Storage: No back-up means storing up trouble

By Andrew Baxter
Published: June 24 2005 13:52 | Last updated: June 24 2005 13:52

The terrorist attacks of September 11, 2001 focused the minds of chief executives and chief information officers on the nightmare scenario of being without their IT systems, however temporarily, and losing corporate data, perhaps permanently, as a result of an event beyond their control.

As each year goes by there is more data to lose. Estimates suggest the amount of data held by companies is rising by 50 to 100 per cent a year. E-mails alone add millions of data items a day to the average company’s volumes of electronic data storage.

Just to complicate matters, losing data as the result of disruption or error can have more serious consequences because of compliance regulations such as the US Sarbanes-Oxley Act.

The reality, however, is that companies’ back-up and data recovery routines tend to be triggered by events more prosaic than cataclysmic.

“One of the most common incidents involves things like floods and water damage,” says Simon Gay, consultancy practice leader at Computacenter, the IT infrastructure services provider. He recalls visiting one company in the UK whose data centre was situated below ground and was put out of action by flood.

Area exclusions, where the police cordon off streets because of an event such as a fire or a siege, can also be more than just an annoyance, he says. Having a back-up data centre little more than 1km away, as was the case with one company caught up in such an incident, proved to be less than inspired.

Losing data permanently appears to be rare, and depends on the type of storage system installed, while its importance depends on the type of business involved, says Alastair McAulay, a managing consultant at PA Consulting Group, the management and technology consultancy. He recalls one financial services company that suffered little more than an hour’s power outage, but was left with a permanent hole in its historical data sets.

Recovering quickly from an event of this sort is what corporate back-up and recovery systems are for. But the complexity of modern data storage systems means there is no simple solution, nor are companies starting from the same point. “Most organisations’ data centres have evolved and are continuing to evolve,” says Mr McAulay.

He points out that incidents are more likely to involve parts of an organisation rather than the whole company and this can make decision making in a crisis more difficult and complex. Another financial services client suffered from simultaneous, multiple power failures at the end of last year and while it had back-up arrangements, switching over to them in those situations is never as straightforward as it seems, says Mr McAulay.

Carolyn DiCenzo, a vice-president at Gartner Research, the IT researcher, says improving recovery remains a priority for most companies. One area of concern that emerged from a recent Gartner survey involved data protection for remote offices where only 22 per cent of respondents were satisfied with their recovery solution.

“Recovery is often a problem for remote offices, with back-ups not being done properly or not usable for some reason when needed,” says Ms DiCenzo.

Both Ms DiCenzo and Mr Gay at Computacenter say companies should take advantage of new disc based technologies to back up data, rather than rely on conventional tape based technologies. “Anyone relying on tape based recovery woefully underestimates the time taken to recover,” says Mr Gay. “It’s a triumph of hope over experience.”

The cost of disc technology is tumbling while the technology is improving, he adds. Many companies have attempted to solve data storage problems by buying more capacity, says Mr McAulay, but a better solution is to have a data storage manager to control the amounts of data and ensure only what is necessary is kept. “Companies should be asking themselves ‘What data should we recover in an emergency? What do we prioritise?’ and no vendor solution will give them that sense of priority,” he says.

Mr Gay agrees, pointing out that too few business continuity plans involve the business.

“Companies need to understand what is critical in the event of a disaster,” he says. “There is a lack of steer from the business, and to say ‘everything is critical’ is nonsense.”