A lot of articles have been written on this point. Most conclude that the best way to get management to spend money on disaster recovery and data protection is to play the FUD card: fear, uncertainty and doubt. Bombard them with warnings about the dire consequences of inaction. Send them news clippings about the pain and suffering endured by other companies that failed to take action before the event and barely (if at all) lived to talk about it.
This strategy is rather like the warning labels that have appeared on cigarette packs in most countries worldwide in the last couple of years. The U.S. has chosen to imprint a discrete warning from the Surgeon General on the side of each pack, but many other countries have opted for a more ostentatious display. In Canada, Australia, Portugal, France and many other countries, a warning label now wraps around the entire pack -- almost obscuring the brand name of the smoke. The label features enormous black
There is little data, however, that shows how effective such in-your-face approaches actually are, either from the standpoint of smoking cessation or data protection. Perhaps the persistent background messaging achieves its desired result, guilting or scaring a certain number of folks every year into taking the right course of action. But there is no hard evidence that it works and disaster recovery advocates can lose heart after many years of trying.
An alternative approach has been tried in smoking cessation programs in Brazil. Last year, while setting up an affiliate there for my consulting and training practice, I noticed that cigarette packs were not emblazoned with top to bottom warning labels at all. Instead, each pack had a picture. In one, a young man was talking enthusiastically while smoking a cigarette, while the woman to whom he was speaking was recoiling with a disgusted look on her face. Beneath the picture was the caption: "Warning: Smoking causes halitosis (bad breath)." While not advancing the hard-line medical case for smoking cessation, the picture gave Brazilian men a compelling rationale to quit: Smoking might interfere with their social life.
Another picture in displayed a man and woman together in bed. The man was smoking and gesturing a sort of "Who, me?" gesture, while the woman sat arms folded in her nightgown looking rather sullen. The caption read, "Warning: Smoking causes impotence." The warning in this case was far more compelling than a concern about shortened life expectancy or long, lingering, painful illness. It hit Brazilian men where they lived and has probably resulted in more smoking cessation and saved more lives than all the Surgeon General reports combined.
Borrowing from this example, one might conclude that one way to convince management to fund disaster recovery and data protection is to wrap the case in something other than FUD. Perhaps we should try using a real business case based on cost-savings, risk reduction and business process enablement -- you know, the way that you are supposed to justify any other technology strategy or capital acquisition expense.
Disaster recovery planning's inherent data collection and analysis phase, for example, may provide value far beyond its intended use as means for justifying budgets for protection planning. As we begin delving into the characteristics of applications, and segregating their data into different categories based on the criticality of each application, we are doing much more than data protection planning. This is the start of one of the most important tasks in data management today: data classification and naming. It is a prerequisite for real information lifecycle management: You need to know your data before you can manage it.
From this perspective, the business value of the data collection and analysis task goes far beyond its risk reduction value in the context of disaster recovery. It can also save the company enormous amounts of money by enabling the migration data to appropriate platforms that will provide the best storage capabilities at the lowest costs.
Done well, data collection and risk analysis may also provide the first truly comprehensive picture of the IT-business process nexus. That's a big term to describe a straightforward thing: a model that shows dependencies of business processes on IT infrastructure.
Such a model depicting the interdependencies between processes and technology, with all of the associated capital and labor costs defined, can be enormously valuable in many ways. Business planners can use it to approximate the go-to-market costs of new lines of business that are under consideration. Business and IT managers can use it to predict the impact of growth on existing resources, and to develop proactive strategies for scaling infrastructure to meet the demands of burgeoning workload. And, of course, bean counters can use the model to look for ways to streamline both processes and infrastructure and to improve overall cost efficiency.
Maybe references to disaster recovery and data protection, like scary warning labels on cigarette packs, need to disappear completely. The Brazilians are on to something: Hit management where they live by referring to data management planning instead of disaster recovery planning.
For more information:
Tip: Toigo's take on DR
About the author: Jon William Toigo has authored hundreds of articles on storage and technology along with his monthly SearchStorage.com "Toigo's Take on Storage" expert column and backup/recovery feature. He is also a frequent site contributor on the subjects of storage management, disaster recovery and enterprise storage. Toigo has authored a number of storage books, including Disaster recovery planning: Preparing for the unthinkable, 3/e. For detailed information on the nine parts of a full-fledged DR plan, see Jon's Web site.
This was first published in June 2004