Tuesday, March 22, 2011

Biles’ Hierarchy of Disaster Recovery Needs

by Simon Biles

Having failed to keep up with my New Year’s resolution of being more organised (the observant of you might have noticed the absence of a February column), it’s nice to be able to move into a new season – spring is with us and in the UK at least, that seems to mean a return to below freezing nights and having to defrost my car each morning. Roll on global warming I say! It never ceases to amaze me how quickly the UK grinds to a halt when we have a little inclement weather, you’d think that we’d be used to it by now – but over December I had the absolute pleasure of being stuck in Edinburgh because there was the wrong amount of snow on the runway or something like that. Luckily, we had contingency plans in place and, after 48 hours we were back at home in Oxfordshire. We were certainly fortunate - we passed hundreds of people in the airport who weren’t going anywhere and had no other option but to wait it out. In vast contrast, in the Middle East over the last few months, not only has the weather been hot, but so has the political climate, and I have been amazed by the speed with which the ruling governments have acted to cut off the internet.

The tenuous link? Business Continuity Planning and Disaster Recovery Planning. It doesn’t take long if you watch the IT News before you come across a good example of bad BCP/DRP – my favourite this month was Vodafone but this is just a retelling of an old story. The fact that a major organisation (a) had a single point of failure in the first place and (b) couldn’t fail it over to another, backup site immediately is more than a little embarrassing. Vodafone are in quite a privileged position though, whilst their outage is clearly damaging to their image, in real terms, their clients are tied into long term contracts, it was one day out of service out of a year, and their clients' capability to demonstrate their own BC/DR plans (e.g. use a landline) mean that they are unlikely to lose much business from the mistake. For a smaller outfit however, the loss of even one component (like your laptop or examination machine) could cripple you for days and potentially lose you significant business. I, personally, suffered a hard disk failure on my MacBook Pro (under Apple Care, but not a quick fix – two weeks) and although I had full backups of everything to within 24 hours, I had to go and source a temporary machine to restore them to in order to carry on working. In fact, in light of the fact that I _didn’t_ have a BCP/DRP, I bought a second, smaller & cheaper, laptop that I could bring into play should the main one fail again.

Before I go on, I should clarify that there is a difference between BCP and DRP – one (BCP) tends to be used for aspects of failure, such as a hard-disk failing, the other (DRP) is in the case of catastrophic events, such as your building burning down. In my experience most people don’t have adequate of either, however there is a lot of common material between the two, and I’m going to continue this article from more of a DRP perspective...

Read more at http://www.forensicfocus.com/simon-biles

No comments: