A wake-up call for information technology, communication consumers for evolving robust alternatives in times of crises.

Superstorm Sandy has come and gone. It has left several scars as lakhs of people and businesses in the US States are beginning to recoup the losses. Of all the losses the businesses and industry suffered, it is the impact on IT infrastructure and communication that stood out. Scores of data centres were flooded, telephones snapped and mobile phones went silent.

Several firms were reduced to being silent spectators as their Web sites and networks went offline, denying their customer services But what has this storm taught IT consumers IT service providers too in India? Having a Plan-B in the form of a well-planned disaster recovery strategy is now on top of the agenda of many IT companies. But experts warn that having a Plan-B such as only hosting data in data centres is not enough. One should have a proper, cost-effective, well thought-out back-up strategy to keep in touch with consumers, customers and relevant stakeholders.

And, it’s not just about disasters such as Sandy and Nilam. Business face challenges every once in a while in the form of political unrest, uprisings and natural calamities. Companies are under tremendous pressure to ensure continuity of services, irrespective of the problems they face.

Safe than sorry

The moment of truth for the end-user is realisation of a service need. Any failure could prove very costly in the form of financial and reputation losses.

Chella Namasivayam, Chief Information Officer of iGATE, points out that the basic necessity is to have a strong business continuity plan in place for natural and other disasters in order to mitigate disruptions to business.

“The Indian IT industry is largely export-driven and this is the case for us at iGATE where a significant part of our revenues come from the US. During natural disasters such as Hurricane Sandy, it is key to continuously stay in touch with customers and have a strong team to monitor and secure their information as well as have a back-up disaster recovery exercise to control the situation as much as possible, he points out.

“At iGATE we have a six-member strong team that is regularly in touch with the customers to monitor and secure their data during a situation like Hurricane Sandy. Disaster recovery during natural calamities is a critical delivery aspect for us,” he says.

He strongly recommends an evenly spread out vendor-base. “You should not wholly dependent on any one provider or geographic location. If customers on the East Coast are impacted, back up their critical data to the servers on the West coast.

Also, have more than one service provider to supply telephones and power. “Our services are backed by a couple of different service providers. If one provider is affected, we will always have a back-up provider to take over,” he adds.

Sid Deshpande, a senior analyst with research firm Gartner, says companies and organisations have begun appreciating the importance of building strong back-ups to take care of emergency situations.

“It is not proper to say that all of them are not prepared. We should look at it from a vertical perspective. Companies with a strong financial vertical have evolved robust Plan-B strategies. Some other verticals such as retail have not focused yet their attention,” he says.

Requirements too vary, depending on the business activity. “Storing data on a remote location in itself might not be sufficient. What if the communication network to those data centres is impacted? If you are storing the data in the same city, you might be hit if the city is caught in a calamity. If it is in the same region or State, a catastrophe like a power grid collapse could impact the data centre equally too,” he points out.

There’s no fixed strategy. One needs to evolve a strategy based on the specific needs their businesses demand.

“One should have a 360 degree view on disaster recovery. In some cases, storing data might be enough so that one can replenish the systems with that data. In other cases, companies may be required to ensure uninterrupted services. Those in the latter category need to run mirror sites so that they can fall back on them in times of crisis. The kind of services you offer call for instant recovery,” Sid says.

Safety standards

This, in fact, leaves many CIOs in a spot. How much of your data and what kind of data could be located outside? Storing the data outside of a country could be much more complicated. Several countries, including the US and European Union countries, bars some critical data to be located outside of their sovereign boundaries.

Who is going to take the responsibility, in case of breaches or damages to data?

The industry has come out quickly with standards for data centres based on the level of security counted on various parameters.

“These challenges times have also been appreciated by the standards committee and for the first time an ISO standard has been released for the business continuity named ISO 22301,” a senior official of the CtrlS, a leading data centre, says.

This standard tries to capture Disruptive Incident, Documented information, Maximum Acceptable Outage (MAO), Minimum Business Continuity Objective (MBCO), Maximum Data Loss, Correction. The previous standard which the industry was used use is BS25999, he says.

It boils down to two-three areas of concerns. Companies have to focus on business continuity in human resource continuity, IT infrastructure continuity and work area recovery, he adds.

Innovative models that provide disaster recovery (DR) over cloud too are evolving. It, however, is easier said than done. It ultimately would add costs to the company to have a DR mechanism. One needs to assess the risk perception accurately and chalk out a DR plan that suits one’s requirement.

kurmanath.kanchi@thehindu.co.in

(This article was published on November 8, 2012)
XThese are links to The Hindu Business Line suggested by Outbrain, which may or may not be relevant to the other content on this page. You can read Outbrain's privacy and cookie policy here.