It is extremely difficult to predict future events, but when the unexpected happens – from fire to a major terrorist incident, it does pay to be prepared for every eventuality. Consequently, disaster recovery planning services (DR) can provide a vital lifeline to individuals and organizations when disaster strikes. Additionally, as business operations are now increasingly conducted online, the necessity for reliable disaster recovery planning in the field of computer operations has become more acute. It has become imperative that businesses can completely recover their IT systems to a state in which they can support the business after a disaster or catastrophic event such as a DDoS (denial-of-service) attack.
A recent research study on business continuity (BC) and disaster recovery(DR) services, carried out by IDC (Middle East, Africa, and Turkey), reveals an increased demand for these services among many organizations in the GCC and Qatar. IDC predicts that projected spending on managed DR services will grow at a CAGR of 19.7 percent, 19.2 percent, and 24 percent within the UAE, Saudi Arabia, and Qatar markets respectively during the period 2012-2016.
There are a number of drivers triggering businesses to embrace DR and BC planning in the Gulf region. One primary driver is the extensive regulations that are currently imposed by governmental authorities. For example, all banks in Qatar have stringent directives from the central bank to own a DR site, and serious financial penalties are levied in the event of a failure to comply with such directives.
Other core drivers that lead to organizations investing in effective DR strategies are risk management and sustainability. Recent cyber-attacks in the energy sector, and upon government organizations, have resulted in significant rises in data loss, with the result that many organizations are now reflecting on more effective DR plans.
Saudi Aramco, a leading international oil provider, experienced the most severe cyber hack in world history in 2012. The scale of the hack is still hard to comprehend, as in a matter of hours, 35,000 computers were either partially wiped or damaged beyond repair, a situation that essentially threatened the future of the entire company. Qatar is the third country after Saudi Arabia and Turkey in the Middle East and Africa region (MENA) that is most frequently targeted by cyber-attacks. In the first half of 2014, Qatar faced almost 2,000 cyber-attacks according to Fire Eye, a major player in the area of cyber security.
According to Veeam Data Center Availability Report, companies risk losing between USD 4.4 million and USD 7.9 million in lost data and applications failures each year, and the resulting operational downtime can cost between USD 1.4 million and USD 2.3 billion a year in lost revenue. This leads to reduced productivity and lost business opportunities, and the total annual cost of downtime and data loss can reach more than USD 10 million a year.
Gregg Petersen, the regional director, (Middle East and SAARC), for Veeam Software, states: “In addition to these financial losses, there is the risk of damage to an organization’s reputation; something that is very difficult to measure in pure financial terms but which can cripple an organization, setting it back years and putting it at a decided disadvantage with regards to the competition.” He goes on to add: “A good disaster recovery plan can prevent this from happening.”
According to a recent study carried out by EMC, an alliance partner of Riverbed Technology, business enterprises globally lost a total of USD 1.7 trillion in 2014 due to downtime and data loss. As Elie Dib, managing director, MENA at Riverbed states: “In today’s world, where every second of downtime can entail significant business losses, a near instantaneous recovery helps minimize the impact of disasters on operations, productivity, and brand image.”
Data centre and test plans – the key to a holistic solution
There is no doubt that a more holistic approach to disaster planning and business recovery is required, which combines both the latest technology with tried and tested principles of incident prevention, detection, response, recovery and restoration. As Petersen points out: “Regular tests after physical disaster recovery procedures as well as automated data protection tests can both reduce costs and ensure that, regardless of what might happen, a “modern” business is not paralyzed by disaster.”
He goes on to say that, when implementing a disaster recovery solution, many companies encounter difficulties as a result of bad configuration of these principles. Bad configuration leads to poor implementation, and when this is the case, the result is slower recovery times. It is essential that businesses take the time to rigorously test their disaster recovery solutions so that they can operate without suffering operational downtime due to slow recovery.
The maintenance of up-to-date data centres has also become a vitally important factor in the business world. Current data growth is between 30-50 percent per year, and, to cope with these demands, companies are building increasingly modern data centres and investing in state-of-the-art server virtualization, storage applications and cloud-based services in pursuit of higher speeds, more efficient use of existing resources and possible cost savings. Petersen mentions that without a clear, comprehensive policy in place and full visibility within the data centre as it grows, vast and potentially critical swathes of data could be insecure.
Dib also notes the importance of an advanced data centre, and comments that, for enterprises today, the largest portion of their business is conducted at branch offices. Traditionally, the IT requirements of these branches have been met by deploying IT infrastructure such as servers, storage, networking and security devices at the branch offices themselves. Not only does this entail significant CapEx and OpEx, arising out of the need to deploy and manage these systems, it also introduces vulnerabilities to the system as a whole, as data stored at branch offices is historically less secure than that stored in the main data centre.
Realizing this, organizations have begun to invest in backup and recovery solutions for their branch offices, and this has increased their capital and operational expenses. With the new technologies that are available today, such as the Riverbed SteelFusion solution, organizations can centralize their data and their applications in their main data centres. IT departments can then project virtual servers and data to the branch, providing for local access and performance while data is actually stored in centralized data centres. Dib adds, as a consequence of this approach: “In the case of a disaster at the branch, no data is actually lost and as the applications are hosted in the central data centre, all IT operations can be restored at the branch in a matter of minutes.”
Challenges to effective planning
Developing an effective disaster recovery plan can pose a real challenge, and statistically, many disaster recovery plans fail to adequately protect organizations. According to Veeam’s Data Center Availability Report, at the critical moment of an attack or a catastrophic event, one in seven backups fail to restore companies to full operational capacity precisely at the time when they are needed the most. Identifying and addressing obstacles and potential weak points is a key issue, and considering them fully is vital to developing an effective strategy that can be relied upon when it really matters. Petersen says: “If not properly secured, the backup infrastructure itself can serve as a back door to pass completely undetected through regardless of the stringent security policies organizations have worked so hard to put in place.”
And companies who have already adopted plans need to test their systems continuously, as changes constantly appear in their internal technology. Unfortunately, only one in 20 organizations consistently perform the manual task of backup testing. Dib says: “What a lot of organizations don’t realize is that disaster recovery planning is not a “once and done” exercise. With exploding data volume growth, increasing application complexity, and lessening business tolerance for downtime, what worked for your disaster recovery plan two years ago is likely to be insufficient for today.”
Petersen goes on to point out another challenge relating to the formation of effective and reliable data centres. He says it is ironic that many areas of those centres still rely on legacy infrastructure and older technologies which inhibit the network from functioning at optimal levels and leads to data loss, longer recovery times, unreliable data protection, a lack of transparency and the inability to correctly analyze IT traffic. “Legacy backup solutions are failing to meet the demands of the Always-On Enterprise. Organizations need a holistic ‘availability’ approach for their entire enterprise and not just a pieced together, ad-hoc design using legacy systems.”
A recent trend in the market has seen the rise of service providers to meet the needs of disaster recovery systems. Many businesses are now outsourcing their IT disaster recovery functions, not only to safeguard their data centres from failure, but also to save money and boost efficiencies. The adoption of outsourcing services is becoming increasingly popular in the international market, particularly in the USA, which has become a leader in this field. Gulf countries are also rapidly creating and adopting these outsourcing services.
According to the IDC report, process improvement, best practices, higher efficiencies, agile processes, cost reduction, and faster responses are the key drivers to the adoption of outsourcing services in the GCC. And organizations in Qatar are also intent to take up outsourcing at an even faster rate than organizations in the GCC.
Adriana Rangel, research director for systems and infrastructure solutions at IDC (Middle East, Turkey, and Africa) states: “There is a shift in mindset currently underway, with customers increasingly utilizing third-party data centre providers for their hosting requirements in a bid to avoid making large capital investments. In order to capitalize on the increasing demand for hosting services, Qatar has seen a surge in investments in data centre space, as providers aim to offer new and innovative services to their customers while maintaining high-quality and strong service delivery capabilities based on international standards.”
For corporations and businesses today, safety first is key. They have realized the harsh truth that, when disaster of any kind strikes in the real or virtual world, it is too late to regret not having procured the necessary safety and recovery solutions that are necessary to prevent disaster in the first instance, or at least to manage and recover from it properly. Every year, valuable lives, property and data are lost, and a great deal of that loss could be avoided by the adoption of the correct procedures and preventative measures necessary to the avoidance or proper management of the crisis in question.
Maintaining uninterrupted business operation in the event of a catastrophic event is crucial, as disasters are inevitable, and organizations are recommended to have sound DR strategies in place to prepare for them. There can be little doubt that, in the field of disaster prevention and business continuity, the old adage that ‘prevention is better than the cure’ is particularly true.