single-site disaster or a pandemic, your voice and data connections most likely will be up and your house or local coffee shop will have power. But with most of the city also stuck at home, bandwidth could be constrained by your neighbors also teleworking, playing games on their XBOX, and streaming dancing cat videos.

Telework might be okay for lower priority job functions that can be jettisoned when a larger incident occurs, but for employees that support mission critical and revenue-producing business processes, you need other options available when telework is not possible.

Commercial workplace recovery solutions may seem more expensive than outfitting your employees to work from home, but unless you have done a business impact analysis, you cannot be certain that the cost isn’t more than offset by the potential losses if your business comes to a halt.

So it may be time to take another look at whether or not commercial workarea recovery should be part of your disaster recovery plan. One phone call can bring SunGard to the table with our broad set of options including shared and dedicated seats at a recovery center, or custom-designed mobile recovery units that come to you. Be safe, and be prepared.

Tags: , , , , , ,

Posted in Disaster Recovery, Mobile Recovery Services, Operational Resilience, Recovery As a Service, Recovery-as-a-Service

Add a Comment

Network Security Threats on SMBs: What You Need to Know

Posted: July 3, 2012, 2:20 pm

By JP Blaho

The Internet, over the last two decades, has helped create a different way of interacting, transferring knowledge, and conducting business.  It has helped create a level playing field in which companies of any size, and from anywhere in the world, can compete for a consumer’s business.  This has also introduced a completely new form of risk– network security.

Network security has become one of the fastest growing sectors within IT because of the growing number of cybercriminals.  This black-market has designed a business model where the focus is on breaking into businesses via the Internet.  The intent is mainly to exploit their targets for money: whether it’s through holding a company’s network hostage via a DDoS attack, or stealing company data to sell to someone else.  The level of success achieved by cybercriminals has grown to scale so that it has become a volume business which has been estimated to be in the billions of dollars annually.  This does not bode well for organizations, especially those in the mid-market space.

As taught in Economics 101, economies of scale is good for the business achieving it, and dangerous to those who are not shielded from this success.  Initially cybercriminals were looking for and attacking organizations with large brands, solid reputations, and deep pockets.  Attention was not given to the smaller organizations whose transactions over the Internet were considered low volume.  Now that these cybercriminals have achieved a volume-based business, they are able to scale their attack to many companies of all sizes.  Would you rather sell one product for one hundred dollars or one thousand products for one dollar?  This is where cybercrime has moved.  Instead of hunting for the whales, they are casting large nets into the water.  Instead of attacking and breaching one large company, they are attacking and breaching hundreds if not thousands of organizations – many of whom do not even know the breach has occurred.

The other change is that these attacks are no longer immediate and noticeable.  The level of sophistication inherent in today’s security landscape is so intricate that cybercriminals can lay dormant for weeks or months, or slowly collect bits of data at levels which are hardly detectible.  This does not bode well for any company, but especially for the small and medium-sized organization.  Fortunately, there are many affordable tools and services out there to help SMBs monitor and prevent these attacks.  I will discuss these resources in my next post.

Tags: , , , , , , , , , , , , , , , ,

Posted in Availability Services, IaaS, Operational Resilience

Add a Comment