Disasters, Disasters, Disasters

Year 2011 came in with some notable natural and man-made calamities. The New Zealand earthquake, the Japan earthquake and tsunami, the Turkish earthquake, the Japan Nuclear Plant leaks, and so much more. Recently the Philippines was hit by a devastating flood which left thousands of people dead. Two years ago, a typhoon leashed at the nation’s capital, dumping out rains that were normally dumped for a month. Although casualties are not that high as compared to the casualties that were bought by the recent flash flood. 

One thing goes to mind. How will businesses continue in case of such calamities? How can consumers recover quickly? Remember, in calamities, the fastest way to recover is:

(a) immediate restoration of power

(b) immediate restoration of communication facilities

(c) immediate restoration of financial services

(d) immediate restoration of physical infrastructure like roads and bridges

(e) immediate delivery of supplies and services to the users

The answer to all of these is for all businesses to think of and develop their own contingency plans and business recovery plans. And in no such case that a contingency plan or a business recovery plan will work if it is not reviewed, tested and implemented properly. Contingency plans and business recovery plans are not limited to IT alone. It includes all parts of the enterprise resource activities, including supply chain management processes. It is not limited to hardware, networks, software or databases, it includes manual processes to enable employees of affected businesses to continue with their supposed to be tasks if the business is affected by such calamities. It may include handling of work, even of outside of the company’s premises, transfer of an IT system to other locations, handling of financials, alternative source and target channels and the like.  

I have read the other day that a Philippine senator filed a bill mandating businesses to have their own business and contingency plans. We think its a good idea. A calamity should not stop commerce and businesses and at the same time, a calamity should not stop consumers and customers from getting the kind of service they want.

It would be a pity for a business if they stop operating if they are affected by these calamities. It would mean loss of income, revenue and reputation.  There should always be a Plan B, a Plan C or even a Plan D, if these happens. 

The next question is: Are you ready?

Five Myths on Tape Storage

Technological change is part of life, and that is true whether you are chillaxing in your living room or doing your daily battles in the data center at the office. Machines and devices come and go, capabilities change usuall for the better, and technology seems to get smaller and faster.

With this concept in mind, using tape storage for your business data seems like you are in Jurassic Park. After all, all forms of tape products that used to surround us, like video and cassette tapes have already disappeared and were replaced byoptical disks, flash and USB devices that have storage capacities that employ ease of use and better reliability.

But, our living rooms and the data center are two different places. No doubt that vendors now push for disk storages that are bigger and faster, but of course, they are selling technology. The reality is tape storage is STILL A KEY COMPONENT IN AN ENTERPRISE DATA CENTER. I’ve seen tapes that are still in use in todays large enterprise data centers. It continues to be a key component in backup strategies and no doubt that tape still runs in the biggest data centers today. This still holds true today, and I think this will still hold true in the future.

But there are myths that still surround the use of tapes. No doubt that my early IT years were spent in managing these tapes so I can have some authority on this matter. If you are to look closely on how these technologies work, these myths do not hold true.

MYTH #1: TAPE IS MORE EXPENSIVE THAN DISK

On the cost of acquisition, tape costs less per gigabyte of data than disks. And if a company decides or is already starting to use one, expandability is lesser in cost if you use tapes than disks. Per my last acquisition, one 100 GB of tape costs around 800 pesos. Try lookin at disks with the same capacity on how much it costs per gigabyte.

Tape also costs less to operate, in terms of energy used than disks. Since disks run on multi processors with several high capacity power supply systems, tape drives take only a fraction of the amount of energy used.

Tape libraries are also highly scalable and of lesser cost. Compare the cost of having to run a tape jukebox than to run an extensive RAID library. 

MYTH #2: TAPE IS CHEAPER TO BUY BUT MORE EXPENSIVE TO OPERATE

I will not be detailing as much on this, but everything boils down to the TCO (total cost of ownership), which includes, purchase price, operating price, manhour price to operate, maintenance costs and other things.

MYTH #3: TAPE IS GONE… NO ONE IS USING IT ANYMORE.

Data center managers are a conservative lot, and they do not want to be the last one standing with a technology the rest of the world has left in the dust. That is not a worry with tape storage, because most of the biggest enterprises in the Philippines (and even globally), use some form of a tiered storage strategy with tape as the foundation layer where most of their data resides.

Banks have lot of regulations they need to follow regarding data storage, availability and security. And surprisingly, most top banks in the Philippines and all 10 of the world’s largest banks rely on…..get this…..tape storage products specifically from IBM and Oracle. The same can be said for the biggest three telecommunication companies here in the Philippines and most of the largest pharma firms here in the Philippines.

MYTH #4: TAPE IS UNRELIABLE

That holds true for our cassette and VHS tapes where everything can be swallowed and destroyed by having a dirty tape path.But in terms of its use in data centers, tape is more reliable than disk storage. We have experienced several NAS disks going down, leaving the users clueless on what happened, leaving no trace of data. I have not heard any tape drive or tape backup failing as of this time. But let us assume that you want to move everything to disks and drop your tape storage completely. You need a large RAID configuration, and you are going to have to pay for a RAID controller. DISKS ARE KNOWN TO FAIL and so are these controllers. In fact, 85% of our data recovery clients are of failures in disks and its controllers.

MYTH #5: TAPE IS A BIGGER SECURITY ISSUE THAN DISKS

Yes, tapes are movable and portable. But there is such as thing as “tape encryption”, which works similar to “disk encryption”. Tape encryption is transparent and works at the tape drive level itself and runs at full speed without quality degradation. An encrypted tape would be useless to someone who stole it. Much more, a stolen tape is useless to someone without a tape drive….. Compare that to disks where it can be configured to run anywhere…

Conclusion:

Disk storage is important, no doubt about it, but beware of vendors selling exclusively disk based solutions. There is a lot of misinformation out there that paints tape technology as inferior to disk and as a last generation solution on the verge of extinction.

Tape and disk storage systems can be and should co-exist in a tiered storage strategy that uses the less expensive tape tier for tasks like long term backup and archiving. If you are looking to add storage capacity in your enterprise data center, make sure you know that facts and understand vendors who lack a complete portfolio and sell only disk.

Just because tape storage technologies disappeared from your living room does not mean they should do the same in your data center.

So let us visit the museum and try to see if there are tapes and tape drives that are displayed.. Chances are, we won’t find any… Not during the next few years.

 

Disaster Recovery, Maximize IT Protection and Minimize Downtime

We all define disasters differently. Some companies view it on a scale of disruptions in case of accidental or malicious data loss or damage, some companies view it as disruptions due to power loss or other natural calamities, some companies view it on equipment and systems failures, while some companies view it as nothing, wherein, they ignore these disruption causes because they feel they do not need it or their business are indestructible. 

No matter how we view disasters, we all know that today, we need a strategy that provides protection, fast recovery and high availability of these systems so as it will create minimal or no effect on the entire business process as a whole.

Basic backup does not cut it nor address it. You need effective ways on how to keep your employees working, continue communications, and maintain business as usual during disasters.

This area of IT and/or business should be closely looked upon.

Disaster Recovery is Everyone’s Job

During the past few weeks of being absent here, certain aspects of DR have come into my attention, in which, the biggest concern is how non-IT people view disaster recovery. Most of the people I’ve talked to the past few days fully rely on IT to back up their files, saying that “it is IT’s responsibility to BACKUP THEIR FILES.” One question came into my mind…”How can IT know what files to backup? These files are the property of the users themselves, so that IT may or may not know what detailed files should be backed-up. Waiting on IT is not the answer. Even though there are cloud backup facilities that are available, each user should be responsible in backing up their files. And considering that these cloud backup facilities may also fail, it should be everyone’s concern to backup their respective files.

In my experience, IT is among the first to ask the tough questions: How do we back these up? How do we bring our systems online after a failure? How do we build redundancy into our network and on our systems?

The problem these days and into the onset of cloud based services, including SaaS, some companies are trying to get by with little or no IT. That leaves these companies with no one skilled to ask and answer these difficult and sometimes, uncomfortable questions.

Executives on the other hand, are now forced to play catch up and learn what it means to be disaster proof. SLA’s are not being the focus of discussions. How will this service provider handle downtime? What are the available options in transferring our data quickly to another live and online device? Can you show me how you can do this?

The last question is the one that might trip these businesses. Just because service providers or even their internal infrastructure say they cannot provide failover during an outage does not mean they cannot actually run. In IT, its commonplace to run drills on the data center to see how everyone would perform in a real disaster. With the available services that they have now, they fully trust go by the wayside, trusting what they have now to inherently have this covered.

Machines fail, networks fail, database crashes, that is a fact. Recently Amazon experienced an outage, Google experienced an outage. And these companies have invested robustly on their infrastructure. What more those business who have build infrastructures on non-reliable equipments?

Don’t you know that computer viruses can….

  • make your computer behave abnormally?
  • make your computer run slower?
  • rename your files?
  • or in worst cases, delete your files?
  • fight for its survival?
  • steal your files?
  • steal confidential information?
  • slowdown the network?
  • disconnect your computer from the network?
  • make your hard disk full?
  • destroy your RAM?
  • or in worst cases, destroy your computer’s CMOS?
  • evade detection?
  • cause your anti-virus software to stop? 
  • disable your computer’s dos prompt?
  • disable your computer’s registry editor?
  • attach itself to all files? even pictures, movies and music?
  • be acquired from a website?   
  • be transferred from a USB flash disk?
  • be transferred within the network?
  • be transferred via e-mail?
  • lie there inside your computer for years? and is triggered to run in a specific date and time?
  • not just be removed by a simple scan and clean?
  • now be found in mobile phones?
  • destroy programs? which makes it easier to replicate during program execution?
  • delete everything in your hard disk?   
  • crash your computer?
  • bring down your network?
  • make your computer useless?
  • even exist in servers?
  • even exist in androids, symbians, macOS and Linux?
  • destroy your privacy?
  • destroy your schedules?
  • drive you crazy?     
  • make you sick too?
  • ruin your life?

Our prognosis? Do not use your computer. Or if you cannot avoid it, see to it that your anti-virus program is updated regularly. Observe vigilance. Be proactive.

And yes, BACKUP AS OFTEN AS YOU CAN.

SMEs Not Prepared for Disasters

Based on studies*, SMB’s are not prepared to deal with IT disasters, with only around 40% of these companies have established a clear cut disaster recovery plan.

The study revealed that 12% of these SMBs did not have even a basic DR plan or even had plans to create one. Among them, 44% do not think that IT systems are critical to the business while 38% said they do not think they need a DR plan. 28% said that DRP is not a priority.

Based on these mindset, it seems that these companies were ignoring the risks of data loss and its impact on their business by not taking DR preparedness seriously. And to think that statistics show that a company experiences an average of five outages per year as a result of cyberattacks, power outages, upgrades and employee errors, it was noted that only 52% backs up at least 60% of their data. Less than half backed up data weekly or more frequently and only 21% do daily backups.

Of those with existing DR plans, half said they implemented one after experiencing either an outage or data loss and only 28% actually tested their plans.

Conceptually and technically speaking, we say that NO DR PLAN is ready until it has been tested and should involve automated tools like simulation of disaster recovery and putting a sort of process in place.

It can also mean that each test and procedure should be checked every six months to a year. These tests should cover recovery of lost systems to ensure that they are sound. It should also include a team readiness mentality to handle a crisis.

Companies who had experienced major outages lost customers too, which in turn, could have lost their business reputation. A survey done by an international survey firm revealed that 72% of the customers will switch vendors or providers in the event of disasters, noting that customers are not as tolerant as their vendors think they are. 51% of these customers stated that if the service provider is not provided as expected, they would switch vendors as soon as possible.

The lack of preparedness can cause an SMB to go out of business. It is critical that these companies recognize the importance of their data. At least, the best thing you can do is backup your data and important information and making sure that you put a good security mechanism in place to defend external threats.

Cloud computing is an option SMB’s can explore to better protect their data. Disaster preparedness also involves employees getting educated on good IT practices which should include not storing data on laptops, mobile phones and even on USB flash drives. They should also ensure that data is duplicated on file servers to allow better management in an event of a disaster. Safe and secure access to the Internet can also mitigate risks against potential threats.

The world is now experiencing day to day disasters. We think all companies should be prepared in the event a disaster strikes so that they can immediately recover everything and get back to their normal operations, hence, not losing their reputation and customers, which will in turn, allow them not to substantially incur losses in their businesses.

* Note:

statistics acquired from Symantec and IDG surveys.

Disaster Preparedness

We have noticed that during the past three years, disasters are really that bad and had caused loss of lives, property and reputation. Starting with the Katrina hurricane in the United States, volcanic eruptions, the economic crash of the United States, the Philippine floods, the Chilean, the New Zealand and recently, the Japan earthquake. Now its getting to be a Japan nuclear disaster. Yes, countries have been affected. How about you and your business? 

What would happen if there had been an earthquake which crashed down your data center? What would happen to your business if we are hit with a month long power outage? What would happen to your documents and computers should there would be 50 feet tsunamis or even floods? What would happen if all of your employees cannot report for work as a result of these disasters? And lastly, how can you take care of your customers should these things happen? 

We are in a disaster prone region, no doubt about that. For sure, each business, be it a small business or even a large business should have contingency plans in place. Information shows that 90% of businesses who do not have appropriate business contingency and disaster plans close within two years after the disaster.

Again, we will be asking you. Are you prepared?