Inside Track: BC and DR – the test imperative
4 August 2017 | 0
Along with many other aspects of IT – compute, storage, infrastructure of course, software – the as-a-service model of distribution has been revolutionary for companies accessing disaster recovery (DR) and business continuity (BC).
Where once disaster recovery meant backing up with tapes on a daily or weekly basis and physically moving them off site for safe keeping, now it is possible to have all that happen automatically through the cloud. In addition to this, there are other market forces at play and influencing the way in which DR and BC are offered in Ireland, according to Ian Wood, global senior director of product marketing and solutions for Veritas.
“It’s a bit of a cliché but digital transformation is putting a lot of pressure on IT to deliver services in a much better way. That’s a big trend overall, along with not just the movement of services to the cloud but also applications,” he said.
“That’s changing the way in which organisations think about continuity and disaster recovery and back-up—they need solutions that work with the cloud so they can reduce the cost of storing data or having duplicate applications or duplicate datacentres on the go.”
At the same time, he said, companies are also dealing with many more applications than before.
“We see a lot of the market shaping to solutions that support both traditional workloads but also new next generation workloads. Those are really the bigger trends, but overall continuity as a whole is a growing trend because companies are more exposed to their technology and modern digital business just can’t afford downtime,” said Wood.
The need to reinforce resiliency in the systems used to power day to day business has created more market opportunities for vendors capable of delivering services around it.
“There is a trend for organisations to look at resiliency or disaster recovery as a service, so there’s a natural evolution for partners in the ecosystem that have been delivering back-up as a service to go that step beyond and provide an outcome-based offering that looks at recovering your applications in the event of a disaster or an outage,” he said.
While all service providers can provide some version of the same DR and BC services, it’s ultimately up to the customers to try to foster and maintain a company culture that values preparedness. There’s only so much a third party can do if that culture is missing from the client company.
“Traditionally disaster recovery has been very inwardly focused—it’s been about companies recovering their internal systems. However, that’s starting to change and now the drive towards digital transformation means that more and more companies are servicing their customers online with mobile apps,” said Carmel Owens, general manager with Sungard Availability Services.
“All of a sudden, consumers have become very demanding and the kind of reputational damage that can befall a company that suffers a public outage is significant. The onus on organisations to keep their systems available and up and running for customers now is massive.”
The result is that the many high-profile outages that have taken place in recent times have left a lasting mark on the psyches of companies large and small.
“They have a big impact, not just on customers but on company morale and on reputation. Companies don’t want to give their customers a reason to leave them so they absolutely have to make sure that their digital presence is available,” said Owens.
According to Sungard, IT environments are becoming more complex with both on-site and cloud-based technology co-existing. The challenge lies in maintaining and securing that mix of infrastructure, and central to that is the idea of testing.
“According to the Disaster Recovery Preparedness Council, there’s a 35% DR test success rate, but ours is over 80%. That’s a huge increase and even then, it includes first time tests, which is why it’s not 99%,” said Owens.
“We’ve done about 13,000 invocations since 1999—and we now do about 74 every year around the world. So, we’ve done an average of one and a half invocations every week since 1999.”
This is something with which Wood of Veritas agrees, going on to suggest that testing is a neglected aspect of the DR and BC business.
“The big thing when I speak to customers around disaster recovery is the need to test. There’re so many headline news articles around this area, whether it’s security breaches or airlines with booking errors or whatever that there is a real need for organisations to make sure they’re resilient,” he said.
“And the biggest gap I see is testing because that’s the only real way you know that in the event of a failure things are going to be resilient. That’s another area that we see a shift in.”
Wood added that while there is a shift to automation in application recovery requiring less manual intervention, there is a need to make sure that organisations understand their own dependency on those applications and then make sure they test them.
“Testing can be rather intrusive so the trend is to have better and more interesting ways of doing it without the levels of intrusion that interferes with doing business. For example, there is software out there that has knowledge bases that understand components of applications and understand where resilience is required,” he said.
“They can then map other kinds of real life customer scenarios looking at those databases and then giving you a warmer feeling of readiness for a disaster.”
Testing for resiliency presupposes that a company has a disaster recovery and business continuity plan to test. However demonstrably that is often not the case, or at best, if there is a plan it is neglected.
“If you take something like ransomware, that’s a particularly voracious problem. A ransomware attack locks up your system, encrypts it and removes your ability to do business. You either have to pay the ransom or restore your system from backups and suffer the consequences,” said Michael Conway, director of Renaissance.
“If everybody was backed up, in great shape and able to restore, they would never have to worry about ransomware because they would always be in a good position to recover from a ransomware attack.”
The reality however is that many companies that get hit with ransomware attacks find themselves in trouble because they’re not adhering to best practice when it comes to disaster recovery and business continuity. Their backups are old or unreliable and they’re simply unable to restore their systems to a point before the attack hit.
“As times change, the technologies we are all using change but right now, it costs just a few thousand euros to protect a small business. That’s what a laptop used to cost a few years ago and still people will say ‘that’s a lot of money,’ said Conway.
“But if you’re a business turning over €500,000, €1,000,000 or €5,000,000, then is it really a lot of money? But that mind set is still out there and the world is still largely run by accountants.”
Meanwhile those companies that can offer industrial-strength data centre security and resiliency have benefited in recent years as these things have increased in value to the average company. To deliver these disaster recovery and business continuity benefits, a growing number of partnerships have been formed.
An example of this in operation is the way that Sureskills works with IBM in the Irish market to deliver solutions built on the VMware platform.
“We have around 50 data centres around the world, and a cloud platform that offers infrastructure at a global scale, with the ability to provision VMware workloads. At the same time Sureskills has particular expertise in the VMware space in Ireland with a large client base and a lot of trusted client relationships,” said Ronan Dalton, cloud adoption leader for IBM Ireland.
“This allows them to build out disaster recovery solutions leveraging VMware technologies, but on a cloud service provider that can give them the scale that they need to offer these solutions to their clients.”
The key to this relationship is IBM’s ability to provision bare metal machines in its cloud and data centre.
“The global private network that interconnects IBM cloud data centres globally means that we can give insight into the latency that exists between the data centres that we have worldwide,” said Dalton.
“We can do things like not charge for the traffic across that network between our datacentres which means that as you are building a DR solution, you are replicating workloads from one data centre to another and there’s a much more cost-effective opportunity to do that with IBM because we’re not going to charge you for that traffic across the network.”