Building a business continuity channel plan
- 07 December, 2016 10:51
Nathan Lowe (ASI Solutions)
While Australia remains aware of the need to deploy comprehensive disaster recovery plans - to prevent downtime and facilitate faster recovery time - businesses remain challenged when compiling a strategy of mission-critical importance.
Crucial to operating in 24/7/265 environments, disasters today are no longer simply of the natural variety, as the impact of man-made errors continuing to hinder enterprise.
Often human error turns an avoidable problem into a catastrophe, placing the data centre under new pressures and strains.
“Organisations are relying on their data centres more than ever before,” APC by Schneider Electric partner development manager, Beau Alderson, said.
“This places tremendous pressure on IT professionals to keep their data centre and network infrastructure running at all times.”
With zero-disruption as the ultimate goal, Alderson believes Australian management must carefully evaluate and mitigate risks to the physical infrastructure that supports a mission-critical facility.
“Without a proper disaster mitigation plan for a facility’s infrastructure, the overall business continuity plan is built on a risky foundation,” he added.
In short, Alderson said to survive tomorrow’s disaster, planning must be made today.
“Every second a data centre is offline costs an enterprise revenue, current and potential customers, and lost productivity,” he observed.
“Data centre outages can prevent online transactions, employee collaboration, data access, customer service, data back-up and recovery, and many more essential functions of a modern digital business.”
As digital transformation takes shape across the country, business leaders are starting to grasp the huge potential of digital business, and demanding a better return on their organisations' information assets and use of analytics.
Through the rise of data, and the phenomenal rate it is expected to continue increasing, organisations are struggling with traditional back-up methods that can no longer meet operational service-level agreements (SLAs).
“Businesses are now looking at rapid data protection and recovery methods such as snapshots and replication to augment or replace back-up to disk, tape or cloud strategies,” Nimble Storage Asia-Pacific and Japan systems engineering director, John Whyte, added.
“The increased reliance on IT systems has driven an expectation that data or systems are always available. Old methods of sending tapes offsite each day, and recalling them to perform a restore meant that end-users were waiting hours or days for their data.”
For Whyte, such methods no longer represent an acceptable SLA for many organisations, meaning that keeping a local copy on disk is the new normal to meet operational recovery objectives.
“Customers also have new options for business continuity and can replicate to cloud or hosted service providers rather than building their own secondary site,” he added.
As explained by Whyte mentioned, piecing together a modern-day disaster recovery plan requires a two-step process.
The first involves identifying critical applications and data, which includes interviewing different parts of the business and mapping out the dependencies on revenue generation and receivables.
“Systems such as email, that were not deemed critical 10 to 15 years ago, are now often considered mission critical, so a regular review process is also important to make sure you keep up to date,” he explained.
“Next is to map those applications to the underlying IT systems, and ultimately find a balance of recovery time and cost that suits the business.”
Yet back-up and business continuity plans must align with business strategy and operations, irrespective of the corporate agenda.
Whether through organisations increasing cloud adoption, honing in on hybrid models or deploying a digitally-focused end-user strategy, parallels must be made with the overall business requirements.
According to Eaton Australia and New Zealand power quality general manager, John Atherton, an effective preventive maintenance strategy can be one of the most cost-effective measures.
“Because regular maintenance practices improve systems reliability and performance, while notably deterring downtime, preventive maintenance is an essential component of an end-to-end solution,” he explained.
“The main costs of business continuity lies in having the expert skills sets either internally with the business or with a service provider to ensure the plans produced are closely aligned with business expectations and customer experience.”
As a result, Atherton believes downtime carries an “enormous price tag”, emphasising the critical nature of minimising interruption to business operations.
“The price tag varies not only by industry, but also by the scale of business operations,” he added.
“For a medium-sized business, the hourly cost may be lower, yet the business impact can be proportionally larger.
“Nailing down the cost of each hour of downtime varies and is based on a number of factors, such as the nature of the business, the size of the company and the criticality of its IT systems related to revenue generation.”
From a channel perspective, Oracle A/NZ storage director of business development, Sam Voukenas, said partners can now provide customer consulting practices, through to hosting and services around regular testing.
“If channel partners can look at opportunities to provide consulting around the likes of data classification, the prioritisation or risk profile of each application, and suggest the best method of back-up and business continuity,” he said.
In addition, Voukenas said the channel can help businesses take advantage of the database back-up cloud service space, where customers can utilise the same tools on-premise and back-up databases on to the cloud.
“Cloud-like offerings or hosted offerings through partners are ways to get around the high costs of business continuity,” he said.
“The partner can sell back-up for cloud or look at potentially hosting recovery appliance, for instance, to back-up customers’ environment and protect their recovery time.”
Furthermore, Voukenas outlined new opportunities around focusing on purpose built solutions at the heart of the recovery process.
“Because most businesses have their most critical workloads running on top of a database, instead of trying to back-up that information quickly, the focus should be on recovering as quickly as possible and eliminate any data lost,” he added.
From the partner side of the fence however, Tecala Group managing director, Pieter DeGunst, said the channel first needs to map out the true core systems within any company, outlining core interactions and dependencies.
“From this, the disaster recovery plan exercise can begin - modelling RPO and RTO requirements, selecting tools, vendors and most importantly, defining or integrating with existing critical incident policies,” he said.
“Selecting a tool and partner to assist can help with the ongoing testing and upkeep requirements. And this is where a partner can come in.”
Looking ahead, DeGunst sees new potential in resellers engaging with customers in a reduction of business risk conversation.
“Business continuity is a major element of reducing risk, with the ultimate goal of protecting their revenues,” he advised.
“This helps to move away from a technical conversation and towards a business outcomes conversation in terms of which services and applications a business needs available to them, and in what timeframe should a disaster occur.”
For DeGunst, there are substantial opportunities for simplified offerings to address the risks that all businesses face, while removing the operational burden for an IT team to facilitate back-up and disaster recovery platforms.
“The as-a-service business model is the perfect solution for back-up and business continuity, being on demand when you need it,” he added.
Rise of the MSP
Going forward, the future of business continuity in Australia depends on the education of channel, as outlined by StorageCraft Asia-Pacific senior disaster recovery planning architect, Jack Alsop.
Alsop believes that during the next five years, the market will experience a growth in the number of managed service providers operating across Australia, providing education takes an upward curve.
“Business continuity is going to be a huge part of the MSP business in the next five years,” he predicted.
“Any partners that want to exist need to be an MSP of some sort. But we need education now for those partners to be able to gear themselves to think this way.”
Alsop said many organisations now believe that business continuity is no longer a problem, as a result of a lack of education.
“It’s tough to be in this business at the moment,” he admitted. Two years ago, business continuity was not a difficult conversation to have because the Brisbane floods were still fresh in people’s minds and power outages were more common.
“But people have forgotten those lessons and are looking at reducing costs - it’s a part of the profitability conversation - and businesses are looking to drop business continuity cases because they don’t see value in this.
“Partners can benefit from being agile in terms of pricing, delivery, and implementation and have a range of business continuity options for their customers - it can be from the simple to the very complex.”
Partner perspective - ASI Solutions
From the perspective of the partner, the back-up and business continuity conversation has now changed between organisations and IT vendors in recent years.
Previously, it was the vendor often found trying to persuade decision makers to invest more in expensive back-up solutions, yet today, it’s the business demanding new technologies around Recovery Point Objectives and Recovery Time Objectives (RTO).
“An RTO is the amount of time that it should take to bring the IT systems back online following a disaster,” ASI Solutions managing director, Nathan Lowe, explained.
“Decision makers are becoming more aware of the risk to their businesses should an event render their IT systems unavailable, both financially and reputational.”
Lowe said there is a greater awareness within most companies not only of the business risk but also the technologies that are available to mitigate those risks.
“Software vendors of products that protect against this risk are putting greater efforts into educating business owners and decision makers of what is possible,” he said.
“Back-up and recovery software is trending right now, and for good reason. Everyone is well aware of ransomware and knows at least one person that has been affected by it.
“It is forefront of most people’s minds to ensure that they are not caught in a situation where they are forced to pay a ransom to recover the business’ data from Cryptolocker or similar.”
Consequently, Lowe believes partner can add deeper value through offering “much more than quoting” for a bill of materials to implement a back-up system and software.
“The IT vendor really should be building out a full managed service for all customer’s back-up and recovery systems, including professional services to build out a DR plan, and testing it on a yearly basis,” he added.
For Lowe, there are two questions to ask when considering a disaster recovery plan.
Firstly, what is the maximum tolerable period in which data might be lost from an IT service due to a major incident (Recovery Point Objective)?
Secondly, what is the duration of time and the service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity RTO?
“The IT vendor really becomes the trusted advisor in this capacity and has a great opportunity to win the trust and confidence of their customer when they can demonstrate the ability to bring a business back online quickly after a disaster occurs,” he added.
When the answers to those questions have been determined, Lowe said then a disaster recovery plan can be drawn up by an IT services provider.
“It is key to ensure that your IT vendor can demonstrate they have the processes in place themselves to competently do this for you,” he added.
“Demonstrable evidence that they have done this in the past is always useful. The objectives should be agreed upon and legally agreed to by your IT services provider, along with the costs to perform the tests.
“Finally, you should ensure that the DR process is actually tested, every 12 months is optimal, and that the results of the testing are documented and improvements made where required.”