Home > Cover Story> Full Story

Business continuity - A new approach
Dr. Uday Shukla

P R O F I L E

Dr. Uday Shukla is Director, IBM Global Services India (IGSI), the Exports division of IBM India that offers strategic solutions to address core business issues and provide tactical support and consulting worldwide. He holds a Ph. D. from Indian Institute of Science, Bangalore and is a senior member of IEEE, Fellow of Institution of Engineers (India) and Fellow of IETE. He has also published several papers in leading international journals.

Organizations should look beyond disaster recovery and focus on business continuity instead

The recent tragic events in the United States are a wake-up call for organizations to look beyond disaster recovery and focus on business continuity. Any enterprise using e-business to acquire and distribute products is dependent on both its own technology and that of its suppliers. Protecting critical business processes, with their complex interdependencies has thus become as important as safeguarding data itself. But until recently, classic recovery planning focused on restoring centralized data centers in the event of disaster. It did not address the need for continuous operation of key business processes.

This is grossly inadequate for distributed computing environments we work in, where critical business data can be found on desktop PCs and departmental local area networks (LAN), not just in the data center.

Cost of downtime
According to a report by Strategic Research Corporation, a Californian market research and consulting firm, the financial impact of a major system outage is enormous:

• $6.5 million per hour for a brokerage operation
• $2.6 million per hour for a credit-card sales authorization system
• $14,500 per hour in automated teller machine (ATM) fees if the ATM system is offline

New York-based research firm FIND/SVP calculates the average financial loss per hour of disk array downtime at $29,301 in the

securities industry; $26,761 for manufacturing; $17,093 for banking and $9,435 for transportation.

More difficult to calculate though, are the intangible damages a company can suffer: lower productivity, delays in key project timelines, diverted resources, regulatory scrutiny and a tainted public image.

The goal for companies with no business tolerance for downtime is to achieve a state of business continuity, where critical systems and networks are continuously available, no matter what happens.

This means thinking proactively: engineering availability, security and reliability into business processes from the outset not retrofitting a disaster recovery plan to accommodate ongoing business continuity requirements.

The proactive approach
Few organizations have the need or the resources to assure business continuity equally for every functional area. A company that implements a single business continuity strategy for the entire organization is probably under-prepared, or spending money unnecessarily.

The key to business continuity lies in understanding the business, determining which processes are critical to staying in that business, and identifying all the elements crucial to those processes.

Specialized skills and knowledge, physical facilities, training and employee satisfaction, as well as information technology, must all be considered. It is by thoroughly analyzing these elements that a company can accurately identify potential risks and decide to accept, mitigate or transfer those risks.

In-house or outsource?
Companies using an in-house approach implement data mirroring, redundant storage arrays and other high-availability techniques to create duplicate online copies of data.

But to provide true continuity for critical business processes, not just critical data, they must also:

• Ensure sufficient latent capacity will be immediately available to assure rapid failover and recovery.
• Test capacity availability without disrupting ongoing operations.
• Install redundant network capacity dedicated to business continuity.
• House failover equipment in a separate location from main production equipment and provide further redundancies, like sourcing electrical supplies from different power grids.
• Establish and maintain relationships with vendors to assure quick delivery of replacement PCs, network hardware, furniture and telephones in the event of a facility-wide disaster.
• Secure adequate funding from end-user departments to implement and maintain adequate business continuity protection.
• Acquire, train and retain skilled personnel to manage complex interdependencies and specialized elements ofbusiness continuity.
• Make adequate provisions for adding recovery support staff in the event of a regional or natural disaster.
• Using a technology solution provider for part of, or for all these requirements is attractive for companies that prefer to focus on already scarce resources for driving revenue-growth.

By establishing a long-term strategic relationship with a world-class services provider, companies gain a competitive advantage through a customized continuity plan while avoiding costs of

keeping up with technology and training.

In addition, engaging a provider enables organizations to:

• Leverage a provider's extensive investments in latest technology, continuous improvements to methodologies, and skilled people.
• Benefit from expertise gained in solving problems for clients with similar requirements.
• Remove expensive, redundant technology assets from the balance sheet.
• Use a provider's backup facilities and resources; take advantage of a provider's economies of scale on assets, resources and procurement to achieve significantly less risk and lower costs of operation.
• Concentrate on achieving core business growth objectives.

Business continuity is so vital to business success now that it can no longer remain a concern of the IT department alone. Downtime can seriously damage a company of any size, and the reputation of its key executives, in the short and long-term.