It was predicted that after the terrorist attacks of September 11, every business, large or small, would implement...
a disaster recovery plan. The loss was so great, so devastating, they said, administrators everywhere would re-think their plans or develop new ones.
No one wanted to be unprepared.
Yet a year later, many businesses still don't have workable policies in place. Many of them have put the plans on hold, and some have given up the cause completely.
In fact, according to an independent study commissioned by SunGard Data Systems Inc., 80% of companies are still not prepared to keep their businesses running in the event of a system or network failure.
In addition, in a recent SearchStorage.com survey of more than 500 users, a slim majority said that they are paying more attention to the issue -- but have not taken any concrete steps toward changing their approach. Only a handful said they were accelerating DR plans substantially.
Bottom line: Tight budgets, lack of knowledge and perhaps even short memories have prevented many businesses from following through with the plans they were so hot on pursuing a year ago.
Dean Taylor, systems resources analyst for the Workers' Compensation Board in Edmonton, Alberta, like many other IT professionals, watched as his operating budget has steadily shrunk during the past few years. The tight economic climate has placed limits on many aspects of his operations, including disaster recovery.
"It has historically been difficult to justify the cost of ongoing DR planning and tests to management," Taylor said.
"Our disaster recovery approach is to restore business functions within a few days of a disaster, as opposed to the much more costly approach of restoring business functions within a few hours or minutes. Although we recognize that many industries, such as banking or online trading, have much higher uptime requirements, our industry does not have as great a need for 'always on' capability."
Taylor said that although management can be hesitant to commit funds to disaster recovery testing, support has increased in recent years, and especially in the aftermath of the September 11 attacks.
Mike Fisch, senior analyst for the Clipper Group, Lemont, Ill., said there are several reasons behind the hesitance in the industry, most of which revolve around money and memory.
"The economic outlook is still questionable, and capital spending is still depressed," he said. "And memory, in that the people no longer think as much about that event and have gone back to business as usual. The sense of urgency has probably dissipated."
The urgency of implementing or revamping a disaster recovery plan seems to be relative to the size of an organization.
"A high percentage of the Fortune 500 to 1000 has [a plan in place]. Medium and small businesses need to decide what they need to protect," said Bob Guilbert, vice president of marketing at Hoboken, N.J.-based NSI Software, a maker of data replication and mirroring software.
Guilbert said that interest in DR planning is definitely on the rise, but in instances where an organization opts not to implement a plan, indecisiveness or a change in management or budget constrictions are probably to blame.
Sytex Inc., a Doylestown, Penn.-based business management, logistics and systems engineering firm had a disaster recovery plan in place prior to last September, but having its file servers one-third of a mile from the Pentagon prompted IT Team Leader Jake Gecowetts to scrutinize the company's existing DR plan.
"The nature and sensitivity of our work requires that we react quickly to a disaster. September 11 only emphasized this fact," he said. "Management has emphasized that we are to do whatever it takes to ensure that our plan is in place and implemented."
Financial concerns might be the easiest explanation as to why organizations are not prepared for a disaster, but Mike Karp, a senior analyst with Enterprise Management Associates, said that the lack of a good strategic planning process is at the heart of the problem.
"Some new plans have been put in place, and some old ones have been dusted off. But in almost all cases none of these have been tested," Karp said. "No successful technology company would ever put a product out on the market without testing it, and yet IT managers are living with this huge exposure in their plans."
When it comes down to it, most companies that were well protected before September 11 are well protected now, and companies that were not well protected before the attacks probably don't know whether they are protected now, Karp said.
"If the CIO and the CFO and the CEO were all to sit down with the IT management team, they would probably get an earful in a hurry that might at least scare them into putting in place a strategic decision-making process," he said.Let us know what you think about the story; e-mail Kevin Komiega, News Writer
FOR MORE INFORMATION:Quick steps to constructing a disaster recovery plan Featured Topic on Disaster Recovery Storage Decisions 2001: Users not panicking over disaster recovery plans Comment on this article in the SearchStorage Discussion forums