Musings During A Hurricane: Why We Still Need Workforce Continuity Plans In A Mobile World

I'm having a frustrating day. It's only partly because there is a hurricane raging outside and I'm cooped up inside with a hyperactive dog. The main source of my frustration is my inability to communicate with the outside world. Yes, I still have power, and the Internet, but unfortunately, with cell networks overloaded, no landline (hello, this is 2012), and VPN failing, I can't seem to talk to anyone. At least comprehensibly. Of course, since I'm a resilient and resourceful employee, I've tried everything from GoogleTalk to Skype to our internal VOIP systems all with no success. Who would have thought in this modern era of the anytime, anywhere worker, that I would be rendered mute?

Read more

What Makes A Resiliency Program Mature?

I've been tackling an interesting challenge recently: how to define a mature business technology resiliency (aka disaster recovery)  program. It's something I've been thinking about for years, but it was only a few months ago that I sat down to develop a concrete framework that enterprises could use to compare themselves to. Yes, I know there are existing frameworks for defining what maturity is for a business technology resiliency program, but in my model, I was trying to accomplish the following:

  • Simplicity. Without going overboard, I wanted to put together a model that could be completed within a few hours, rather than something that would take weeks to complete. The tradeoff, of course, is that this model is much less detailed than others. However, with many conflicting priorities, I know that many IT leaders can't take the time to fill out an assessment the length of the last installment of Harry Potter.
  • Objectivity. One of the benefits I have at Forrester is the ability to address this from a vendor-neutral perspective. I have no ulterior motives with this model and no vendor allegiances that could influence the outcomes.
  • Process-orientation. I strongly believe that a mature business technology resiliency program is built on a bedrock of repeatable, standardized, and streamlined processes. In the model, you will see there is a section on technology maturity, but the emphasis overall is on the process components.
Read more

Resiliency Is No Longer Optional

In today’s world of 24x7x365 global operations and competition, downtime results not only in immediate lost revenue and productivity, but also in lasting damage to corporate reputation that erodes customer confidence in your brand. No organization is immune: with ever increasing risks and more dependence on technology, major outages are becoming more common and more costly. We've reached a critical juncture where resiliency is more critical than ever because: 

  • There is less tolerance for downtime — of any kind. BC/DR historically focused on events such as natural disasters, extreme weather, major IT failures, critical infrastructure failures, pandemics/epidemics, and other events that have a low probability of occurring but have a very high impact on the business. However, in today’s world of global, 24x7x365 operations and intense competition, downtime, regardless of whether it’s a natural disaster, a simple hard drive failure, or a security breach, is unacceptable. The business doesn’t care what caused the downtime; instead, it wants service restored as quickly as possible with as little data loss as possible, regardless of which groups are responsible for the execution.
Read more

How Too Much Of A Good Thing Can Spell Disaster

It should come as no surprise that websites thrive on traffic. So naturally, it follows that driving traffic to your site is a strong motivation for any company looking to grow their web presence. However ironically, driving traffic to your site can also be a double-edged sword if your infrastructure is not properly prepared to handle the load. This means that, strangely, popularity can actually become a potential cause of an outage.

Yesterday, popular Internet forum and message board Reddit discovered this firsthand.In an interesting campaign move, President Barack Obama graced the site with his presence by doing an “Ask Me Anything” (AMA) thread, a message thread in which commenters submit questions and the original poster responds. Word about this rare opportunity to send the President of the United States a direct message spread across social media like a wildfire, leading to a massive spike in traffic that ultimately brought down Reddit a mere few minutes into the life of the thread. Current figures show that their number of unique connections and pageviews both more than tripled compared to their typical traffic. Eventually the site came back online and the AMA progressed as usual.

Read more


Cloud-Based Disaster Recovery: Demystified

There has been a lot of buzz around using the cloud for disaster recovery lately, and with good reason -- it's a new and compelling approach to fast recovery. However, along with any hype comes a certain amount of confusion, so I set out to get some clarity on what cloud-based disaster recovery really is. The core feature of any cloud-based recovery is that ability to actually recover at the providers' location using their cloud assets. Just copying data there is not true recovery. I also realized that the term "cloud-based disaster recovery" was too broad, and that actually solutions fall into one of three categories:

  • Do-it-yourself (DIY): Using the public cloud to architect a custom failover solution leveraging the agility and speed of the cloud.

  • DR-as-a-service (DRaaS): Prepackaged services that provide a standard DR failover to a cloud environment that you can buy on a pay-per-use basis with varying rates based upon your recovery point objective (RPO) and recovery time objective (RTO). Data is either sent using backups or replication.

  • Cloud-to-cloud disaster recovery (C2C DR): The ability to failover infrastructure from one cloud data center to another, either within a single vendor's environment or across multiple vendors. 

Read more

Dell Gets Serious About Backup & Recovery For SMBs

I woke up this morning to interesting news: Dell announcing that they acquired backup software company AppAssure, marking the first acquisition made by John Swainson, the new president of Dell Software Group. This is actually the second significant announcement from Dell this year around backup. A little more than a month ago, the company also came to market with a new SMB backup appliance, the DR4000, based on IP from Ocarina (acquired in 2010). These two announcements in quick succession, coupled with the late 2011 news that Dell will no longer be reselling EMC Data Domain, signals that Dell is finally getting serious about addressing the backup and recovery market.

Read more

It’s Time To Add Hacking Into Your Disaster Recovery Plans As A Potential Risk For Downtime

Right now, the internet probably seems like the Wild West.  Hackers are roaming around, seemingly attacking websites on a whim.  Most recently, groups like Anonymous, the Jester, and Lulz Security (LulzSec – now supposedly disbanded) have been attacking and successfully taking down web sites of all types.  Government and corporate, public and private, anybody seems as though they can be a target for these attacks.  While their reasons for attacking a site range from political statement to simply for the fun of it, hacktivists and black hat trouble makers alike, the end result is that hacking is now a real cause of downtime.

Read more

100% Uptime, Always-On, Always-Available Services, And Other Tall Tales

We live in a time when customers expect services to be delivered non-stop, without interruption, 24x7x365. Need proof? Just look at the outrage this week stemming from RIM's 3+ day BlackBerry service/outage impairment. Yes, this was an unusually long and widespread disruption, but it seems like every week there is a new example of a service disruption whipping social networks and blogs into a frenzy, whether it's Bank of America, Target, or Amazon. I'm not criticizing those who use social media outlets to voice their dissatisfaction over service levels (I've even taken part in it, complaining on Twitter about Netflix streaming being down on a Friday night when I wanted to stream a movie), but pointing out that now more than ever infrastructure and operations professionals need to rethink how they deliver services to both their internal and external customers.

Read more

Disaster Recovery, Meet The Cloud

Disaster recovery-as-a-service (DRaaS), in my opinion, is one of the most exciting areas I look at. To me, using the cloud for disaster recovery (DR) purposes makes perfect sense: the cloud is an on-demand resource that you pay for as you need it (i.e., during a disaster or testing). Up until now, there haven't been many solutions out there that truly offered DRaaS--replicating physical or virtual servers to the cloud and the ability to failover production to the cloud provider's environment (you can read more about my definition of DRaaS in my recent TechRadar report), but so far today, we've seen TWO new DRaaS platforms announced from VMware and SunGard! Here's a quick roundup of what was announced today:

  • VMware. VMware announced at VMworld that they will be making their popular Site Recovery Manager (SRM), a DR automation tool, available as a service through hosting and cloud partners. At launch, participating partners are FusionStorm,, iland, and Veristor.  Benefits: Built into the VMware platform. Limitations: VMware specific.
Read more

The Great Infrastructure And Operations Divide

What percent of your IT budget do you spend on "keeping the lights on"? If you're anything like a typical company that I work with, the answer is more than half. That doesn't leave much money for spending on new initiatives and projects — in fact, in 2010, the average IT organization spent less than 25% of their IT operating and capital budget in these categories. Most companies that I speak with tell me they wish it was more, but they get constantly caught up in the day-to-day "firefighting" which leaves little time and budget to spend on new innovations, more proactive measures, and new initiatives. And the treadmill just keeps getting faster and faster as more projects are piled on with little or no additional budget to help implement them.

Read more