Disaster recovery plans are floundering in the SME and enterprise sector, because many businesses fail to look at the short, medium and long-term objectives of a complete disaster recovery plan. This lack of foresight is what will eventually kill the business, not just the actual disaster.
An organization's failure to keep regular (at times bi-annual) DR procedures and schedule real-life testing often blindsides a company's plan, according to users and vendors at a roundtable on Tuesday at the Storage Networking World conference in Sydney.
Robert Flux from the Websense engineering department believes businesses approach DR as an insurance-like purchase, and see it only as an "expense you have to spend in the hope you never cash it in".
Robert Davis, senior vice president of storage management for CA, said what brings organizations unstuck the most is failing to test the disaster recovery scenario regularly and as a result, most organizations are less well prepared than they think.
"We [CA] did a survey of a user group, which was representative of about 50 of the top 200 companies in the world; 70 percent of them were not confident they could recover in the event of a disaster and a lot had to do with the fact they did little to test their scenarios," Davis said.
"Creating a 'virtual' disaster to see if you can recover from such an event seems to be the status quo, but those that do [test] maybe have one or two simulations a year, and ultimately they don't feel comfortable about the plan.
"A big part of testing is understanding that disaster recovery is not about an event, but about setting up processes and getting people in place to manage it on a regular basis."
Martin Barbary, strategic initiatives manager for Adelaide University, was directly involved in a disaster recovery exercise last year for a client of Adelaide University.
Barbary said it is hard to test all scenarios of a disaster recovery plan and that is the critical problem.
"You need to do real testing and it is great to do a benchmark exercise, but there is nothing like a real-life scenario," Barbary said.
"Organizations think they are prepared, but a very big client of ours rang me a few months back and said it was having a simulated disaster and would be at its disaster recovery site (Adelaide University) in about 20 minutes; two-and-a-half hours later the team rolled up.
"Everyone in the organization was given a little plastic card with an address of where to go in the event of a disaster, then four streets away from us they burst into the wrong building. The disaster recovery exercise fell apart progressively after that and about three hours later the company cancelled the whole exercise and hoped it never had a real disaster."
Eli Salant, vice president of IT for Millennium Copthorne Kingsgate Hotels, said a common issue with disaster recovery plans is packaged solutions some vendors offer. Salant said before kits can be sold to an end user, vendors should have a thorough understanding of their business.
"For us in the hotel industry, a disaster means I cannot check a guest in and out, so in a disaster recovery plan all I want to do is have SQL Server located somewhere so in the event of a disaster I can just re-route a telecommunications link," Salant said.