2011 was a bad year for natural disasters. Several nations were rocked either by earthquakes, tidal waves, or floods. There was even a nuclear accident. But has the tumultuous year convinced businesses to bolster their disaster recovery?
Several large scale natural disasters have recently struck countries such as Japan, New Zealand, and Thailand, causing both the local populations and businesses to face different levels of hardship. But through surviving and rebuilding, important lessons were learned and shared with others, and this is especially true for the IT sector.
The good news according to IDC infrastructure group senior analyst, Trevor Clarke, is that despite power issues, the infrastructure itself in Japan survived the 2011 Tohoku earthquake and tsunami remarkably well.
“They have placed a big priority as a country on their data centre and network infrastructure in particular as being critical element of their economy, so that stood up really well,” he said.
Clarke admits that Thailand has struggled with the floods late last year and is still recovering. However, he pointed out that in general Thailand did not have “as a mature” IT industry and infrastructure as Japan or New Zealand did, since it is still an emerging market.
New Zealand, outside of Christchurch, was also reasonably intact in the wake of its 2011 earthquake. “It’s true that Christchurch itself is taking a while to recover,” Clarke said. “There are some datacentres which were fine, but overall they’re very much in a recovery phase now and things are looking up.”
While the recent Acronis Global Disaster Recovery Index 2012 has shown that the response to and recovery of business IT from these crisis varies by geography, Acronis Pacific general manager, Karl Sice, said that overall, global confidence in SMBs’ backup and disaster recovery has grown by 14 per cent over the previous year, with Japan near the top of the leader board.
“In fact, our survey shows that 78 per cent of Japanese SMBs have little concern that their backup and disaster recovery will fail, perhaps a sign that when put to the test the country is largely prepared for disaster,” he said.
A recent Gartner study has also revealed that 40 per cent of businesses who encounter a disaster and lose access to their data for more than 24 hours go out of business completely, a number that rises to 93 per cent for those who lose access for more than 10 days.
As such, CommVault Asia-Pacific and Japan vice-president, Gerry Sillars, has seen the recent disasters force organisations to re-focus on their modes of operation within data centres and prioritise value of technology in that perspective.
“We have seen organisations in Japan and New Zealand investigating DR solutions off-shore, especially in countries like Australia,” he said. “What has been historically an uncommon practice due to data sovereignty legislation and potential costs has now been seen as a necessity for some businesses.”
While Sillars admits that some businesses are looking to move to newly fortified datacentres, others are beginning to finally understand the value of a service-level agreement (SLA) based approach to computing through Cloud vendors.
“As an example of this, we are seeing many customers in these countries if not already moving critical data into the Cloud, at least building a strategy which includes a staged approach to moving data assets into a fortified setup offered by reputable Cloud vendors,” he said.
Sillars adds that this staged approach often includes moving backup data digitally, as opposed to “tapes on a truck” for example, replication and archival services into the Cloud.
Domestically, Brisbane suffered disastrous flooding in 2011, forcing many businesses in the area to scramble to protect their data and recover from the disruption. Acronis found that on the whole businesses have recovered reasonably well from the flooding, with Sice stating that more resellers were involved in “after the fact” disaster recovery (DR) planning, and a number of resellers re-positioning themselves as DR specialists.
When faced with the questions of what Australian businesses have done to improve their backup and disaster recovery operations as a consequence of natural disasters in 2011, Sice has seen this come down to testing backups more regularly, implementing a full-scale business continuity plan, and investing in a third party data centre.
“As a result, Australian businesses confidence in backup and DR increased by 136 per cent from the previous year,” he said.
Sillars portrays Australia as a nation that prides itself on being a tough, “get on with it” nation, and he saw this exemplified in a much more explicit way in the post-flood business environment in Queensland.
“I was personally astounded and touched by the stories of resilience and community support that we understand our customers and partners were involved in,” he said. “However, a business’ success is very much dependent upon its ability to communicate with its customers, so the question is not ‘can I recover’, but ‘how long will it take to recover’ and ‘what are the ramifications of an outage.’”
The Brisbane flood also forced a lot of organisations to re-prioritise some of their projects, so rather than focus on new initiatives, organisations decided to allocate budgets to ensure their DR capabilities are in order.
“It is important to consider that however much is made of IT outages during disasters, most outages are caused by human error, application and systems failures and data corruptions caused by updates, patches and the like,” Sillars said.
As such, he feels that IT organisations must build platforms which can withstand these failures as well as outages caused by disasters.
One year on, Clarke said businesses in Brisbane had recovered “remarkably well” from the disaster and proved the resilience of Australian businesses. “Obviously, there’s always going to be some who were impacted more than others and they’re the ones who have been hit hard,” he said.
“A couple of data centres and supply chains were affected, with SMBs affected a bit more than others.”
My country, my data
In countries such as Japan, data sovereignty has always been an issue, with businesses traditionally wanting to store their data domestically.
But with the 2011 Tohoku earthquake and tsunami, one might imagine that the nation would change its mindset and been open to keeping data off-shore instead of locally.
Clarke, though has seen the status quo remain, pointing out that Japan’s datacentre infrastructure was not really affected by the 2011 disaster. “It held up really well across the country, and most of them had failover sites in various areas,” he said.
As a result, in terms of data sovereignty, Japanese infrastructure and companies remain “very much attuned” to supporting local businesses.
“What’s important to Japanese companies, especially the large ones, is how they are operating overseas and how they are extending out from the domestic market,” Clarke said. “That’s where you start to see more interest in where the datacentre is located, as they want to get the best service levels out to their companies and the most economical infrastructure in place.”
That does not mean that things are exactly the same as before the earthquake, as CommVault has seen many large Japanese organisations now looking at moving their production datacentres to other countries, often into a Cloud provider in locations such as Singapore or even as far, on a geographical scale, as Australia.
“Japanese government and multinational corporations understand that maintaining the status quo is now not feasible due to the fact that the unthinkable, aka the perfect storm of disasters, can happen,” Sillars said.
This is what has forced Japanese businesses to look at the security of their data in a much more critical way, which Sillars sees as a classic example where technology is capable of changing the mindsets of conservative thinkers and show organisations what consumers may have known for some time.
“They realise that that the world is really flat, and SLA’s and security of data are all that matter, and not where the data reside,” he said.
“The rest of the region and even the world will learn from the Japanese experience and no doubt follow.”
Recovering from Christchurch
As in Japan, the primary concern in New Zealand following its earthquake was the rescue and well being of the people of Christchurch. But once that initial phase was over, they then went about the task of getting businesses operational again.
Sillars was in Christchurch recently and witnessed firsthand these “extraordinary stories of bravery in the face of extreme adversity” that were carried out by extraordinary people.
“There is absolutely no doubt that the events in Christchurch last year and the subsequent road to recovery have led to organisations understanding the importance of protecting their data assets,” he said. “We see in New Zealand more than anywhere that move to secure datacentre and Cloud or MSP environments.”
Despite the devastation caused by the Christchurch quake, Clarke feels that it is not enough to change the entire country’s mindset when it comes to data sovereignty.
“There were some customers that had to shift work load from New Zealand to Australia, or other data centres within New Zealand,” he said. “But in terms of data sovereignty, that’s a long term conversation not only at an organisation level, but also on a regulatory and national level.”
Clarke also said New Zealand haf put into place an Infrastructure-as-a-Service government panel, which it has already selected two local providers for that.
“So they are very much trying to support the local industry and the data sovereignty conversation is still playing out,” he said.
As such, Clarke predicts a lot of organisations will start to accept that regardless of whether they think it “matters or not where the data is located,” as people like to have facilities located in the country which they operate.
Acronis has found that awareness of DR has been on the rise, not only because of what happened in Japan, but also in our backyard in New Zealand.
However, Sice emphasises that execution is key to recovery. “Similarly in Australia where we see a big increase in the confidence level, but most SMBs are still lacking the right procedures and policies, as well as offsite backup strategies,” he said. “That’s why Australia is still below the global average in the Acronis Global DRI Index 2012.”
A lesson well learned
The problem with DR, according to Sillars, is that the “short term thinking” of some vendors has not allowed organisations to take advantage of the “leaps and bounds” made in bandwidth speeds, virtualisation and other areas.
As a result, he said vendors need to do more and provide customers need with a business case for DR, which includes a full ROI study and stated service levels based on their business’ Recovery Time and Recovery Point Objectives (RTO/RPO).
“If one vendor cannot provide a mitigating business case, there are others who can,” Sillars said.
Even though Acronis has seen more and more businesses take extra steps towards their backup and DR practices, Sice points out that the spending on DR solutions is about the same as last year, comprising 10 per cent of the IT budget this year compared to 11 per cent last year.
“Awareness and action are always different things,” he said. “Clearly businesses continue to struggle with their allocation of finances, despite their valuable data is growing at an insane pace, recently estimated at nearly 40TB a year.”
While businesses realise the importance, the reality is that they always have something more urgent to invest in. According to Sice, that means that 15 per cent of Australian businesses are still spending nothing on DR.
“Vendors not only should continue to educate businesses, but more importantly, to introduce new technologies and cost-effective yet simple-to-use solutions that will really help businesses address the backup and DR challenge,” he said.
While the recent disasters have shed a light on the importance of DR, Clarke said businesses were already convinced of the importance of DR well before 2011.
“Most businesses have some sort of a DR plan in place, and if you’re a large enterprise, then that’s certainly the case,” he said. “SMBs may have a smaller focus on that, and that’s where some of the assistance can help from the vendors, service providers or resellers.