|DeMarco has noticed a “chasm between business units and the IT community.”|
IBM classifies two objectives that management must consider in determining their business-continuity tolerance, Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is the one that readily comes to mind for recovery?how soon must the business be up and running following an outage? Management must determine a time, whether it’s an aggressive 48 hours or longer so IT can set up its procedures accordingly. RPO, on the other hand, is something that people tend to neglect, says DeMarco. How much data can the business afford to lose in the interim between an outage and recovery? How fresh must the data you’re recovering be? If you’re only as good as your most recent backup, how valuable is that data when it’s one or more days old? With synchronous mirroring, for example, a financial company could recover its data with only one transaction missed.
“When IT is allotted its budget each year, it must take business continuance expenditures into account and leverage these costs to identify and address the most important risks to the enterprise,” says DeMarco.
While research firms posit the percentages of IT budgets for business continuity, IBM holds no opinion on the acceptable amount of risk a company should have. “The only real honest answer is ‘it depends’,” says DeMarco. He explains that even with two companies that are identical in size and revenue, it’s not safe to assume they’d have the same business continuance plan. There’s the human element?different people accept different levels of risk, just like two people driving the same type of car can carry different insurance deductibles.
|IT must know the business-critical priorities of their companies and apply them to the technology and application recovery priorities within their own units.|
While the concept of IT recovery may conger up images of hurricane damage or terrorist attacks, DeMarco says another risk, performance degradation, is as equally challenging to understand and manage as a complete outage. Citing a company phrase, ‘two clicks and you’re fired’, he explains that a user on the Web clicks once in a site’s search engine and with the next click the user has replaced that site if its performance isn’t robust enough.Remembering September 11
The IBM business model is based on a simple motto: people, processes, and technology. The people aspect of that equation is sometimes overlooked during a business recovery, when processes and technology are at the front of the mind. But the human factor has made September 11 unlike any other event in DeMarco’s experience. The human toll has made the recovery effort and the resulting interest in IBM’s Business Continuity and Recovery Services a distressing and uneasy time. DeMarco would not quote numbers of victims out of respect for the families, but IBM had 1,200 customers within a three-block radius of the World Trade Center.
|The human factor made September 11 unlike any other event in DeMarco’s experience. IBM had 1,200 customers within a three-block radius of the World Trade Center.|
The majority of calls were requests for end-user workspace. Customers needed desks, phones, chairs, PCs, etc. to continue to operate their businesses. Some 50,000 employees were displaced from the World Trade Center proper and another 50,000 from surrounding areas, say DiMarco. Calls came in from customers who needed help setting up equipment and others who needed a place to send their employees.
DeMarco also worked through the ice storms that devastated Canada and parts of the U.S. Northeast early in 1998 and through Hurricane Floyd’s impact on the Southeast in September of 1999. During the ice storms people were at home with their families trying to keep warm with all the outages in utilities and in the days before Floyd struck people were taking their families and fleeing the Gulf coast. In both cases, regardless of how quickly companies in those areas could recover from the damage, their staffs would not be around to do the work. Again, the people aspect of business continuity was on the back burner.