A panel of users at this week's Storage Networking World in Orlando said they are either having difficulty funding disaster recovery projects or are rethinking how they protect data to better ensure 100 percent reliability in restoring systems in case of a disaster.
Al Todd, senior vice president of the IT services division at Pacific Capital Bancorp. said his company is changing its disaster recovery plan by moving from an outsourced provider with a backup facility in Philadelphia to an in-house site that will be about 240 miles away from his primary data center in Santa Barbara, Calif. Todd would not name his current service provider, saying only that it's a "well-known, leading" vendor.
"Our main concern was, what if you have a disaster and you have some other banks coming into that site at the same time? Who gets first dibs? I want it to be me. It's probably not going to be me," he said. "We made a decision over this [past] two-year period to bring our disaster recovery in-house. Our disaster recovery site will now be 240 miles away. I think that's a good geographical distance apart from Santa Barbara."
IT managers indicated disaster recovery is a top issue. In an impromptu electronic poll of attendees yesterday on what projects have been cost-justified by executives but not necessarily approved, 55 percent pointed to business continuity and disaster recovery projects. Another 25 percent cited tiered storage architecture projects, while 11 percent pointed to virtualization technologies. Only 6 percent said enterprise content management efforts were seen as important enough to warrant funding, and just 3 percent said that about information life-cycle management projects.
Jon William Toigo, founder and senior analyst at Toigo Partners International in Dunedin, Fla., said disaster recovery is rarely a front-burner issue for IT organizations. It's more often an insurance policy without a return on investment, which is why such projects can be so difficult to fund.
Hal Weiss, information services systems engineer at Baptist Memorial Health Care in Memphis, said he's having trouble getting upper management to approve money for disaster recovery upgrades because of budgetary constraints.
"We're dependent on Medicaid, Medicare insurance for how much they're going to reimburse us for procedures," Weiss said. "[Also] I can't pick the applications that the organization purchases, because they're dictated by the clinicians. So sometimes an application is purchased that doesn't lend itself to a [disaster recovery] strategy. It can only be one machine running at one time for a specific task."
Yet another issue Weiss faces is that he has two storage-area networks (SAN) from two separate vendors, requiring him to have two distinct disaster recovery schemes because the vendors' network switches won't talk to each other.
Todd said one way his organization has reduced its disaster recovery costs is by classifying its data so that everything need not be replicated off-site. Only information from "critical" business systems is replicated. Todd said he allows his legal department to determine what data is critical and what isn't, which alleviates political battles with business units that want everything protected.
An issue each of the panelists identified was the need for a deletion policy.
Weiss said his hospital must save everything because it's regulated by federal, state and local governments, making it nearly impossible to determine what can be deleted.
Todd agreed. "It's an issue at the bank," he said. "We're going through the process of determining what can be deleted right now with the legal department. In the meantime, we're keeping everything."