Visit any company today and you are likely to find business and IT managers confronting the same challenges. Call them the “C-4” issues: cost-containment, compliance, continuity and carbon footprint reduction (reduced IT energy consumption, also called green IT). Sometimes, the latter two are subsumed in the former two categories, with green IT construed as a matter of cost-containment, and continuity subsumed under the compliance umbrella.

Regardless of the taxonomy, the C-4 issues are the key drivers that will shape IT for the next few years, raising challenges and opportunities for how business continuity and disaster recovery planning efforts will be pursued.

As one of the four C’s, continuity planning remains high on management’s list of things to do, often a consequence of regulatory mandates for data preservation and protection that will likely increase in number over the next year. Still, having a regulatory requirement to develop an effective disaster recovery plan is not, in and of itself, enough to ensure effective planning, or even the funding of programs over time. In fact, there are many companies that are taking full advantage of “deferrals” – the ability to satisfy auditors temporarily (for a year or two) with the promise of a plan, rather than the actual implementation of planned strategies. While not a permanent hedge, such deferrals can move the budgeting of resources from this year to next while sparing management the regulatory stick.

Truth be told, even in good times, senior management doesn’t much like to spend money on continuity plans because they offer no tangible or immediate return on investment. This view is reinforced in the present economy which sees most firms are carefully husbanding their purses.

That fact has two implications for DR planners: first, it means that “business-savvy” must be added to the list of prerequisites for anyone doing planning today. Business-savvy planners must learn to see things the way that the Front Office does, and regardless of their passionate desire to build a world class continuity capability and to get it funded and implemented immediately, be patient.

Secondly, it means that planners may need to consider expanding the scope of what constitutes traditional DR planning. Traditional DR planning focuses narrowly on reducing risk to organizations by preventing avoidable outages and by ameliorating the consequences of natural and man-made interruption events that cannot be avoided or prevented.

DR Planning or Data Management?

So, what does expanding the scope mean?

For one thing, it may mean calling the disaster recovery planning or business continuity planning something else entirely. Remember that effective planning requires, first and foremost, the development of an intimate understanding of the business processes you are seeking to protect and restore. As a practical matter, you need to understand business processes and what they mean to the company in order to create and prioritize recovery objectives. You also need to understand the support infrastructure associated with business processes – applications, networks, hosting platforms, and storage – so you know what to protect and recover.

Most importantly, you need to understand your data. Data, like personnel, are irreplaceable assets. Without data, no business process recovery is possible. The problem is that most folks in the back office (where the responsibility for DR is typically vested) have no idea what data needs to be protected because there is no clear map between data and applications. The situation worsens as technologies like server virtualization and Fibre Channel fabric storage obfuscate even further the connection between the two.

That said, a key job of the planner, and one that must be accomplished before designing any sort of recovery strategy, is to understand what data supports which business process. Only then can appropriate protective services be applied to that data — based on an intelligent assessment of the data’s association with critical business processes.

Data Genome Analysis

Data inherits its importance like so much DNA from the business process it supports, so it stands to reason that you must start your plan with a sort of “data genome analysis.” The good news is that this analysis has many potential payoffs for the organization, beyond continuity planning. It is critical, in fact, to addressing strategically all four of the C-4 issues.

To contain costs in IT, for example, we need to forestall the acquisition of more gear to host burgeoning data. Through the data genome analysis effort, we can identify data assets that belong in archives or that could be purged altogether, returning up to 70 percent of expensive disk capacity to productive use and deferring the need to buy more spinning rust.

From a compliance strategy perspective, the data genome analysis must be undertaken to identify data assets that require special handling per legal and regulatory requirements. For example, most companies don’t know what data needs to be encrypted to comply with regulations, so they encrypt it all. This is a costly endeavor and one that is problematic from the standpoint of tape restoral timeframes where decryption can add up to a 40 percent hit on the time required to restore data from tape.

Conversely, absent an understanding of the compliance requirements of data, companies may be using technologies such as de-duplication or data compression with all of their electronic information assets to squeeze more files onto the same spindles. This sets the stage for courtroom drama at some later date given SEC and rule of evidence requirements to preserve certain electronic data in a “full and unaltered” state.

From the standpoint of green IT, reducing data center power consumption ultimately comes down to storing data assets on green media, such as tape or optical. With storage outstripping servers as the number one power pig in the data center, the only strategic way to constrain energy demand is to slow the rate of disk array deployment by managing data off of existing spindles and on to tape or optical as part of an effective archive and data hygiene strategy. Both require an intimate understanding of the data asset itself.

I’ve saved continuity for last. In addition to enabling the provisioning of appropriate protection services to data based on the criticality of the business process that the data serves, a broader program of data management (archiving and hygiene) can also make recovery services themselves more efficient. The idiotic “tape is dead” debate could be quickly kicked to the curb if we segregated the data that really needs to be backed up from the mass of archival, orphaned and contraband files that occupy an inordinate amount of space in our storage infrastructure today and slow tape backup and restore to a crawl. Segregating the data that needs to be backed up from all the rest would breathe new life into tape and help preserve its role as the number one protection method used by companies to prevent catastrophic data loss.

Truth be told, analyzing data, mapping it back to business processes, and ultimately sorting out the junk drawer that is storage infrastructure today goes beyond the traditional boundaries of disaster recovery planning. But, such a project offers a huge payoff to the company in terms of cost-containment, compliance, carbon footprint reduction and continuity.

Perhaps contemporary disaster recovery needs to recast itself as a data genome analysis project designed to serve a broader set of business needs and to satisfy all three categories of business value: cost-savings, risk reduction, and improved productivity. DR planning, by itself, serves only risk reduction, but framing the DR project as a data management project gives the effort a full business value case that is more likely to merit funding.

Reducing Internal Plan Costs

DR planners also need to demonstrate their business-savvy in the course of developing recovery plans. This can be done in four ways. First, build plans for cost-effective testing. Testing is a key part of plan maintenance and transforms a paper strategy into an actual continuity capability for the company. Yet, most planners don’t consider the costs and complexities of testing until after they have designed recovery strategies.

Truth be told, testing could be dramatically simplified by leveraging technology that enables you to monitor and to test – via simulation or nondisruptive failover – your infrastructure recovery strategies. Numerous products are in the market today to facilitate the daily testing of technical elements of the recovery plan, enabling these tasks to be taken off of the formal quarterly test schedule and freeing up time and resources to focus on people and process rather than tech.

Second, prefer the Tahoe to the H2 Hummer. Both of these four wheel drive vehicles use the same drive train and chassis, but you pay $40K more for the privilege of sporting the Hummer logo. Metaphorically speaking, there is no reason to go with the most expensive data-replication-on-name-brand-hardware solution when you could get the same value from a hardware-agnostic software solution costing a fraction of the price. Management will appreciate your sensitivity to cost.

Third, leverage minimum equipment configuration (MEC) when designing recovery infrastructure. You shouldn’t need to replace gear on a 1-for-1 basis at the recovery site given that it will usually only need to host a subset of your applications and a fraction of your normal production workload during emergency operations. Follow the lead of University of Texas at Brownsville, which fails over a 40,000 mailbox Microsoft Exchange Mail environment running on clustered servers connected to a back end Fibre Channel fabric to a VMware virtual machine running on a rack mount server with internal storage at an Internet Service Provider in Austin, TX every time a hurricane rolls into the mouth of the Gulf of Mexico. Users hardly notice the difference in their email service for the time that the recovery system is shouldering the load.

Finally, emphasize dual use for must have ingredients of the recovery strategy. If you need an alternate work facility for end users in an emergency, find ways to leverage the resource for productive work during non-emergency periods. Use it as a training center or a place to meet and greet customers. Dual use value appeals to management for obvious reasons and your attention to dual use potential communicates to the Front Office that you have their budgetary sensitivities at heart.

Bottom Line

The C-4 Era is here and only those projects that communicate a full business value case are being funded. DR planning needs to adapt and planners need to manifest real business-savvy if planning work is to be given the nod by the Front Office. As the old saying goes, “No bucks, no Buck Rogers.”

About the Author: Jon Toigo is CEO of Toigo Partners International and a consultant who has aided over 100 companies in the development of their continuity programs. Feel free to contact him at [email protected].