> Cover Story> Full Story
continuity - A new approach
Uday Shukla is Director, IBM Global Services India
(IGSI), the Exports division of IBM India that offers
strategic solutions to address core business issues
and provide tactical support and consulting worldwide.
He holds a Ph. D. from Indian Institute of Science,
Bangalore and is a senior member of IEEE, Fellow of
Institution of Engineers (India) and Fellow of IETE.
He has also published several papers in leading international
should look beyond disaster recovery and focus on business
The recent tragic events in the United States are a wake-up
call for organizations to look beyond disaster recovery and
focus on business continuity. Any enterprise using e-business
to acquire and distribute products is dependent on both its
own technology and that of its suppliers. Protecting critical
business processes, with their complex interdependencies has
thus become as important as safeguarding data itself. But
until recently, classic recovery planning focused on restoring
centralized data centers in the event of disaster. It did
not address the need for continuous operation of key business
This is grossly inadequate for distributed computing environments
we work in, where critical business data can be found on desktop
PCs and departmental local area networks (LAN), not just in
the data center.
According to a report by Strategic Research Corporation,
a Californian market research and consulting firm, the financial
impact of a major system outage is enormous:
$6.5 million per hour for a brokerage operation
$2.6 million per hour for a credit-card sales authorization
$14,500 per hour in automated teller machine (ATM) fees
if the ATM system is offline
New York-based research firm FIND/SVP calculates the average
financial loss per hour of disk array downtime at $29,301
securities industry; $26,761 for manufacturing; $17,093 for
banking and $9,435 for transportation.
More difficult to calculate though, are the intangible damages
a company can suffer: lower productivity, delays in key project
timelines, diverted resources, regulatory scrutiny and a tainted
The goal for companies with no business tolerance for downtime
is to achieve a state of business continuity, where critical
systems and networks are continuously available, no matter
This means thinking proactively: engineering availability,
security and reliability into business processes from the
outset not retrofitting a disaster recovery plan to accommodate
ongoing business continuity requirements.
Few organizations have the need or the resources to assure
business continuity equally for every functional area. A company
that implements a single business continuity strategy for
the entire organization is probably under-prepared, or spending
The key to business continuity lies in understanding the business,
determining which processes are critical to staying in that
business, and identifying all the elements crucial to those
Specialized skills and knowledge, physical facilities, training
and employee satisfaction, as well as information technology,
must all be considered. It is by thoroughly analyzing these
elements that a company can accurately identify potential
risks and decide to accept, mitigate or transfer those risks.
Companies using an in-house approach implement data mirroring,
redundant storage arrays and other high-availability techniques
to create duplicate online copies of data.
But to provide true continuity for critical business processes,
not just critical data, they must also:
Ensure sufficient latent capacity will be immediately available
to assure rapid failover and recovery.
Test capacity availability without disrupting ongoing operations.
Install redundant network capacity dedicated to business
House failover equipment in a separate location from main
production equipment and provide further redundancies, like
sourcing electrical supplies from different power grids.
Establish and maintain relationships with vendors to assure
quick delivery of replacement PCs, network hardware, furniture
and telephones in the event of a facility-wide disaster.
Secure adequate funding from end-user departments to implement
and maintain adequate business continuity protection.
Acquire, train and retain skilled personnel to manage complex
interdependencies and specialized elements ofbusiness continuity.
Make adequate provisions for adding recovery support staff
in the event of a regional or natural disaster.
Using a technology solution provider for part of, or for
all these requirements is attractive for companies that
prefer to focus on already scarce resources for driving
By establishing a long-term strategic relationship with a
world-class services provider, companies gain a competitive
advantage through a customized continuity plan while avoiding
keeping up with technology and training.
In addition, engaging a provider enables organizations to:
Leverage a provider's extensive investments in latest technology,
continuous improvements to methodologies, and skilled people.
Benefit from expertise gained in solving problems for clients
with similar requirements.
Remove expensive, redundant technology assets from the balance
Use a provider's backup facilities and resources; take advantage
of a provider's economies of scale on assets, resources
and procurement to achieve significantly less risk and lower
costs of operation.
Concentrate on achieving core business growth objectives.
Business continuity is so vital to business success now that
it can no longer remain a concern of the IT department alone.
Downtime can seriously damage a company of any size, and the
reputation of its key executives, in the short and long-term.