Last week there were several of outages that got me thinking more about the cost of downtime. I get this question a lot: what is the industry average cost of downtime? I hate answering "it depends," but that's the truth. So much depends on the organization, the industry, the duration of the downtime, the number of people impacted, etc. And not all of it is about dollars and sense. Reputation, customer retention, employee satisfaction, and overall confidence can be shaken by even a short outage. Take, for example, the New York Times' mysterious outage on August 14, 2013, of around two hours. While two hours might not seem like much, in the middle of a news-heavy weekday, it made a lasting impression. The stock dropped, twitter exploded, and the Wall Street Journal dropped their paywall to try and capture readers. In this case, I argue the biggest impact of downtime was not the drop in stock price, but the loss of confidence and loss of competitive advantage.
The recent flooding in Uttarakhand, India reminded me of last November 2012, when I was in Boston during hurricane Sandy, which ravaged the US East Coast. There’s a lot of similarity I can draw between New York and Mumbai - both have a large number of key data centers in close proximity to business centers, both are quite vulnerable to floods, and both have a history of terrorist attacks.
Regardless of continent and country, the number of natural disasters is increasing. As stated by the United Nations Office for Disaster Risk Reduction (UNISDR) Head for Asia Pacific, extreme weather events are likely to become both more frequent and severe in the future. Asia Pacific (AP) in particular is the world's most disaster prone area. Apart from Uttarakhand there have been a number of natural disasters in the last decade, including the Tsunami and Earthquakes in Japan, Floods in Thailand, and the Mumbai Floods in 2005. Floods are the most common natural disaster, followed by extreme storms and earthquakes. In the case of hurricane Sandy, dozens of data centers in the New York City metropolitan area were impacted.
Have you heard the big news? Data is growing at an insane pace. Ok ok, this isn't really news, I hear this almost every day. But what many people don't realize is that one of the guiltiest culprits behind data growth is actually backup data. Between 2010 and 2012, the average enterprise server backup data store grew by 42%, while file storage (which is often the scapegoat of data growth) grew by 28%. And with more and more mobile workers, it's no surprise that PC backup storage is also growing at an explosive rate, almost 100% over the past two years.
Backup data growth being what it is, it's no surprise that a lot of people are re-evaluating their enterprise backup software. That's why I recently embarked on Forrester's first Wave on Enterprise Backup and Recovery Software. As part of that report, I developed a list of key criteria that are necessary to evaluate your backup and recovery software. At a high level, here is what I came up with:
Data reduction capabilities and scalability. What data reduction techniques does the product support, and how well do these techniques scale?
Backup targets. What targets and backup methods does the solution support?
Advanced backup options. What advanced backup options does the solution support?
Encryption. What are the native backup encryption and encryption key management capabilities? What encryption solutions does the product integrate with?
The world may or may not be ending on December 21, 2012. I'm not an expert on the ancient Maya (although I've climbed many Mayan pyramids and have long been fascinated by their history, see proof below), but I've heard a rumor that this week marks the end of the Long Count calendar, meaning a new era begins on Friday, December 21, 2012, bringing a new civilization. Also, potentially a planet called Niburu might crash into the earth (although NASA has confirmed they have seen no evidence of this).
So, what's your plan? Will it be a space ark? A time machine (i.e., a TARDIS)? Wormhole (a la Fringe)? Should you consider sending your data to Mars? How do you even prepare for the unknown, the black swan events that are highly improbably, but highly disruptive?
A little more than a week after Hurricane Sandy barreled through the Eastern seaboard, I wanted to take a moment and share some of my thoughts on business technology resiliency* and how we fared during this significant weather event. While there are still over a million people without electricity and significant recovery efforts underway, I'm overall impressed with the level of resiliency and preparedness many organizations exhibited during (and since) Sandy. I stress resiliency over recovery here because I believe that is the future of disaster recovery and business continuity. Our official definition is: “The ability for business technology to absorb
On Monday, Hurricane Sandy slammed into the East Coast of the United States, flooding entire towns in New York and New Jersey, triggering large-scale power outages and killing at least 17 people. The health and safety of individuals is the first and foremost priority, followed by the recovery of critical infrastructure services (power, water, hospital services, transportation etc.). As these services begin to recover, many business and IT leaders are wondering how they will resume normal operations to ensure the long-term financial viability of the company and the livelihoods of their employees and how they will serve their loyal customers.
Most likely, if you have offices that lie in the path of Hurricane Sandy, you are experiencing some sort of business disruption, large or small. The largest enterprises, especially those in financial services, spend an enormous amount of money on business, workforce and IT resiliency strategies. Many of them shifted both business and IT workloads to other corporate locations in advance of the storm, proactively closed offices and directed employees to work from home or a designated alternate site.
If you are small and medium enterprise and, like many of your peers, you didn’t have an alternate workforce site, robust work-from-home employee capabilities, an automated notification system or a recovery data center, what do you do now? While it’s too late to implement many measures to improve resiliency, there are several things you can do now to help your organization return to normal operations ASAP. Here are Forrester’s top recommendations for senior business technology leaders:
I'm having a frustrating day. It's only partly because there is a hurricane raging outside and I'm cooped up inside with a hyperactive dog. The main source of my frustration is my inability to communicate with the outside world. Yes, I still have power, and the Internet, but unfortunately, with cell networks overloaded, no landline (hello, this is 2012), and VPN failing, I can't seem to talk to anyone. At least comprehensibly. Of course, since I'm a resilient and resourceful employee, I've tried everything from GoogleTalk to Skype to our internal VOIP systems all with no success. Who would have thought in this modern era of the anytime, anywhere worker, that I would be rendered mute?
I've been tackling an interesting challenge recently: how to define a mature business technology resiliency (aka disaster recovery) program. It's something I've been thinking about for years, but it was only a few months ago that I sat down to develop a concrete framework that enterprises could use to compare themselves to. Yes, I know there are existing frameworks for defining what maturity is for a business technology resiliency program, but in my model, I was trying to accomplish the following:
Simplicity. Without going overboard, I wanted to put together a model that could be completed within a few hours, rather than something that would take weeks to complete. The tradeoff, of course, is that this model is much less detailed than others. However, with many conflicting priorities, I know that many IT leaders can't take the time to fill out an assessment the length of the last installment of Harry Potter.
Objectivity. One of the benefits I have at Forrester is the ability to address this from a vendor-neutral perspective. I have no ulterior motives with this model and no vendor allegiances that could influence the outcomes.
Process-orientation. I strongly believe that a mature business technology resiliency program is built on a bedrock of repeatable, standardized, and streamlined processes. In the model, you will see there is a section on technology maturity, but the emphasis overall is on the process components.
At the recent Disaster Recovery Journal Fall World conference, I gave a presentation of the state of BC readiness. I had some great discussions with the audience (especially about where BC should report), but one of the statistics that really stood out for me and I made it a point to emphasize with the audience, is the state of partner BC readiness.
According to the joint Forrester/Disaster Recovery Journal survey on BC readiness, 51% of BC influencers and decision-makers report that they do not assess the readiness of their partners. If this doesn’t shock you, it should. Forrester estimates that the typical large enterprise has hundreds of third-party relationships – everyone from supply chain partners to business process outsourcers, IT service providers and of course cloud providers. As our reliance on these partners increases so does our risk – if they’re down, it greatly affects your organization’s business performance. And with the increasing availability of cloud services, the number of third parties your organization works with only increases, because now, business owners can quickly adopt a cloud service to meet a business need without the approval of the CIO or CISO and sometimes without the approval of any kind of central procurement organization.
Even among those organizations that do assess partner BC readiness, their efforts are superficial. Only 17% include partners in their own tests and only 10% conduct tests specifically of their critical partners.