Business continuity and Disaster Recovery Planning

Business continuity and Disaster recover are amongst the most unpleasant task of the business planning. They also offer some of the highest paybacks. Disaster planning is often neglected by the companies. It provides enormous business value and protects our assets. Too often when asked how they prepare for an emergency, companies will say that they backup their data every day. But, this is not enough. For example, it’s not uncommon for companies to back up their system and lock the backup tapes inside of fire retardant system. Fires are among the most common catastrophic disasters to affect businesses. But although these systems are fire proof, they won’t stop the backup tape from melting. In order to be effective, backups must be taken to an offsite location. Few statistics reveal that, 80% of the companies that suffer critical data loss will close their door within two years.

In addition to data protection, there are number of legal public relations, organizational and safety consideration which must be taken into account. In the chaos of an emergency, the broken window effect might come into play. Normally ethical employees might see an absence of authority and leadership as an opportunity for a fraud or theft. Every department in the company must contribute to the disaster plan. Disaster planning is a business issue, not an IT issue. IT department have the greatest insight into company-wide business process, so IT should be tasked with the disaster planning. But despite this a plan must be developed and implemented with top down support across all organizational departments. Without this insight and cross departmental participation, it is impossible to put together the proper plan.

The Disaster recovery plan stipulates, how a company will prepare for a disaster?  What the company response will be in the event of the disaster? And, What steps will it take to ensure that the operations will be restored? This plan must include many possible scenarios, since the causes of disaster can vary greatly. These can include things such as deliberate criminal activity, natural disaster such as fire, a stolen laptop, power outages, a terrorist attack, etc... There are hundreds of possible disaster scenarios and they vary based on cultural, geography and industry. It is also important that the disaster recovery plan be distributed across the organization so that everyone know the role within the plan.

The business continuity plan is a fairly new methodology that stipulates what steps a company must take to minimize the effects of service interruption. Back when companies were primarily paper-driven and information processing was done using batch processing, companies could tolerate a few days of downtime. But as technology became faster and cheaper, companies began computerizing more of their critical business activities. Companies needed to have systems in place that would minimize the impact of unplanned downtime. The first major event to demonstrate the importance of business continuity planning was the Y2K crisis. Since then, it’s been a standard function of corporate IT planning. One typical example of business continuity would be the electric generators used by hospitals to ensure that patients can still be cared for in the event of a power outage.

Reference: https://www.youtube.com/watch?v=qfjWhAmWYL8

ISO 27001

International Standard for Organization (ISO) 27001 is a management framework for protection of business – critical information. According to ISO 27001, Information security is defined as the preservation of Confidentiality, Integrity and Availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved. Confidentiality means, only the authorized person can access certain information. Integrity means, only the authorized person can change and add the information in a specified way. Availability means, the information has to be available to all the person who need them in the specified time.

Information Security Management System (ISMS) is a systematic approach to managing confidential or sensitive corporate information so that it remains secure. ISO 27001 is an ISMS standard that replaced BS77799-2:2002 in late 2005. It formally specifies an ISMS that is intended to bring information security under explicit management control. Also it is the best practice specification that helps businesses and organizations throughout the world. It adapts Plan-Do-Check-Act (PDCA) model.

Why should organization care about ISO 27001?

Reason 1: Compliance. ISO 27001 can bring in the methodology that enables organizations to comply in the most efficient way. Certification is often the quickest ‘Return on Investment’ – if an organization must comply to various regulations regarding data protection, privacy and IT governance (particularly it a financial, health or government organization).

Reason 2: Marketing Edge.  In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could be indeed a unique selling point, especially if you handle client sensitive information.

Reason 3: Lowering the expenses. Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruption in service, or occasional data leakage, or disappointed employees or disappointed former employees.

Reason 4: Putting your business in order. ISO 27001 is particularly good in sorting out those thorny management system issues -  it forces you to define very precisely both the responsibilities and duties, and therefore strengthen your internal organization.

Reference: https://www.youtube.com/watch?v=eN5MtSq89Hs

Data Center Construction Costs

When considering the expenses of building and the ongoing management of a data center, you can usually bank on about sixty to eighty percent of your investment going to:

• Telecommunications cabling and systems
• Ventilation and cooling systems
• Electrical cabling and related equipment
• Electronic security systems

There are some critical data center construction costs which take a back seat in the minds of many data center executives during the design and planning phases leading up to breaking ground for construction.

Here are six significant capital costs you should consider when preparing your data center business plan.

1. Structural Elements: Just like the human body needs to have air, blood circulation, and a nervous system, it wouldn’t function without skeletal structure. The overall weight of servers, racks, cooling ducts, and cabling in a data center needs strong “bones” to support the load, with minimal impact on available space. The raised flooring, walls, and high ceilings of well-designed facilities need to be built to withstand earthquakes and extreme weather such as hurricanes or tornadoes. Using columns, beams, and other framing materials which don’t just meet, but exceed standards will protect your investment, and possibly reduce insurance costs or provide you with opportunities to win the trust of prospective clients.
2. Office Space for Clients Working Onsite: Your clients will often need to set up a temporary work space while getting their gear installed and tested. Providing conference rooms or desk space for development and testing and other amenities for clients when they come onsite is often forgotten, but an important value add. These facilities can also serve your own needs, when hosting data center tours, interviewing personnel, and having planning meetings for on-boarding new customers.
3. Modular, Adaptable Racking: Server hardware refreshes, upgrades, and expansions can occur frequently in a successful data center. Installing server racks and surrounding walls which can adapt to changing client needs can be another value-added service to differentiate your data center from your competition. Scalability to provide higher tiers of service, ranging from co location to managed, and fully managed Network Operating Center (NOC) monitored services, requires a facility which can be configured in multiple different ways. Racks which can be expanded and clustered, to adapt to changing capacity requirements is important.
4. A Strong Foundation: Just like structural elements, the concrete foundation which supports a data center is vital. For purposes of load bearing, lessening the impact of earthquakes, and providing opportunities for raised floors for cabling are elements of construction which should be considered early in the design process.
5. Fire Detection and Suppression Equipment: With all the electrical systems which power a data center and the backup systems, should primary systems fail, wet and dry fire suppression equipment needs to be widely available. Smoke and fire detection systems need to alert both onsite staff as well as local first responders to prevent extensive damage.
6. Site Logistics Costs: Where a data center is located relative to local airports, shipping routes, telecommunications infrastructure, and power lines are all considerations outside of a data center proper. Should you need to arrange for significant new cabling and the excavation costs to go with it, you could need to significantly adjust your construction budget.

Data Center Virtualization and Standardization

The demand for IT services continuous to rise, while IT budget remains flat. This makes it increasingly difficult to manage the growth especially with the complex IT infrastructure. Maintenance and Management increases the total cost of ownership, because the applications cannot scale easily when built on isolated resources. Data Center standardization, consolidation and virtualization is the key to breaking down the capital expenditure, eliminating inefficiencies and meeting increasing growth demands. At every level of the data center from compute, to storage and to networking there is need for rapidly provisioned on demand capacity that is reliable, highly available and highly scalable so that IT can deliver virtualization economics across the entire data center.

            Server virtualization allows physical servers to be partitioned into multiple virtual servers. Each virtual servers runs its own operating system and applications. Server virtualization facilitates management, improves scalability and reduces capital expense by reducing the number of physical servers in the data center. Virtual server growth has led to an increase storage and network demands. To maintain, we have to use the proven principles of abstraction, pooling and automation can be applied to standardize the storage and network layers. With software defined storage, physical storage is decoupled from virtual workloads. Storage resources are then abstracted to enable pooling, replication and on demand distribution for higher availability. The result is a storage layer which is standardized, aggregated, flexible, efficient and scalable. With software defined networking, the logical network is decoupled from the physical network topology. This allows IT to treat the physical network as a pool of transport capacity that can be consumed and refurbished on demand. As we move into the mobile cloud era, same tools and process use to virtualize and consolidate you’re on premise data center can be used to facilitate your move to the hybrid cloud. In the hybrid cloud architecture services from multiple heterogeneous provider can seamlessly be managed as a part of single virtual cloud.

            

             Managing future growth while reducing cost and complexity is no longer impossible. Data center virtualization and consolidation helps your IT team reduce capital expenditure and eliminate inefficiencies on route to meeting increasing growth demands and delivering virtualization economics across the data center. And ultimately expanding to the hybrid cloud will lead to new services and business innovation.